Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 03:32

General

  • Target

    109501687d7ed43ba97699f19ce50b45_JaffaCakes118.exe

  • Size

    253KB

  • MD5

    109501687d7ed43ba97699f19ce50b45

  • SHA1

    ce37ee22b572103692755a4a20c2510bddb879c7

  • SHA256

    bcfeda6d22c47c5c1ff37c1abbf3145f94e056d3ac4250e944b82dd0f77b9998

  • SHA512

    f22ca2f35f525b1a62dd0a503d0c8870e549c46c3bb92bcdb946c14bd30b90093b81beaa6442d724aac926ed2720841e8cf934d650ac71a81eca8570240e83a8

  • SSDEEP

    3072:7E/i83OM3Ao9D5448xUIWNwRAoQtf03lwW3QPm7BiK4aQdbJ4rrGHkhzgCvbwZcW:ZQFTDIWObl0

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\109501687d7ed43ba97699f19ce50b45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\109501687d7ed43ba97699f19ce50b45_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Users\Admin\AppData\Local\Temp\109501687d7ed43ba97699f19ce50b45_JaffaCakes118Srv.exe
      C:\Users\Admin\AppData\Local\Temp\109501687d7ed43ba97699f19ce50b45_JaffaCakes118Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2304
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2832
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    056e8e9dfc818da3bcb9d0de8bac39d7

    SHA1

    5f92b311d5682551cc5d27342b0228e76c82a30f

    SHA256

    b51fd5a777414984c9cd25bec317fccb5c9785dafe63528a650e7f15e74adbf6

    SHA512

    efc60a8f9bdb6f3a00f94c50e0a436d185616af5fcef170950607173a3787f46458c413fc59899f01d8bca0a14f2428b0d841b53d2169fb769e0a82af35194df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8f23ccfde9d270873c6d867c174222c0

    SHA1

    4d2b9deff5ed4e0a2b54ede96ca46a5bf6e39a29

    SHA256

    37b491c4d2cae4854fee65b6c447aa25f380d71fdc9f4655d6c9138c11a7e907

    SHA512

    23d2828e07753436eb4570a1e9ce35806047427a16d0439cba619640821f3e781ec46e91f271bf40f8e58c5f98f4b8d55eb502d105bd8e426192683753735bb3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b9d9fac46a176c1ed75138dbd9c67f88

    SHA1

    58004556f5d39ea5006669d400078390886ea1c3

    SHA256

    f0ba2ae0e0e1830236a488a4bec01b813efafb830d4cade839f88c1a27284972

    SHA512

    bc7b40a32eac8528ef4193f38e7cbff0a874a1c1643dbac05797965e560736ab2c54237324576e17fd9bde2c7e16e15e8e584d78dc17f7507d2b7f6d77667212

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    25f0da179ac470be2442a9dad2de837b

    SHA1

    c0277e158c71b1f3ff71b275050a09889c01a1ec

    SHA256

    10e7237e0795e3fc3e7c147a8ba5927cea2bf40df5b470fa00c6ec6e721ddf68

    SHA512

    b416e140cac2c388912dd64de9f443dba9f6c5abfe99da9828d6d341b90ca976be0b8772d445bd80062f9c94862dc833c581083b47878fae9f566fbf78108e4b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    af3f090dbc22b2a98355d85d338d8c1d

    SHA1

    34317ef10bf584279e43ca3c2ba20b9e204edbbe

    SHA256

    671cc0f60fea614e8e6645c9329bd6e004c0ea17d382860a932cadc08fccd04b

    SHA512

    5c57a66c012acc6ca12decb92a8463108dadca7258308f31a1505e4d1a1c201b9b0d79e0138342b1ca2a34fdeb8d4c36e6ad3b52e8b3d04b5fc66acc5f0953d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    283eb380d211765758cffd25b15560b4

    SHA1

    e54e197b4024b10c765470bb8dc7188621811d38

    SHA256

    a1a80d9629c4d377cb3854633094c874548250d879948ecbfb914cbf45406362

    SHA512

    f0a727ca53b05e2a77ed8aace619d59bec745fe3ba9bd1aaf3f56c6bcee2cefeb760b4a1721a63bb0d3c044cef4eaafe7d5d920fca7a423b1357d4d2a0b82154

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cb3fe63ccd8bcceb124f3b0acc243fd7

    SHA1

    b1ea725fb6bf662a3ffe956772dadb617a71b764

    SHA256

    ca05519c05fddb9e55752c01a01f9fd70eeef360fb0aa4968498fa6c1c528af0

    SHA512

    683635b3841763e9787b3bfe2c1eee8edb7047be8587dfd319377875d96d3151cf338e312e62c77185a1a05d9639244d194e02ea7ec8167e6cbef3d667130a62

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d2c532c65c705e477ba3f629c9222ee2

    SHA1

    fbecdc7c26a8836bf441a48f1f7a09b4930f8657

    SHA256

    dee1924b72e5f54ef001fe76678909f128f80638b5d448ef840410df02487e3c

    SHA512

    80f5ef59891926eec48d0a0816404a14bf98d33cc5a266d59165a826ba6db656c1b4690b4ad134eca35950afe04f2cf18417a2681780e5455a1fa4f15ffb9802

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d4f26aba756a61b7eca071a5f0b801d7

    SHA1

    8bce0bf9a3078129cad00b16be5aab205738cd92

    SHA256

    f721a84e1c749fdd32f33e42d1556d75a4bb2f8057935a4005f6e81d504e5631

    SHA512

    964130610d0e3dad8bf63bf09f598f32602baa0ca5b2bdcc9854f65fb2f823290668e6a109fe0d71394d961dc8cd3a81042dd593cf99d7f157f52bf7e0544c32

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    77f5c9db10183626eabc5aeb738b17f8

    SHA1

    5992d56dc4b022a97ab0fddc12cd3c2372080fb2

    SHA256

    71db413654eab198e2f4c47e7ad46fca34d8be167a3b881260e7e489eaf5313f

    SHA512

    23fd2ae518ef765b2d0516d82124cf11f2dc64ce4f18f71ff57994439f75f1d7dff4d84a362c82a142b7d86a477b627f972e356b55f36d2249afe1c810a000bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b1e8729ad6625b4aeb7fa4d5e30b5dc5

    SHA1

    fb85f5b987464a7de1096232017b686aff3146ae

    SHA256

    844e566cd77ed9035b4531d4d5388f03fb34f37ab8d0afcc659a7b8f0facc73a

    SHA512

    f31aa76f009897bec1eafb4a00defa1f77d37259497bca484b5e080fa491296268e7f969e898ac39097e9b96713c891a111137a860f977456e499a44a9e8a0a3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e4504ee1a5855facd6a366ce41ac4c4f

    SHA1

    c7a8840525c6d1566ffa4e72123765b689b9a2a3

    SHA256

    e72a656dbaed79ae5cb9fecfdf3df4f584021e5855c7ca2fb8edc8b50b85530a

    SHA512

    a8c1d5b1bd046c3f693c6b11697d9352cee171fd0b9ca7fa3b154a9997a93448d817392fa85271457b97e1f3d3a24f4fc0107d1ce67605860f9f9a5369445fd8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ca038f8fc8606b162cece44e3066d330

    SHA1

    0e7a9d1c78d99ce5bbcb1e200f226f5bed1573c2

    SHA256

    905399fea3b95892d0bc2688d7dfc7d66631bf2a5bba373a2b0fb7c1d66e35d5

    SHA512

    1865637ff106539bc66b6e25b6a2c2f8a95a53cd849374ec3bd8ed1f42339f1ab3a62510503d0a2b1e2e55b26c435f90d418384b52d2ef2eabecbf4e77d24c09

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    318ea7badccf7f54dd2d1521da56da6f

    SHA1

    5908f9a6f3db57e3eedc99dc3dbadaf9453a5629

    SHA256

    6734e374faa7a1dde03110ac6e2e1330bc01e383e2c79aabcf23bf49a6447f16

    SHA512

    d6f15d7f41d24860ed206eff471978936fe2d548131ecf4fb58358031e656a02454fb250aa813742b62c35a21e27fda539fe6f3f5388eb589d44d92ccc539c15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fc2316290ee85c73c9ba50a25f3cd438

    SHA1

    670a3f865d95a8a354efe868806962f6a1a496fb

    SHA256

    ff698eac82181d87b0f98e7c7a2059d0613698a4a6fb42bc9cf332f38e3e1a69

    SHA512

    ddc691d898e0a5b0366e77d4cd3ea47b9b2a72b2884e5c8efa91285eb1f104bf0a0c48a071f359a1abe64a7057826ac20e1651abad9adc568d8f2910b3e941cb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c9a7731bc521b2c8dc911adbc61d2d89

    SHA1

    aeca56f2fab4f9839907a54ab3a8f36160ae74d9

    SHA256

    421e0c84602ad89280a2e69fa82bb3bdfa1f00616c9dcbe9abd93140b287f933

    SHA512

    f5cd156a59402eda02824de579226af3a8e615649213dc320574cbe800acbdf7b40bf77af6e29a569c2f4faba2ba4df8adc4e2d2b3392143fabb2293d3590291

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    790e643854ce33e7baeaabd84d2c738e

    SHA1

    ab9b63e9dd895b9eee2984bab81402095679601c

    SHA256

    0d08637dac9560ba0deee45426146afd0ff8489d4d2666f336e0c68e2dce206c

    SHA512

    84fbaf950059386ce02d9bc28d197b607bf3753a22a07c495c2b6ed948f047e09ce2f4426a08f10b8f0e19783debb89ac4cb042d207ba8e85c5a7efe1e0c293f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3172fa92721c51a7cf2079478272d05d

    SHA1

    12971a9dc2fd0532b83f08783bf0830221042cc4

    SHA256

    d750b33dc1660954c9292173e25edd5c1c198ceeb736c1f45c9a09b29f87e34b

    SHA512

    a3cbfa5975d8221f990257eef83ef88a2ebbf6828a6204d0e017194877a91b4586da1f03b4401c30d299bbc686878ecd43fdc0a436361715b101c34b7424fab3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b0c5d4f1c68464116c05bf1fd1c48040

    SHA1

    7ee997b4244b99bac9e90d9091e306e5f452d6e2

    SHA256

    47cb9168d436cf3735959ec17fb1654601854416988dc850103faae7bbd33d96

    SHA512

    493a10357fcaf8712a1659fae527c2d902a9856c63b6377bff662905cdeb33f30a2833fb0b60716c0fbc3905800739947c8c39e9aceec34aac5e16908488a6e9

  • C:\Users\Admin\AppData\Local\Temp\Cab3094.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar3124.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Users\Admin\AppData\Local\Temp\109501687d7ed43ba97699f19ce50b45_JaffaCakes118Srv.exe

    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

  • memory/1556-449-0x0000000001310000-0x0000000001356000-memory.dmp

    Filesize

    280KB

  • memory/1556-5-0x0000000000230000-0x000000000025E000-memory.dmp

    Filesize

    184KB

  • memory/1556-4-0x0000000001310000-0x0000000001356000-memory.dmp

    Filesize

    280KB

  • memory/2304-18-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/2304-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2620-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2620-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2620-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB