Analysis
-
max time kernel
117s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21-09-2024 03:11
General
-
Target
eef7117694ffd13bcba0042716130677_JaffaCakes118.html
-
Size
180KB
-
MD5
eef7117694ffd13bcba0042716130677
-
SHA1
a3dbc708027f6afb4f97dfcb7880c1ca129481d6
-
SHA256
c5a3f6ef3c147c9c13b873578a10ecbfd7ac63ceea80b28b7d36f8ce7b4c8c20
-
SHA512
27a6faecbcb540debff906e375f41a7a022dc93b67e62a1b8e588c575e9ba5671cd24acafa82dbafc054e78533f19ecb757f63da84a520dfd2956668f8c11c76
-
SSDEEP
3072:S8yfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:ShsMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
\\?\C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eef7117694ffd13bcba0042716130677_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2712 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD568964eed30396844db405c6d7c91e599
SHA181abe5290aa0904d4f25ee75eb71440ccccc04c2
SHA256329e27237c308c7b9602d51555d8ce10065243daf1190c0cb134aa93a6654c06
SHA512518e3f3533b1b0799cdcfb99fc8e1b951edd3af7870888aa751a9a1efefd0e1ef14ae1bfde8efa3e519f590ce0d10a9b51e930111896b3f22458a60c46b6f165
-
Filesize
342B
MD5f8c7ec01eaf51ab7c8c83fae857a0ca6
SHA1c0cb5bc7f8577c666caa5a74976ebdbc4bc869e5
SHA256d293728fa94a6bafb0a1408407e07c67c6fa246f311a82b9c5ec9381270b08b6
SHA51264b26e115e827340f00e79d711790854eea9e9cf9bd03abb3510e45d08e52569b509287247e2e0ef7c38e253ba629b035b5543d433460c62597c3a54a32b1232
-
Filesize
342B
MD53b4cadbec45644efdc923fc8ff7c5101
SHA15529d5189784987f1a2f7e03df831c36a7724e38
SHA25699ca569e8f2c5363e891c3605cfaede123bdcb7ad755ee604d785afef69a5a6f
SHA512e07103e8893aa16e733249f433b45c2ad54fa227dda14fd53926a98b968843d951c3dc5b31f289695fd1fdc5d231925939e8f62e1a7e3ab47f20c0072b5d8c49
-
Filesize
342B
MD5e98205e31333dcd05028a71ce91b3554
SHA19d8286750f2d916af5b018296137d0c89c74f03c
SHA25603a49c44f63f8ffa5a0e3ac075b49ad54fcb8f0723834971b22a1d93201a4047
SHA51232d6968bc61b9876204f3ebbe94b8271b3a1c843ffd304e5300bab3ce5a0a2e29304d2c525b6193120ca6c1cb4fe1900c5d0d19b9e6b26bb9a01f0b78685d5b2
-
Filesize
342B
MD542e5f68b113f68e57083639717c7c9dc
SHA1257973a80ca5d8cec570ba06e45ce20a992606ca
SHA2566ca4d8eb757496f17787c767c503b6e400157250e9f3934c765a3e3cfde453fc
SHA512e6119fe37c8f5f9cfec8b598efb772b316178ee82a215303eeb31e49d4f48991b84a9a1a5fcebe6fbb9704166527562441cdc62fd75aa409be776f8a4494cca4
-
Filesize
342B
MD5f843018eb505c87aa680274ee74b5670
SHA12baa16d2f4dc2901f654d767697f77f4d7e81381
SHA256f74a98933b3317ac982ecfc2586046da296f96ec798da15d707a10e81af0019c
SHA51207b2bd33175cd7fc2181ccbdcf171e25bf327597520a7dc3b36de60240d16d3c92a68d7b6d9a3ff632651f428e5384be4b9ea7f1fa7268ea1b39f3fe72381a7b
-
Filesize
342B
MD51326c3b23feda8c9d5d8a8bcd90da95f
SHA11eee7a0f6036b2947bb95b17a261387b0cbcfbc7
SHA25675b358e897451d296af79dead953c7b555fd73af61bb883e2ba033393a102661
SHA5123bdd0edf6cff82fa302c87d1a6df35f29fcb10bc17ea7d81b961941890fcc89bc9b86b496ae81fc2fb0cc1f86b0b625aac56cd965eef5e3c8e7f8fb530520f1a
-
Filesize
342B
MD5463a98c1aa6255c3a9f04dc2e47eb485
SHA1ad582df23ac96ad3c2b5f7841e8d507d754e975a
SHA256e63bba51094c97d3135491d4c88d5393a0f7faf0ea7b8dc2df1e00e44294c2ca
SHA512cbdceb600adf74edb963378ef704d8b6e20da99cd7d674a0130c3e4018af24017111a2e464a3dc9bdb9d6e240716290af0915467148bd6618bac80b349665084
-
Filesize
342B
MD50deb03d5438aa627bd77b984caa188eb
SHA19e050ccec4891eb0bf736250600f580d1693da31
SHA256fbaabccfe64e8da75a841dc4559aa059735e74c872fbb11ff9a29b2aeb4c70ab
SHA512a2ed89daf2a328b24e4181a8cfd9942a050b46c355d859f8d4263bea9ab92927625f9c38815df8780ff2f75f37666cb62080ca773df0774a545ec2893fbaf80e
-
Filesize
342B
MD59487ade3fe1bccab65f4ca93c95f0ef7
SHA17b907f020b505a9035026843fa54e69d2a2da481
SHA256f6957c68655dbbe2584d657adcb5191dcf7357911981bbe586dd617db424cb5b
SHA5124c5de93f5b0da55b852b95dad2d79a4f90813ddaecfc57450767465c376aa2f8d1f32ede2ab59f9ad80281f0c77a70e01d0116d286f8ecc2dee2b3d704742178
-
Filesize
342B
MD536529b8c795ed29fa423c60a49ca2f83
SHA1a428739a49e3d3f6b87e04d2c141afdef3cb7742
SHA256672755c657715c2b39ac158964ed27c0020299aeaa6e29a490526e33e72db17a
SHA5123176d66b45b8e27388b95f1d95106b1a5c19d588269ae558fbd603aaaf3149222dc73f047f3a4ff77b3eaab82cadc1a05b5e6f3203e0553cf15b4c591773fb70
-
Filesize
342B
MD5ce5b9c82b84383871a4dde467d0796cb
SHA19e36dacc08c13f5356b7d82875edcc519ec38a74
SHA256d8bd14c2fddf920ff78cc1f3a7facba3689b62d779adba87a5855111b5f64fe5
SHA51268ce00e967a7da09fce8a31e89d2015734f312ea7e3120407be10b9a161afb309169459ddc4a123215cfeb8be90056717378c8da9733352b726cd467332211ca
-
Filesize
342B
MD574a49e06799cf471d70d838c819e5ff1
SHA17433e523c627a41a39abc5e5185256cbb514e0c9
SHA256992b198ec11c549700ec84ae90d568d0ea36c1a9bce024a0ec231f091bcd359d
SHA512fb9aa018d44ef7c6a4356bb56d901c344f7c7cf35770cd0acf6e8dbd71bc32ef2cb830d07f9bcc4d240fda0e82004f2eab13c70e39863b247261b87219235f53
-
Filesize
342B
MD57e4062b0d84879d323c3df58830d50b2
SHA15c0564e390db3a0f89f94e1cda10767205d841ae
SHA2566576d03591ed62e66a6fa3b9bcae91a891b1336f48bee319e254fe7c9d282c76
SHA512b3859884182fa7dff3590ea4a1fa693cc5db841201c4d541467e92aea2d9a4440307a75e923a34e6d920556a500a4c9005fcee051b0c1bd4fc36d22f7d309330
-
Filesize
342B
MD5f30219d5af064b55b4721254f92bcde1
SHA127b1fd9441265b7f9b6e474f72219b756cc57592
SHA25610e2cd71760b3631b60dfae5a778bd882d31b251c3c36e710dd3cd10453450b9
SHA512075f3b416db7943d4380f1534d316b89e9b6e09b5a81ab4ec9fb970ede2c262aa5df5237c8549df6259cff1282aa76cd9eff9132a5331c49c8abe6f2f34a2966
-
Filesize
342B
MD5bb48e2bafe1f1f0717a39b7eaeaa44c1
SHA18753ec0ba31063ad5d77a7174829eb395517ff9d
SHA256eff0784e6c6ad55165dd9f65f03f10cb764988af749d7fac6f94b9618b7bd126
SHA512cf26486abe123c03730ab038932e188d464d7c048bfc653fec92c804b7bff59a594653c6fa885b04960b802e956efdaef22ac78df8cc2e6f5c1624ae9e839e00
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
84KB
MD5df455f0fa8fb3fa4e6699ad57ef54db6
SHA151a06248c251d614d3a81ac9d842ba807204d17c
SHA25615068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1
SHA512f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6
-
Filesize
216KB
-
Filesize
216KB
-
Filesize
60KB
-
Filesize
4KB
-
Filesize
4KB