Analysis

  • max time kernel
    132s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 06:56

General

  • Target

    1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe

  • Size

    82KB

  • MD5

    1119e8ce501dac1c72ebd88286f14500

  • SHA1

    ce34fa76676bea35a5fb78faf0725b1373f86da7

  • SHA256

    2862543b053023f0dcd3b75a7e61f30705d2da01826c67fef66b55cc3b68dd5b

  • SHA512

    3b9fb21796d9ed3c6856ae81b4bbaad33384d8fb22a54fba5264ad176dd74aea87c4bdf00612d7f34199755594bf4d66cb24f8fb8fbc937da06e852e91ab9e53

  • SSDEEP

    1536:YLQmripssRZ3RM4I12NOheqjbjJ6/ECkagvDarXJCQes//dZ+M+DQzrSY4wprNTN:YeHI12NsF3YE+gLar4Ns//d9+DQzGY4M

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe
      C:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2600
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2728
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2660
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2732
    • C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe
      "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe" -eula
      2⤵
      • Checks processor information in registry
      PID:1228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    603c4d7ac690db6eada43f640782fa73

    SHA1

    178af4aeabbbf260a5740c9937d09a6bd6c66a61

    SHA256

    4072a0019f9733fab14295d2e1b3552494b9cc4edbc35aa5b8711c2d9e00aa2f

    SHA512

    a108b4a7e29e4b398c61746500dec74f1aa614aa558eb13014c3416480b730995bc3d7e325f04160c23fa4996f9810d3a90568a3f894a3177158fc63450f01b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4ce4b91d6dfd3a606fc0bb4960d5978c

    SHA1

    24d441080e0ea190b48908ff64b53487e7d9da35

    SHA256

    e854b22f56a098d54b99c86afc94ae26a355b5e7f1115e6b4ee3479984862c6f

    SHA512

    eef4e8530ce6080c00c6f99ad1dcb423e1c45c0c125621820fb7639389c79b298fc7879fbc1b21606c2973a7f2c8fcc734187bde2399647dc3cf2a27170fa36b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ccb4dccf270921c5191075222e4881ef

    SHA1

    f85f700dcba289aae05ceda1fc70c18467ba9401

    SHA256

    2861caba50eddcdd2b99c2cc76ada7a211a09b893ff47ae094eb62066f2ec433

    SHA512

    eba6d827da69a50c7a4fc40bb7804ff0609c81f075fee346bc277d80a070ba0565604c27094987986521444cd58378814365428e7b375120a68f59b8e1e792f4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    974a3d98b833956282fb32e31a51fb3a

    SHA1

    bb1c3002531fa84584408c362c39fec248e315bf

    SHA256

    592344d9bff18c4078d8af40075ac95bcbbbb62d8ee5663195f162a8f9dae90c

    SHA512

    abc90b53cef52124f79561483afff08799246952ed41200d306a674afc2c94779cc823f5681475101212673941ac985da92142a90a2c81b0b6388cd10c021d68

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7d5ecff538c2df4a13c40b75acf4121c

    SHA1

    9bde300a1c4540f44142b2d10203ec2f0d677aad

    SHA256

    36c4b1a5d9531c8bdda106c32d000b30342604fdd85081eb376483d7f441d241

    SHA512

    f5314ee0c5de814bd029130968ff1a4c155f151717276397d84dc41a98aa43645a817e06a07d0a288bfd46d17640a03c2f0df4cf1438ca8d970280f300a927bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4fa327fb53b161d2afcc49bf72ee6d68

    SHA1

    0310d7d0d528fb7167a7a4811fe8f0b387e5b3db

    SHA256

    a3fb9a823dcba903965727a30bca375e8756855a0ec5deed9bca59372dc77ebe

    SHA512

    29bd08714a72244d9d6d3a36859cf6b1dc90dd24f7d08f57f4a89155e56f3cb4bd997b6eb5405889039563bfd91ecdb4db2e0c7dec8ac288f137a2eccc0917b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b4a8fb6238f75338a089d72d7acde3aa

    SHA1

    b7a083633adeb880aa7fb6eec791a22ea9b39a4a

    SHA256

    315c12948a2e3c8575fa71d017328367971b751c22fd151a16aebb139ae8d6f6

    SHA512

    c21f960cf021419d766474dea9ca1afb053519413cbd91e689b47c1c2aff64f92dfe542dc46ee10325a98c86c5654d65a15e3cbea9ecd43e70161363fb58874f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a003761fcb66a775921a68bba3dfb458

    SHA1

    0b7bc7407ba7780fdfaba09b3e84d8ace0ee1e9c

    SHA256

    dff2c636e1876be4a2062f83d1122aa7b6f3c16758cde5bf43a4d77d59b8088e

    SHA512

    c48b4df2d443f7bf39a164ab9c8e10fc72079d88f1cd930ae9446436ab440c6080922e876288800ec913f50ed062a3a54d6286c3bea2e24df5c08db8a65e5671

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a44c5553fc9d175555829cf6900ecea9

    SHA1

    588ffae5dc52ea10838f31cb2fcfe1c115edc32b

    SHA256

    9964c5d514730c171406c31059d590bdb8bc29ea4c26e6e6cc3b8063c0c9c016

    SHA512

    d64f3050b24025d57b7e2a6a24ea52efa68df28760add613e7431d534061fa92009c55718a24dcad3fe3122b4e9cd332089754e7ae31a1db2a100d70ffac171d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fe06a827095ea87e2da904be7344531f

    SHA1

    7ca61e162e20021b0652f07bec94de13a6459416

    SHA256

    7dac0d4c376aa99d5e2d83f075ae5531150a000ef78d6da063ab1a734997297c

    SHA512

    e27e924374f594474cca3c18c20b028be89e946c346e50707b10a683a4b472c9a1944fbb5c9ff93e0a81a60f187c2a5c15bdb138555757f38c6ec6c21a2d0ab3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0834959b5c818e77eeeb4273ebe9726c

    SHA1

    bb5179ce6865c084b3f6406a30a41086b3280cd3

    SHA256

    c8a4c4b303de2ecd9b05468aca828d99592e5a76b7665daef3b47aa71b489278

    SHA512

    a2e56ec5bb4dd0b48e45bfd4ddbd345af5d42aeec8b9e1c77bb9ecbd9e879800e9b26bda283cffb78da04b7c14bca31e27fc7c856b906f6d4c3336b1eca34bcc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0b3986a763a5d66b84626c4560614408

    SHA1

    3547ab8dfba4c32f72151253de252e5b6698c4e5

    SHA256

    8ca2107cb661ca47914cfc713eca67cfe1ee26be5584a92e52f2f608986adaac

    SHA512

    2bea695dac3290c21119c591fa79f46676d227855b5cebb8ca2a0f1beaee0701c28495664bf4d9aa2526248c2c4fa65a47847a434f44f8480fc1f09c1dffd778

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c012204cfe2ca8f4499dee39b9ccc70f

    SHA1

    3f17dbb9d0f5c532472c6ebf098533515070c682

    SHA256

    dae634ba024b708e8b1cb679883ea18155aca6048e91a8b2207b26bdaa7bb2ad

    SHA512

    d63675e27d39f78883824aa34a58019fbcca99c0f10f4072401c70cc1e53d6ede08aa46400778ce8064092e88ed0d1399d848cf78a1c1018cf93a462fded1720

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a52eef7196fdb7b55f211cb56577c303

    SHA1

    53922e0e082d09465217fe1c4606523587fa046a

    SHA256

    5e8cc52e8785895cba1c29d87471e34a57d35768faece413b8a1da4a00da0c6b

    SHA512

    b8fc00cc211247256731db8c272ab6b60e110b6b966b3d362cce148e8be14152c9e480d2c26177ed05dc0eebe5b0ee93e782af652ef50a6bafe4386daed74b35

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    de431aca913e804a68e77e0f62e3a36b

    SHA1

    03ab95239641bc56233b854a393aa0017a35767a

    SHA256

    e3f9d2139b9fa40c3c419fc3292ba6080226b41db69d32a48c8168df0b86a47a

    SHA512

    8dc45a872d8342ecada01fb3f3669d9065a1d841c8bf98499c4e7424d0fecea7d25e6689b0ba54f8d0bd348f735f106b3777b21e306bfd833da9245f278cb15e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    592aca85520e145bbf1b9aed7d1adc7b

    SHA1

    a6ae121e658ee36daf34d41c65538cd01c2054d0

    SHA256

    6ce0a03384ea18e4ea574ea9416604e92db37788f6633fb32c59428815461571

    SHA512

    d1cead30db8eb6c2e5daeb76a7364d320e3206e6c31d891de91c46da4ebf09cc7d7efe966afe5ed795ddd5c49f436d2f6753abf3139dfd9c63dd24cc98ba85ab

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b7b0267cb5bea7d865915c644051684a

    SHA1

    48e8418d4f58ff16256c7fdd68102d733ad9ee26

    SHA256

    5dafc85cd0ebf14178a071beacb3337f4b8bb0b174af46f0b925d988bfd17375

    SHA512

    b7df6fd2c5d533e39a9563fa5b963fa88534cb38faecd36c82eebf5b63249fea0bb0f2c566e1d85e5f7c69b10fdae3dd9217d28191d4791bd5a0a8ef351643dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b68e125c391d119043658ea287659fdd

    SHA1

    c0afafc76be9c96b9a35501575df2a866d3413b1

    SHA256

    aa10cee05902107dedb2647bb855699a0c034554099479a566ad2e989118db9a

    SHA512

    13e927634e291e4f27702b48a8c5276fdbb7d6a935777c469e1f59d0f307be756643dbc16e11f2f596a827781b411b18b06cdcbbb48205ed33d38e6ac5c6158b

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{45144091-3389-11EF-AD38-76E827BE66E5}.dat

    Filesize

    3KB

    MD5

    1f0a47c8e8f711cceee3b044ad6bb8ee

    SHA1

    490a28feb39c6b1dd58f7f1ba6a90196858a852d

    SHA256

    92a06ec629ec3a61857aeb1eb898a70683bc1a2b6f60dd219d475c5e11fe7218

    SHA512

    b23b58b948bb52296c66d629d966ca1a2d03cad617b1bf61074aec64174cd250835e5fccad070da6f8cc10870ffcb6266fd6c625ea67f39641109924cd64404b

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{451467A1-3389-11EF-AD38-76E827BE66E5}.dat

    Filesize

    5KB

    MD5

    28a1ddb5cae103d36fdd815027c2589d

    SHA1

    8fecf62c8f16c9bf28e9bd9b84ec5870163b13ce

    SHA256

    8b41db34e568358473aa4ca3f19415e4cb40e6b3458d0c96734c5c2223105e18

    SHA512

    9cd6a194b19d0ddba49bb5da08e74458cd8e0a6090ae32bbd6c0c02ecd1372393908323621676a70f1d02c06723e4bfd3bc25eef846e01cae0e9c8257e075f6d

  • C:\Users\Admin\AppData\Local\Temp\Cab1D82.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Cab1E11.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar1E25.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe

    Filesize

    73KB

    MD5

    23842802587d1c2570eec734a06cc188

    SHA1

    aecd57ced1f79fa0dcc93076b3254216d08b907f

    SHA256

    aa94699c1420a0a2c0d07a936fe2acc26cdbb410f7bc47552110504e91b4a8d8

    SHA512

    80ebdf18eff5b25e4ce2dccb44d5b55a9e377b5b339da3a253679d0a4eb0e6fb57595aabb979014aa4e3d59f8622d4660df763d79d8a813365eff0538c05b1c7

  • memory/1860-9-0x0000000000230000-0x0000000000276000-memory.dmp

    Filesize

    280KB

  • memory/1860-2223-0x0000000000230000-0x0000000000276000-memory.dmp

    Filesize

    280KB

  • memory/1860-36-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/1860-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/1860-10-0x0000000000230000-0x0000000000276000-memory.dmp

    Filesize

    280KB

  • memory/2864-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/2864-15-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

  • memory/2864-16-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

  • memory/2864-13-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

  • memory/2864-11-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

  • memory/2864-14-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

  • memory/2864-2208-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB