Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 08:51

General

  • Target

    b2a74bba7f14c6b0d76c8b98c09b0378_JaffaCakes118.html

  • Size

    865KB

  • MD5

    b2a74bba7f14c6b0d76c8b98c09b0378

  • SHA1

    198d3b01ad13a6a3717d167cc7d06bf44cd362ce

  • SHA256

    796fdb5393abde674ea897d31432e7e903e653e6426290530da1c37100378ebb

  • SHA512

    5f41bc21942e6e5e798f6d714e2ad2844c436f1c4890811ea01ba08e7cf5f42fb4ceafe72ee5ef80148b305c72fdbbdd805e380b69293907d14b227ad83b9c2d

  • SSDEEP

    12288:mf59nLYWAVZQ+9nLYWAVZQw49nLYWAVZQZ9nLYWAVZQtO:k9LYWAB9LYWAV49LYWAg9LYWA9

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 8 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies Internet Explorer settings 1 TTPs 46 IoCs
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SetWindowsHookEx 38 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b2a74bba7f14c6b0d76c8b98c09b0378_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2736
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
            PID:2076
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2656
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            3⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2704
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              4⤵
                PID:3032
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                4⤵
                  PID:2268
              • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                3⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2856
                • C:\Program Files\Internet Explorer\iexplore.exe
                  "C:\Program Files\Internet Explorer\iexplore.exe"
                  4⤵
                    PID:2868
                  • C:\Program Files\Internet Explorer\iexplore.exe
                    "C:\Program Files\Internet Explorer\iexplore.exe"
                    4⤵
                      PID:2004
                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                    3⤵
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2376
                    • C:\Program Files\Internet Explorer\iexplore.exe
                      "C:\Program Files\Internet Explorer\iexplore.exe"
                      4⤵
                        PID:1296
                      • C:\Program Files\Internet Explorer\iexplore.exe
                        "C:\Program Files\Internet Explorer\iexplore.exe"
                        4⤵
                          PID:1980
                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:734213 /prefetch:2
                      2⤵
                      • Modifies Internet Explorer settings
                      • Suspicious use of SetWindowsHookEx
                      PID:2628
                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:406534 /prefetch:2
                      2⤵
                      • Modifies Internet Explorer settings
                      • Suspicious use of SetWindowsHookEx
                      PID:2580
                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:537606 /prefetch:2
                      2⤵
                      • Modifies Internet Explorer settings
                      • Suspicious use of SetWindowsHookEx
                      PID:2052
                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:209934 /prefetch:2
                      2⤵
                      • Modifies Internet Explorer settings
                      • Suspicious use of SetWindowsHookEx
                      PID:1992
                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:1061892 /prefetch:2
                      2⤵
                      • Modifies Internet Explorer settings
                      • Suspicious use of SetWindowsHookEx
                      PID:1676

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    d46d39aa7308532f13fb757ac7d113dd

                    SHA1

                    44248696253e170b2796f637757103254596f43a

                    SHA256

                    50d0db9607df8ec5f23a34214a866f0a0b4633ccaa9d67b349f086687d046c91

                    SHA512

                    e2cce8c3297ea939764a11cc11d145f7a0c5a5fb3c289ca02bbf1dd112c7f4014241e3158050f123d50d31deaec67e300882a1e68a6baab0eecb00da4ad4cbc9

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    4ea3d299eed83c94f6757443e457119e

                    SHA1

                    504dd036335e387322873d0ed5babc2374c3bdf3

                    SHA256

                    b3bf57fa2752218deb9dd134c9e537eebf16cf26cac5cd1c154387429d026de0

                    SHA512

                    a27e9afd6714cc80f36ae13dd562eab24d3465bc0329b6ce10a5d02a2c51b8db66ea403bf3f523dd1da4d993663d81433515e6cccb6f2f77daa81afaf792cd2c

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    50441c83ab0697d2fb37429e7a3a3380

                    SHA1

                    8f13debda71c54d28dcde12cd23773bcfe290e4f

                    SHA256

                    73f001b2296cc8fda869f1bf1e33a18c7de4c51ac77a76237ba15c0f1a82dd65

                    SHA512

                    fc2260b24e4821fad50898168040cbc90753a852ac639a21ca9c71052c9fdda002ba990a2c278bf8b7de45cd4af691cdc1e246d5b651699a38f2f9cf80ebda90

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    facd0181542077a8c55f7dd8c1b32146

                    SHA1

                    62ce23fc0e8b41acb141cdc8bfa90e5da4cd5092

                    SHA256

                    39f19eed7daed2e5cc7b37c559b1a37d09cb216cf2d7077ad08235d89a11d2e6

                    SHA512

                    577ee3eba3b9df7499553db0b36b9089ff6fe50e68176a1004e004fe7e46730facbf07da32b3edcce38c964affc715663f177a39a71d9c791fd4b0a470cc60b3

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    8729b2f9defa2a142c10cfe1b86002ac

                    SHA1

                    9e51b60ee955eb1a1d90f04484e1b6d06893d6a6

                    SHA256

                    88b033bd25badfa0cff3095b1548e0f3c7d896a4c0d4afec80b91bb034693a8e

                    SHA512

                    cd38a4caa6a64978d7f88273f1476788c5fde7050f503a1ace0d62a7e169c1fc98a9db4cadc1b35c589efd89df0c7385191a02e1a4f9fa8983822a1d2578c7e9

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    c6052853c302fb0bf3a6d60e487134d1

                    SHA1

                    6fd0d0751e5530178843f6f1b55ab09a38990f51

                    SHA256

                    b8edbd71fbded41a238baeffc2507f32d67526bda94d4cbc553da7d5dc3a6049

                    SHA512

                    5df257460d17e299bba4753b1533b80b666b3ab6f4769858458bed9b196f6c8a92bf3592a8239d078b15ec1368fc582e6e3cf372a67bdb17e418fe6e2d808561

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    774da9711f91c0f7e4ebf935df51b910

                    SHA1

                    ed108fd26dc40e50916f5780647310f6b69f4f32

                    SHA256

                    e8505bef3f41770768c418c5e0d2078beafbe1d654239ba636f5c8d33aedd076

                    SHA512

                    0251dddc8c1baef6bdab2b8092f49b22dacb833c228b55f2dd4f0d0ac3555bcf64036f3bec1a614cdd1395b1ae56fabd6db19b9b4c63f918a1ad24fa20354e69

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    cc1c3ffddce5243caef9f3fda1400d24

                    SHA1

                    a4486c4fb39444e95e6158141d0294a858a0e66c

                    SHA256

                    11f1a2d209e2e56f1a21f8c517f0bd61895d498ae957c7d72b5e788cc4f67fcf

                    SHA512

                    24572e08c8a87bbe9f45436b69cb6ccb8cb9294445a4b1050a741b08df10536b8d407b09e47cc4f04925fe01aa6bd1df964e2559a81375baf50f53536c9aef6a

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    441ee8cfa408d876c0a36c7e49d314fc

                    SHA1

                    ab66817dee974dd0d368df88880962e176bea950

                    SHA256

                    210e46b0fe9abb039383ddc705e60396c24d9415e32e4dedeef1d1e3d7dca80e

                    SHA512

                    efa970217e259cd4c891854c32989098fc169d4bb92b30ee24a387c21970be874bf121c4451f71b4155978dbfa32ba807bf6071e2f0ba0054c3b867ba947cb25

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    205f1b700ce7721cb80b71cd27117ee8

                    SHA1

                    16b0602d4de4a85172101e9fb2770450a5af8665

                    SHA256

                    7826192ed32fa23c2708124fb77a95c81f9f5b500275e0f07f61ca2ab8d5eafd

                    SHA512

                    8b22a6e4cd2be4e0a3bb16164484940d4834ce8005ca9ac55f1ab55b3efafa43f23c91924cf3f2f66d2d442eb594812f20c4adc6dc34ec1cdca3a35ad7c159b8

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    90a74579260a6579cc47a4a709f920d5

                    SHA1

                    ba5eb47d6c439926ace44fa547c61c4c23dbdd37

                    SHA256

                    14fb53dd0d217412096cf406bb506883faf9cc3ad8250f5146d1fca1b8570c73

                    SHA512

                    e6e08fe20d0b4aa3410da1c3b97303df7d6f1c34fd474a2842f4614c578a7924e0a1f0ba040c4af8945fbe1628c2d9297a621a10b28f38622c8b5ba4cae69014

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    36f3275b60ede025cd39810c25ff7a21

                    SHA1

                    261b47ca3b54a74a4c582ea04e71a315ae962d47

                    SHA256

                    e7f58580ba0524145aaecf9ee2605cba3232b5cf75728683aa24fa9e5d2995a3

                    SHA512

                    ffee17f9702bfe5804085c22e5e7821492bc67d2cfc0c8c41faf6e8160963c599e811ba967d6bee83409758d1dc9e3f7231057ef569caa14115f69da66379624

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    82edad352cd843138ceca88886d38fe3

                    SHA1

                    160f3d1ffbe1468cd346afc35ceb7800a013a85e

                    SHA256

                    dc81a0cf9175670baf6b88824eb9bb3e5248d961b8f74ea1b95fb83e2c5b50f4

                    SHA512

                    50d40a58da496d5d9aea89f99dea7f19047aaefe3cae2cca59bfeac32855de0ac42cc8eef71b17a33752e37858f3ae84e3d4f84d17ff08b9fcd0f612331c1168

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    124db45b12021e1cedeb647bfe506857

                    SHA1

                    f1ebe9da6fb4166986dce0a0cc62d547f5512739

                    SHA256

                    50bc9b154991d2320da479632e909e05a5d80e410a548d7cd84c1f1bee651a18

                    SHA512

                    cc62d9c33e6f673af116f93915e15cd1d54141e783a5835ae2b5b330f7263258aa407a934ff80b75a3976fb3fce56658f968544bf578a5689fd046b4982017c7

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    35a3c1e45c30cb60f107f9689aba5062

                    SHA1

                    8d457a0ce60abaf8e1a1eeff292439c75985892a

                    SHA256

                    55acd101dab82d32042c31162bef3abaa0f23e522b7424c8d79e9880068e488f

                    SHA512

                    5c529dfbecaaf52446ee4b286303d2ae5a295d0eab56da6019aa7c634ebb4dc3418da651331b20112468699d7d1719189ae32405922df86abc7095c2e879fce8

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    c8d3bedeba9400f4cca26c93f5186a5c

                    SHA1

                    94f732bdffea6aaae027efd9b128a39f6e3280fd

                    SHA256

                    0e7099310415c2d68607c298980835db4fb10953112180a7c01ebddca65fac1d

                    SHA512

                    c837279695537f2221d628f102fe1b2c70aceb59df4588795fffe5e88e5a6c957030c453e768305f6dc0f78065a76257e0f937504a80da348bccca22afbf2de9

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    1a7ccf0d1f138e1be8cd23faa33a858c

                    SHA1

                    fcdcffda2bca4d7e5ecd604f1b0d6b251addff69

                    SHA256

                    da94dfbda21a10d16a4f834dd04c13b062eff2d9508c09a0231181d533538bd4

                    SHA512

                    38e3a10ba1a496ab39ac12af216e635442437a225fcbad20b9550c61f57581bafe2b8c3bb3fd612a2f76b38398738cda3a63985e8558444d5d57e039d965a1a3

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    7e42270bb5b5e26f201a36d963ba7b62

                    SHA1

                    b04f21edf983583ef575701eff15b8f65132d2ba

                    SHA256

                    2cc9b5ee428287c1b37838108a4c7352596bcd0b404a0c56505da17d256b2d84

                    SHA512

                    08c8e14d6788b2fa1e0c4ac1f92c10089b692d4d08853cb39f0eaca55f2a9f5d426ec70affe5346093ba1d31a9f760ef52e1db318b03333cc8186a57dbbd0a61

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                    Filesize

                    342B

                    MD5

                    d5110a760b11be0ea23461c923d89f7c

                    SHA1

                    a46d702d199e66d38bc2e06373019cc34f1e75d0

                    SHA256

                    459172fccbe9114393e0f16e89c9e6a594cb95f975cfc926ec7f8ec86191c7cd

                    SHA512

                    96107638dd09add3d4a939fd17e086dc7fff559936bc54032a06a2e8c06269179ea88483bb70f481618b50c2a7cd44e288bd678a39cd53deeeecd5872bc2cf50

                  • C:\Users\Admin\AppData\Local\Temp\Cab26D5.tmp

                    Filesize

                    67KB

                    MD5

                    2d3dcf90f6c99f47e7593ea250c9e749

                    SHA1

                    51be82be4a272669983313565b4940d4b1385237

                    SHA256

                    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

                    SHA512

                    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

                  • C:\Users\Admin\AppData\Local\Temp\Tar2788.tmp

                    Filesize

                    160KB

                    MD5

                    7186ad693b8ad9444401bd9bcd2217c2

                    SHA1

                    5c28ca10a650f6026b0df4737078fa4197f3bac1

                    SHA256

                    9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

                    SHA512

                    135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

                  • \Users\Admin\AppData\Local\Temp\svchost.exe

                    Filesize

                    105KB

                    MD5

                    dfb5daabb95dcfad1a5faf9ab1437076

                    SHA1

                    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

                    SHA256

                    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

                    SHA512

                    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

                  • memory/2376-47-0x0000000000340000-0x0000000000341000-memory.dmp

                    Filesize

                    4KB

                  • memory/2376-46-0x0000000000320000-0x0000000000321000-memory.dmp

                    Filesize

                    4KB

                  • memory/2376-48-0x0000000000400000-0x000000000045B000-memory.dmp

                    Filesize

                    364KB

                  • memory/2704-28-0x0000000000400000-0x000000000045B000-memory.dmp

                    Filesize

                    364KB

                  • memory/2704-26-0x00000000003F0000-0x00000000003F1000-memory.dmp

                    Filesize

                    4KB

                  • memory/2704-25-0x00000000003D0000-0x00000000003D1000-memory.dmp

                    Filesize

                    4KB

                  • memory/2704-23-0x0000000000400000-0x000000000045B000-memory.dmp

                    Filesize

                    364KB

                  • memory/2704-24-0x0000000000400000-0x000000000045B000-memory.dmp

                    Filesize

                    364KB

                  • memory/2736-49-0x0000000000400000-0x000000000045B000-memory.dmp

                    Filesize

                    364KB

                  • memory/2736-10-0x00000000002A0000-0x00000000002A1000-memory.dmp

                    Filesize

                    4KB

                  • memory/2736-14-0x0000000000400000-0x000000000045B000-memory.dmp

                    Filesize

                    364KB

                  • memory/2736-11-0x0000000000220000-0x0000000000221000-memory.dmp

                    Filesize

                    4KB

                  • memory/2736-13-0x00000000002B0000-0x00000000002B1000-memory.dmp

                    Filesize

                    4KB

                  • memory/2736-9-0x0000000000400000-0x000000000045B000-memory.dmp

                    Filesize

                    364KB

                  • memory/2736-12-0x0000000000400000-0x000000000045B000-memory.dmp

                    Filesize

                    364KB

                  • memory/2856-45-0x00000000002C0000-0x00000000002C1000-memory.dmp

                    Filesize

                    4KB