Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    25-06-2024 22:08

General

  • Target

    0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe

  • Size

    383KB

  • MD5

    0fb4668739fff9075a4f596c307333d6

  • SHA1

    45f81510b22b96fc06231d152743bd7fbe2ccb7d

  • SHA256

    111a140240efe493aa5370b8587735b7b3ae9ecd6bd79adf372464ff8036bb96

  • SHA512

    a74f233f9b8d6686efd1ce46973798d67d0bd48e1e356923e1a06b490229297918e893125fe3bd92e07249b9a0a17298dab92879028619b7c069842e551bf9b4

  • SSDEEP

    3072:/k59fo2r2f0oJDib8iLws7ngPZwGj9Tf8sGrc4:/k7o2r2fj2P8sbgWGj9on

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2428
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2936
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2920
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c6e5e872c5eebf0430d853d9da0cf91

    SHA1

    4332344548250fbb75501139e4ef98be5186fb87

    SHA256

    ae7eee7c87906ca5768e4d50cb509aee07525702f824871f2694622fad48ab57

    SHA512

    48c90e11114e0f1fe4e87f119995230c975562b6afa67d82a5f960823e9e6ca4f95cd8753a56221347736661b069c265d1a4ef14061f62311ff236a2cfa8cafb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    79b2d4b524003628bcce3a3740563945

    SHA1

    e03f19b5f74e36b082848ce8dd4f6cadefaee432

    SHA256

    5ff8bb727a2d1bd8b8e186ac8c5acad1e7885ff53f0223c254e5205aa4f6d63c

    SHA512

    02e9bc23f5dbdc31f7475553f5adce2064a6f8bceb4f0ac687137fdbaf40a596013c5bf5e7361b2f2f49da3e1a03ef3a43bd59ed920b359d6da5b78dc7f21f22

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3f315dfb8c7a2f96e79d255331154dda

    SHA1

    6861e01c839ea9d1b4eb0f5943c81e6876e4c4f1

    SHA256

    b58877a6a52239d7b01f9839d097c64374209267e116a38a2fc527138d6f5837

    SHA512

    2f37367cf099ef4df53461aeec234de2feadf0065bdf14e353e227869d12fb0240ea095cd35901bc7d89fdeaad0e6e49f417b328f0b487d971215a8ee3b45424

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8a3a0473acd419212af47067362d07ae

    SHA1

    ee325e475fdcd5fcaa40940f46d04b52c8bb8e1d

    SHA256

    a0f65cbe9041591607963f36e2760dad615ed1b860a79e8c600bad069e41add3

    SHA512

    cb775e6f65a45f2c86d2550bff273c20550809c1df6586c09d25b871ed87869b7a3ee68603024990793b7a2981b68f235b38bf308fb3d1ba64bf59d18e2ff9a8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d710813329cc1a895dd731697e1bff8

    SHA1

    4603bab0b0edd97c15f443dab72fa988744e388a

    SHA256

    182b2061a8a38f256f31c1cc3ab4ab12f868effa79bca698c9f8dd827ec74611

    SHA512

    b50f7f6e700ece2edff22fe8a6f93b44c7e2b267387e9b21c364075508ab146160057bd9c631e48bd3be795c1cc07585027dd70743722c4c86ad8c0388d961ed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    22facd947af35f7fffbd3b3998388143

    SHA1

    18a7f47a5eb0a0963758a67c7b234ef29e0a9abb

    SHA256

    e17aca93a092640f5d61b63e39c50aae6b93fe317049fb66bb81761c9b641246

    SHA512

    afb96d591862639037c4c5222ec05e3c598546b8fb0829a7f64286e4a3996504b545859289f5e2bd94b99c802039bbe36633b1ad515dd38241e1a0ea388522ed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6eea9a8ca435cfe0447ed78e32b83a49

    SHA1

    f72cfe415f7867da0cbd5162fcb292ba774842c2

    SHA256

    d2b46fe48cc75fced44e5d621d833a502ad99d5d27a13905190002dd304a9dd0

    SHA512

    8f6928622793a951732d13b491c436dddac7b5d72291d3af1aed2db63a0e995180d3427a1761aea2f60e89bc1fc028aa6d1ab93975d1c922079c8cf32db4aa3b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a3636f10653e7e1a5cc83ab38ea9310a

    SHA1

    1244016f060cf1cf01da79f89363a13070fad2a3

    SHA256

    078a15cd890198768e8cadc698cae2e6d9053253c26f38d86fd4c295d567c082

    SHA512

    d9c8e4138c0bf55d940c8a9390ecdcdc9957841ca8c5d168d504fd3f4d136fa445e655a251c609182eedd17b73509fe9ddbda1ee051ce71e76cbfc5ead1f83fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    515acc1dc0ac247a50848ed4001cde08

    SHA1

    ffac0c8a0b031c0228ff426b0d03976f10ad0ef6

    SHA256

    243dd8faeb5f71aa5664957a6eafdb2494b5c9b152293eb192b693723fd012cb

    SHA512

    910359da2a24ce32838ba726eaf5378c9a53458a28208d77e773c085368e7bbe8e6dd372ebfac001604120f2eaba46089a68499f6b3a8b9e75fd8c520e212d52

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f5170fbd0aa12dfa7de981a9ebda2734

    SHA1

    806f9e77991e7657f7e9dff48d5515c37b73dcb1

    SHA256

    056938a319fb10157eef36cd835d8b910a1a62ecd09b8794c25e25ea35602d26

    SHA512

    820598efb750c5bc0d4cb4d43d1e586677c3696a6de38f9a3ab176682fd94fd50d579fa2cb60a13713f68611d6919159269d4cdd2c3698f0084897ce91442bb7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bf1df69535f120d2e63036a76f664f4d

    SHA1

    b45de42dae4f8f48deabd70866a6ac5ad4358c7d

    SHA256

    333164b94922f24d05e8aaa3b17587a96e3bd8de2940c29233be76bc7dd7b15a

    SHA512

    8e8eca13fe45b5d250d9a9cbac8336a963b6d29aeab6129fc3bbb57fab48e9ca6931e3bbf171b26d60a16ad55dbf1ba7015fe3dfcf56f60c5b33e13cf88b7939

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    20dab6f8713a7ff5e4ea5f36904ad3a0

    SHA1

    175f87fa540f295b62357a5271694c10cc0dbabb

    SHA256

    412d70340719edb6e4d3bcbb773f3ba107b6bd120d04c4c186b956088d0cd230

    SHA512

    e03ca5945ae7510611ac0a6b9460f6d620bb0a92a043deac0407e21a339aacc1e066b9c826462c795c32c6212fcaf4ab626e90a12f47688c7aa485550187c7f0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd9db985759d6602940e1b778b9345d4

    SHA1

    55b3b912c218cb22343b9d41960ab4ad73ffbbeb

    SHA256

    66ae8af5c83c18b279aa455abdad0ccd3a6f8a91ab9d2f38cd871f8ecc7948f6

    SHA512

    1018dce8442ae2928aac2e08722b82a3186557d3f611740ae1181f9f4b4c25ad160b563ee0a0b8a07a3d9003e83ab04f829121c5eaed0e7a10c902e02f784703

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fc9a6628e62838b57464de1f66a9cbf8

    SHA1

    89d7fefc2246f2aa7922a5190a594b052b72f802

    SHA256

    0383664a34c80a5822a8a56477f64897adbb1dd9c2d03da66395b8467280550e

    SHA512

    7e5f6cc1cfb08b612b184bc4725b2e34c8fe9a1421b9d30393911b265e5318028a5077972cbd1037ecbb8aafe771e0708559dabc1fe3dc2701843c2a3434c7eb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3db2a15ba29a0d07032d6404977df89d

    SHA1

    cd305bcc134ca051f2703b8780ce39b10a8b822d

    SHA256

    f0858f9a6c2e7a543c33b3686122409656590e3e71f7a9738b4baf8c22dd6735

    SHA512

    a9c909cc97d641ca64f74769bea53e3745ce2144555ad16a9d099ba60f02cf3d0dc3ec1e628f3451afe6c18e8dcb6547b00681353a23c3055b270cb76c0973f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f022fdcd61dd748fa86d3f81760ae8e4

    SHA1

    562a8ef5be5aac40ce1264fd869c2a83c794e531

    SHA256

    8ca3e7b4b6e5161d1c9fdbf06bcb55dea8011c31da580074e506e3eca4f331bf

    SHA512

    6b6c4f7542741b3ffd6ab2baf1090b1983a66ade53e754b499b8b34e6ff203aa06d616435baeea8ce3126c22a5e71dbe504eafd42a194d051fc19cbc169bcda4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    94e817f1140b7c8ac28aeadeb8a04f87

    SHA1

    01b15791eee13406414cc2675dbcb9e662261c7c

    SHA256

    3540f3ac62a61ec46183572beff256eeeed7df1b823306953a9995cf63eca5dd

    SHA512

    5c40618823b11c18ffca49fb644c60f01c0be111699c65d844916f85e7168641dc17204877f93ab93d455622a9c708613f81a5f5d20fdf7a2875661b1129ba86

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a1dbb05f2aef7fe89255edfac08c8e87

    SHA1

    e2eb255c54854dd1e96617c02c9b1cd721a2f7aa

    SHA256

    ae29b1c36e15b6bfeb2b7fe83836850d191fc0d948e0c1e0e26e88a1e136d0aa

    SHA512

    705e09e30772b524759fe0fb229d75733f7f919a9577360c22420cd3288cf98ce8c9c417ea2d72918c06d12fa1327be1924b11e92e95d3fca260bcdcb2efac5a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    de0b549105ef0289f811bdd5ad001630

    SHA1

    dc4ba559dfbbe2e1a3f83872a6bc47628661645b

    SHA256

    deeef6e8f3bd5b064fd75fe0dd0853027adb8615d777ea1c68a5159adbcae44c

    SHA512

    383adc6b0daa02ede88c30833e17d40dacb8e9733e49e7f9b6d2aa17cc496659b88262a96dfb17b700e3c2303f6477904d454d040a6161b1b8dabae6a57bbd34

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{808A53C1-333F-11EF-A01D-D62A3499FE36}.dat

    Filesize

    5KB

    MD5

    3795911bb104310171f7d354233d4507

    SHA1

    7b900e045e45ec64bab9d97fead681b591bd174e

    SHA256

    28e5cb8e4621ae4581821ae49e61017f50748c3db0b955e3aeefa89981b53fb5

    SHA512

    7d04811babd50b7b224f4325a8b0bbb7dad5546ceb5f64bb6260af045f36f455921c539d55e54489a34bfab56554973ca924e1f1794c255373fe7bcc56eb58b9

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{808B6531-333F-11EF-A01D-D62A3499FE36}.dat

    Filesize

    3KB

    MD5

    2304140dcedea9a67cc0870c745cd569

    SHA1

    9961f1cacdfe8184572d7df2db5143172f493ec2

    SHA256

    21da432199c43b71f4de62bc6546bbc553b596f322755060ee7c560e6140ce86

    SHA512

    5317b7a8ab21d064190815f0cc479095ba74a434b3103a13198c4c789804c9dc671d2b7b3f3d7a17ea12c68c7ebf408cb47d374f9e6cfc8435ea80263875f744

  • C:\Users\Admin\AppData\Local\Temp\Cab25BA.tmp

    Filesize

    67KB

    MD5

    2d3dcf90f6c99f47e7593ea250c9e749

    SHA1

    51be82be4a272669983313565b4940d4b1385237

    SHA256

    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

    SHA512

    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

  • C:\Users\Admin\AppData\Local\Temp\Tar265F.tmp

    Filesize

    160KB

    MD5

    7186ad693b8ad9444401bd9bcd2217c2

    SHA1

    5c28ca10a650f6026b0df4737078fa4197f3bac1

    SHA256

    9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

    SHA512

    135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

  • memory/1180-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/1180-0-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

  • memory/1180-2-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

  • memory/1180-3-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/1180-4-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

  • memory/1180-5-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

  • memory/1180-6-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

  • memory/1180-9-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB