Overview

overview

10

Static

static

3

49354f81eb...18.dll

windows7-x64

10

49354f81eb...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49354f81ebd308831aec1d7adabeeb7d_JaffaCakes118.dll

  • Size

    256KB

  • MD5

    49354f81ebd308831aec1d7adabeeb7d

  • SHA1

    ac96b612e2a66c4d8945fb142bbafac535ddf253

  • SHA256

    9a8de012326c714c11a77d6f43b2bfdb824244f2cf6809f848aba9196bdf0b02

  • SHA512

    e778a85202f4bc568f647ddf41dc74fd80d690d7dd95fd7551315bc004e1d56800b74d4ba5cfa8dd9984b9c9024f8893e65eb3b3cef76e24423da37d3844a0d3

  • SSDEEP

    3072:9dcQ2ZNMSQvbajUTUItjT68+x1qfe5OwVPxEsZbbANOhpeTav9DTlO:dATSOjUQK9e5OwVPxhZQ8hpt1DTlO

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\49354f81ebd308831aec1d7adabeeb7d_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\49354f81ebd308831aec1d7adabeeb7d_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2660
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2656
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2584
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2760
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d45afbe13226b7526b26745e0711aad9

    SHA1

    d76cf002041519b389925f658079c922b8f3c254

    SHA256

    200d64cbc33aa552105b7c3193b97742bf8d608ea60010dcd1a870329af2f389

    SHA512

    d56abfa521906b468171c93e2c3ec7a03a25673abffacf8daafbf76eb11325a202488c4d4cde78a43e0c3e5e36260c31fd88c3c35fa4fe90d73b96c8ed9ba20f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebd46270de432f4c39ff61fa2abaf872

    SHA1

    095e1e4abdceb7969960645f9a0a6831cd3ffe25

    SHA256

    ee87bf502dcbe970da0bc91f96d4d4ab77ebb2b9c1f96bbe0467afbeef0c12cf

    SHA512

    0c56c05b664ecbf00b6043d63a6908bc19912120cf8ad936ec834df00b3e2cfc626ccbda9d123bbce4533cffd5ed7fe3c3b0d28ac7662323c56242401314f643

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    063ef1155560f7e1163c577e5289e661

    SHA1

    a2ef3c1fb3cb40f56fb3710353ce7e05a58caa75

    SHA256

    4203c12a2581fb8f826e73a9e2a059d3da2b5ff08dd43c7d8fd880d19c2ed037

    SHA512

    82065958669509ef6998ec58d5dcc318ba52e120b26db3a513cb1da76b455f0456564e43b4cf11aecde322c6d2d5e6d50cd34697aee36c344288c3aa7d37ea7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    510402b3c47d610d80b325b3a0abf815

    SHA1

    0a680c3dceef89b38e9186d157d4ab7728f9d0a6

    SHA256

    e0a3a66e706ab293b8e593835b2cbfead44b0077daff4adf4a7020b00050a349

    SHA512

    0eb3446a6fb36ab78b0c504351bad229c0782bf36793ee4f784cf2055c28aa34cfbf97c346e017e47dbd29a37e4221a7cade526154ae06dd4aecb0644139ea94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35818b0976f2633ad2956371fc935a7d

    SHA1

    4ad9436454e193977def00fbce3d3ad64cd86a41

    SHA256

    47c48fccca8226428dedc6c1488550cbbe9e8dd7f471e0b78f04af9d5a60c51d

    SHA512

    bbf78155fa2c836e1d2bc78b79fcb674801ad0ca2a6a5fcb9d16401dfe4d2cfa00f9f1c1a7e1d279208d27a41ed65a8c0e2b02d46b68f7ba07eea190adf42943

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c53af5a856c145c8ab86f7a99e48d0e2

    SHA1

    60919f27d312d0e39751a430cad8d68fa366178b

    SHA256

    1aeef9faacb8f17fa861a33291c5b8aa0cee612a9e63b399db678bd15cc44a69

    SHA512

    c63e39b9c4919f0593bb144f746fa0129fa4c75a6531e632f024cfaf8dff3abf75683e425ade7b2c88198409bee42545fa848595a3956018210d6eb14e5dda9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93b14b2ec1d16bc11c0141d1fef3d5b8

    SHA1

    f26084624c64211b5c7146f8b65ad242c8fe54a9

    SHA256

    5c30d0041456920adcbc12cd23ef17987a8a5cb3293c9c59a458aceb13af7b77

    SHA512

    a63c08d5085d4d6f4cf9827969a552021e066d50c25acdb056893482662bbcb43d8315553d92e780beda4ef0fac3e3f6b5becea5ebc29f940f8ff0a9a2306e01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df99ceb30455d1488b9c443c7c1f7bd1

    SHA1

    a2b597275d6b4c4b03792bb6183bfdc385c5f192

    SHA256

    67ecfb1b53dadc0bc8c01fc364b7cb631289f7fd4a63bf0ebf1273b9fe07ea93

    SHA512

    5fe5181906b196affe75b81d46c2dba7d8155778ecd423fd7eb1c606ca23dae162f232ec8aa1a67d33064f89bdf798f3473e03423f0778c891d6358ea6eed464

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a21be6cf892fec74bd08debc6a337c3

    SHA1

    2ef5142fe64cccdd4d2a4e7838562f38eaf09fcd

    SHA256

    aa366d024ccdfcb2fd1fd78cbaf407f08b021727dbc92848e922b41c83a402c0

    SHA512

    d51d4fc11072f39e1169a795195ff3a778c946f0856dff2f64bfb73fb5a190a49bbb7cdc30257d775e0ea91ca001fc7736176ba655366dccff4e7b91441c9716

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    974cffb6bca3dbb18495848055063678

    SHA1

    7b583627859cec06959f241c2789f262081626cd

    SHA256

    6c4601966bf1bc9374bd5af6f5d104ada84eb01ee143317ede6b8f9521b46286

    SHA512

    5037ef2f06426f8f0607daff1b657eee448cb98835af619bac7387cb848f9ed0e2dd50754d61c7e4a40c7fcd1b16529cf34a22ab5fcfa6a1a7b37e6ed84d560b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ab5cb8b44d44279cd4d96587607603b

    SHA1

    b0255306334ff6b0c75995b27b3dba1d034dadb2

    SHA256

    6af66f006225289318267231388a7ed6991f81f8c4f6f5e9655fab84a3939d3d

    SHA512

    140d1b529ceac3a6a6bfde2b3c475e3e741ec935a473ba1e1d637f0bddc8d2273ad034ddacff4f7eaba309f6ac68469038623011558c9810587c853e1f2310e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc6d59003e7e4cc37f6695713ef94ab7

    SHA1

    a4b90d2c31995abed07b34089a24d1c78443dc96

    SHA256

    a6a3d286659a3f518fa72f510ffa32426edc5b771f3658b074b13fc09c8ec06c

    SHA512

    b46a9658c151a8376fbf7bcf4097e7ca48495eb167bdafcd875e8d358e80946bf08befb8193470223cef6a2fcee021ccc05182675d97db9f231464a95a655da2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    466ecedd11ef6ccb50e9b466f7debe1a

    SHA1

    26e4866eddde05e1ccf91b9cdb522da74bd5c5cc

    SHA256

    7b63cdc6658054f4c6336487cd2857083e95877b40baee8dad5a66d133ba4865

    SHA512

    c4c9d564b0d6924770657c8350a53513bf29202b94b253a17cf19aaa16bec38c6836bfdc307e62c218c960727e257c99f1227aeb67b3591e2e7a1979bd316b04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42ec2ce7253332fa8f2bbd8601c596b4

    SHA1

    c84c0d9f9e341639d816bffb75c9964a863321cf

    SHA256

    b6ffaec702139d4e1ef3afa3e25635316940ffc6dda0f8605f6c9445dd68f36c

    SHA512

    cf28b81f8a2efc248acb61d717a982c4bbb3547b4aaee39d20cbc862a4557f89a5eb031ddaa4f2788c9b55d6e7941802c6d41381251aea42bc701a126a52fdf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f6e7be6c429ce3de6613d4eca670a41

    SHA1

    2965f669143b92e615b217b2f96ea286f12079d2

    SHA256

    0a605c8eb650dba30ce91e3349ead5351cb27cfa0d62cf7284703f477ee68465

    SHA512

    1a2b447165a354ed5928c8e60d8c87401a71a673173be1bbdded4292852fce7eb21a15c79c028b147bccb2939e0edcd8e9ad91562d68b9f12a050be603b51b7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecca99075d881f04d1a2c7b3cd2ee529

    SHA1

    1b87b695b9f004d72a8c1248b503f5dc5ee986e3

    SHA256

    be876954970b3eaaa0101263d4f1b400996b994b457cf463fd03875d8f40ff30

    SHA512

    c7bae60223cfd967100714246016e80013a90d65a08b511c712613382a1306222ecfeca196d931cca874a72c6d3c0892a90fd4085d02b73dfbed0e91e0d21663

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    815355806e4c915609aaa9aa50942048

    SHA1

    f1e23621f207b3213d203e7a8f1251db0f8626f7

    SHA256

    6b2e498becd6338c7f2ffaff10b71c12b6cf5832cbe64be879526a464180c16d

    SHA512

    d845bb41006da8054fdb031fbe972db2d06654359606d7c7cc3be0ed338fe504702c4998fd13850aebef8657d1848249a5085d6a5ff7a88bb1dbe6ab6ed8671e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c7e6e7d32e3d758f6a98b11799b073bf

    SHA1

    15ec3cac54095b69ba8c2aefb60a0c565faae099

    SHA256

    0bd7c7c2685290d759139354f1342411c8a69c7937cbd847b8cca00ef093f132

    SHA512

    a0dfef2e4cc729a0334e4ce46d92618644952caea1213e6b457323f5447be797233045df7aeb33e00bfcb2b0b4fb8b3612c2189501edd205c88dec65176a5f73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb57c0cf7425e8f25aa77ed818703c64

    SHA1

    95faeec4e306438b8cfedbdc302b8f3cfb1432df

    SHA256

    5d736f4084bef5aea46bf763238f4b8461b4461ef4fce9a47ca491a5b1921b84

    SHA512

    15c6f33c5a4469a672e69bda1afcc10605f176522035a002de0bef48d50f341c0fe5f991ab2c0ec96b943e2537dc563e129af6d4ca422dd93b4b438d502c7de4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F2B781F1-428C-11EF-B557-C20DC8CB8E9E}.dat
    Filesize

    5KB

    MD5

    fa70369aee87e803ca7c7b1fb95a39eb

    SHA1

    9a83fbe425e2c21813c0a9c7f4e18b4ff6b1b264

    SHA256

    1ef1c99c69a4e425753a6f59c5f25c3b659bc8f6b4ba95950d36effc50581c39

    SHA512

    0068001a23eb079fb83e1731f9221f36d85633c1b5675458ca5ce9e0afae697251c91571a67bdfcdc8fc896f21074edfa87c0ff44a4b6199799f40d93972a816

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F2B7F721-428C-11EF-B557-C20DC8CB8E9E}.dat
    Filesize

    4KB

    MD5

    dbec2429024ba16ae0586117d5a4daa6

    SHA1

    dee7773618ef2b4af4e8d3b3122fcd08de0c4abe

    SHA256

    026408c5b690155f13d2695c0f1bda2798086242a3df033f78f074809fe0da66

    SHA512

    4491d0b8bcd32fa39d1a6d8852d5fdc615756330b56dad71bfdcaa46fc84dee733d9f237af9a3898cde46184083cf4132f213f78bf487f3094b4bde2bb63a5eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4CBC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4D5B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    104KB

    MD5

    84b7783804fa7506672a409e9899c6be

    SHA1

    2da8a6e9c04662564e18cdf98f73e224a5662533

    SHA256

    b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef

    SHA512

    8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c

    Download Submit

  • memory/2640-1-0x0000000010000000-0x0000000010042000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2640-9-0x0000000010000000-0x0000000010042000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2640-10-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2660-15-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2660-11-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2660-16-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2660-17-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2660-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2660-13-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2660-20-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2660-12-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download