Overview

overview

10

Static

static

3

b86493bb1e...18.dll

windows7-x64

10

b86493bb1e...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 16:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b86493bb1e3af396ad0d6a20270b34e5_JaffaCakes118.dll

  • Size

    256KB

  • MD5

    b86493bb1e3af396ad0d6a20270b34e5

  • SHA1

    06f183fe859bb75f0373efd61e779c1afb4ffa71

  • SHA256

    122a40965f99a476b41549abe3d3b6bbdda9ada44fac50b33e15833a6b10adc7

  • SHA512

    392a18d57ccb44e67cf5b05767ce230118140093a03ec25bfa46c2f57ddb0dbb1dd505aa61342c93164a97939ed0d6ca6016dc0d83fa5782cf6da9ff49846b80

  • SSDEEP

    3072:RGd5SBI2s7K8YD6PAKeHfUkgL8yBxBarAKw:cd5Sw7zMdtEIyfBarTw

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b86493bb1e3af396ad0d6a20270b34e5_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b86493bb1e3af396ad0d6a20270b34e5_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2140
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:652
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2836
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2032
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2808
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2112
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 228
        3⤵
        • Program crash
        PID:2740

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          525268339c09024ae53d0a26ea9e9323

          SHA1

          7c91515e9d6f9b718c87b38f92746ab71a6e9218

          SHA256

          0f54b51c7c1e894cb7dc749add04fa754f0c5871feee0d080bedf942d4bff9e8

          SHA512

          b3f9b7ee3644ce9ccd7ab0a437b3ad923a9ad2a09a67c67a51577bbd683e831c14a79cda864014b6861e18647efb52662c8341e482a7e18d6a0763c1bc3f1a2e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a91f9f65bb23b4ab743708820407b77d

          SHA1

          1615b39f6804ce82627cac1852fc37824b3da25c

          SHA256

          17f738ac68afe3e88139476d8d37d4c1408aa3c7be3a346da1bc04fe060073b2

          SHA512

          9acf6e5767a7a79cd9c2099bb88bca13b0c7145fbeea0190e144f1dca72e13f07915d825d4dbdc87c73d2bf33cb9953542a94cb02bc0c023c655a419cdf9d0c7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2010f2808e0dc33ead2db4ce0ca3390e

          SHA1

          04f3df76088cec486609a16697abfd34f57d99fb

          SHA256

          e6cf771e338cce03fe5f29e396886cbd898d3ea4a43d37cba5d944a26b44c7d7

          SHA512

          b9ee5b53925edbdb3e96aea57ad3a177bd9e12ed0723bd51c299c878a2e0393342ef054c98011f79a425c95ced7e65a1884ebc327c1531b19fc347d3fd4f28bd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9b6ba42d8b42005dae70b10172c33f5f

          SHA1

          79d880ddfc9dea280506196c324fa83b294449ac

          SHA256

          014df1a63688a18fccfba00c8c2839e4f7177468f4637e1ec79db669f37d6cea

          SHA512

          a5fb36309087896edd90286f5d88c37bde18ef26ec0942e6300f3ee9e2ea27205d8c9f086eb549d34fc7fa012547a1c60b6d01e364d01de328a9eca9b86a1f77

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e742f8d913ea332c6aa703218377be22

          SHA1

          6b885d7956b0b4684203ef8461929ea717232a8b

          SHA256

          f88582e27981736863810b101bf85b829525738aca8de97a6e592690c64c3c30

          SHA512

          5907525fdfa8fc48c7172e623f37410f741444322b43a60874b4088b9738a168c421b5dbdb28356677a4169e5df0b93c000d953358875787d79f044d47f0166d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ad46748169eedfc2686970ac01094604

          SHA1

          fe1c568546370f7f86d5982fcbcb71a0c9833c2b

          SHA256

          ff655500bd416f1923a00ea9bde64d69c2e9ff5e8ba7aba0bc6408140fb19a09

          SHA512

          1003208187efafb9ac7d3f4f92021d056fc81fe7811b92b2ae1e12d4822d87efd42077f68648227a263e18c1687ff179a820694b882f80ac172fab46a46b0017

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          03b4ed97b26824effcb7b870c0cafa97

          SHA1

          fdb075839baaca26fc8c4000d221d4edc269f4dd

          SHA256

          ec980d1d7e9498c97712a825d0577c3323485b2fef9be5907675a382d71c619b

          SHA512

          d1394368c9dad84bc551b0c0a707cedd5356cdf4471090fd610e2de873e5c4a3564ec69ab9287a8c9802a4c347cae68cbe22877cbeb5d228eb53d5a92c583f8e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dff0abed5b9c74d157efeb6259a92bbb

          SHA1

          f949f32900ac5f2e2ad9bc8a488f3c54b62c6ab7

          SHA256

          6211917d6d76405be540712496ec90c941736bd3304ae2267e0f5d05ffc20e92

          SHA512

          ffc53b28c90226eab405c4efe6f77295f56ca623a68a02ef7c058bda11139a5a978298b53b012aa203c6113e10e6ab184a0f1674d29be3afe25d4592fe94ac7f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c5401400b5cabc7fe82d3de403220c8a

          SHA1

          b31184d279ec86d3a20c3bac5619609dd541d3f6

          SHA256

          76ced65adab1de2f3a9dd9f43bc38d793f9c7522f762b717ddac357065706ee8

          SHA512

          9ac0612a5786e97c36b505b679d154ba1fb4604899c812b739109a06c31eb6246996604dc4c9c7a51d94aa32d00cdd496de7a40418c2a6f836fb75a2b7ca53da

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          92fad2f0beecfe708920944ddf6ef66f

          SHA1

          a7a48674d3df83fac26548541a1fa2ee2d8ac9db

          SHA256

          5b3852e697b58646d591e887e1459836e306d939e703744a92448f3ebaf1e02a

          SHA512

          bc28fd37530b23e6258158484fb1c3f59862003776a8294cc7f1662d79ebb3c46ee11c0f898c5ae7c46632210bb5fec473dded371e0dbda01824848112e36cb6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e2f0cdd6bc45f60745f665033ef2d06a

          SHA1

          c11c74cace5569ba228db3f1fdb52b8f50496c7a

          SHA256

          5ccd96fa0f24b6351d2cd14824f8aeae2973b1f90345cd17b0b726a0c8d6ed70

          SHA512

          a9c8ffeb57aa1f2ee71a34fce88c30a66e508fc8b5ea8084cd0eb8e0b9d529757265c13ee995010a2455dc8dfae97b49578f11d68e934e5613b0cd24d8be6c74

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3e2e9df5b99de230b19448583e7c5bec

          SHA1

          da965e235c8a02c495943180216049377d5739db

          SHA256

          0f3dd1625ae6016495eddde718f00d10230fad535c9c3b3e835967ae3589e557

          SHA512

          58078b62737062e596089b5e9eb40033e4febc32d7edb62436d8a99234ea30112edbf9eb0c70f061f016450030fbd0072c2d2f48a58db528392a9eba5e2b0dfc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          23dc349a45402d229de5944c362ee489

          SHA1

          7cdae4f03741e5de364d7103f258dbf0ff1bbffc

          SHA256

          f8c23f3d03cf91b20c9576cd9418e9b4241ac6f6e224d382e4fcd8590dc23474

          SHA512

          7aae676e037ec1e27a74e401cb7a09f3e7f65bae857e6bd7dd91ac2767e775487d91f0a59f9921c06934fbe7b4e911056ccb4cc565d30fb7e557f63a3870cae1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          43e858cecf25094b6039bd42a043a0f8

          SHA1

          68eef0edbd1742bfd45b91f0acd7e7cef0fba485

          SHA256

          d77b9f9df3db3fbeab9715a32a4a1539295a767e3102fee16c22318380aa2fa9

          SHA512

          da42099cbaf0f14f4df3bea86d9750b09387a56816c5a4a6d87b4e71a58ac4ed3c3e66a641da939f23936eb669b7ad92866a79bfa7212df6a2bda7fe7dc3cc37

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ffb6a34340370f39531b79e4f0d1c40c

          SHA1

          1d1e419ca4c6196c250014174e106481c88a235a

          SHA256

          fef9b0f9a5ce74c31bdba84b73164bd4b2b072e1a1b94ca026fe5353f7154ed5

          SHA512

          f3fc44d320705e66c3d50af150ad43cc8782307412cfb40935aee2c43ec6f48163035a4b1627c71afae42add58687de398ef969dbd65df1333393146fe4e6511

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5df36cc9ab26185146312cfd615a86e3

          SHA1

          2d07e64ee7bb43a672472c11c83927afb4822f5b

          SHA256

          b08baef6d2b50dc4f216f2c4c9905f2b4f2f420ca49d270ec37f40f6156c02b6

          SHA512

          9b3b7f17daea47c1551c301d382f719154657fd7c194906c5bd14aed1eb501a9a6dee007ca47dcd47dc1fe77a52d0f7a36510d3c8c7f97fdbecc2077579412d4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b8494f74ad2037b724e96d65ceb1a81e

          SHA1

          0b855d623b692291852d07171319d82f972ffad5

          SHA256

          55b5b2e220f6aa02abe644c74d3ee993488d6049534979bc6210b548a92035ba

          SHA512

          f4ffd5f0ba2f55b1a077174f96df64a459b0510af91a9f0ba015394c1c4b924a6e4e134b496ebe7ce57c38792adcc3539fba57ed8dbcfa128171964d433262fd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f77f4be75860c4515ab396aa05edf26d

          SHA1

          4563d28ba1bcf4eb58b565e12b00a45010a4e970

          SHA256

          5fd2a9ec11ac0d235bcb4efe22b267b4d36a1d5d7ba20973b7175d544b418235

          SHA512

          e8502ec15efa530977d7965c01b30d59bf018ec164c5b87df4a5720c136ac85b05308115b2a0f01cf6e1ffef97f3b38fbbd33bcef3e36bfa3631b88915370266

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b435d4a93b81ebedbe6ad861e65e139b

          SHA1

          2d4dea17cf899398759960db15f54c9a85fee967

          SHA256

          77003e284d21d3cb2d766e85a1952fd7c07774da2c82214018482ba21c1f8d3f

          SHA512

          e75fa09288d92315a6a23c7f74c60f0ecd8f1064de6787b2624f960d7f7015ffe2b2a7eaa8dee62c2e3e6554b782adf991f67e47371667c4a280e24cc23d239a

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C142D151-60A6-11EF-960D-6A8D92A4B8D0}.dat
          Filesize

          5KB

          MD5

          2089743fd5a41a23cf0edb4c3a93c7c2

          SHA1

          8d5880c5138ebe4589434c16f7a9188b1b7e481e

          SHA256

          a312785c6b2cb2f234dae7ee0b5b409f246395457c87b2b47d995309b1dfcebd

          SHA512

          39030e17acc75579cd298bf6a21fc3cfa8efbc3189cc41738a8950220c5e3289f7102e3257a85b19e9b8e5b67ea7f8cb3a998f67a6732097a88d4a5aeca561d6

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C1479411-60A6-11EF-960D-6A8D92A4B8D0}.dat
          Filesize

          3KB

          MD5

          bf4d67bfeefd8338fe07e653ec175d99

          SHA1

          8ce93ba3816e981ce94af00282e086019fa0def7

          SHA256

          03463d2e9e6d1da233701a69193826607dc88fddc852488810d6ace06a0b1928

          SHA512

          1380e0d66418606a2e714206cafebaa80f9fbd763b26dbcb1b99b6543cd4eda520c51db3a3cf33b8e697c3fa8abf33671bdab045994afd91ffe28c20b4fa1fe8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab281B.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar2938.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Windows\SysWOW64\rundll32mgr.exe
          Filesize

          221KB

          MD5

          6c9abd4551ccfd12b285ec5c740a2bb8

          SHA1

          4640a138c6f01b6fd927d5f1f49b2d04644db20b

          SHA256

          4ce5215c13ae8d33da5484e6e6ce6c10bfe7e69853265b1a5f1a3dc70c745206

          SHA512

          53d9a8edc41595e896794d2a9071f58a6bbe61b8ca0fbc20d46e5813d747ee3118404345151e5f4405100db4b2fccf8e6a095ea593857ec77d4f1d8fd34dbbe0

          Download Submit

        • memory/652-14-0x0000000000400000-0x000000000047F000-memory.dmp

          Filesize

          508KB

          Download

        • memory/652-12-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/652-13-0x0000000000400000-0x000000000047F000-memory.dmp

          Filesize

          508KB

          Download

        • memory/652-16-0x0000000000400000-0x000000000047F000-memory.dmp

          Filesize

          508KB

          Download

        • memory/652-15-0x00000000003F0000-0x00000000003F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/652-11-0x00000000001B0000-0x00000000001B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/652-19-0x0000000000400000-0x000000000047F000-memory.dmp

          Filesize

          508KB

          Download

        • memory/2140-1-0x000000006D200000-0x000000006D240000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2140-8-0x0000000000790000-0x000000000080F000-memory.dmp

          Filesize

          508KB

          Download

        • memory/2140-9-0x0000000000790000-0x000000000080F000-memory.dmp

          Filesize

          508KB

          Download

        • memory/2140-877-0x000000006D200000-0x000000006D240000-memory.dmp

          Filesize

          256KB

          Download