Analysis

  • max time kernel
    129s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 21:42

General

  • Target

    109aff1b250fdb41ccee8de182e0b6e7_JaffaCakes118.html

  • Size

    158KB

  • MD5

    109aff1b250fdb41ccee8de182e0b6e7

  • SHA1

    395b6613b1ccb122d65c22ed0d7ade11df6697d9

  • SHA256

    0f2c3da96ef0000ac9692f1f6e6d1bef25d5a155d2ecf6e6ce3f34abce379875

  • SHA512

    c6b487b7bec6ac6d7f12731d5523507e2be33757df9492297e60a7a9c66e7e8406fd7703e4239e748a2bbe8fe1d52ca27a91979617a1427f3d6dabe6e27657b5

  • SSDEEP

    3072:i6BwaqJFDyfkMY+BES09JXAnyrZalI+YQ:i8qJFmsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\109aff1b250fdb41ccee8de182e0b6e7_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1856
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1728
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1088
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1416
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:603146 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2460

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d2ef025181bca6e420ed05fa1c33e74c

            SHA1

            de1f4cc1a551ace35dc250d6096b96b7a2f6c53c

            SHA256

            01d1fb211119f610989bf85e8ddc07d922ea3460c077255756ea2e321c57c632

            SHA512

            fc8187887e8642d38d656af7c29e32a363aceee687ebf960e4fa6a3ce1de29c7d0304bf1c38d06107c86f72e5b3bbf77aa33c85206c6995e46a8fad21c49e557

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            adb7a083fbbf67de0e65a27f1d142c8b

            SHA1

            df4cc18cbb2ad94eda08b6464457d5fe8db34ee7

            SHA256

            9aafef0d7ce8ee286adb402026f380f483b2b38c2ffd2da125322130c171c7ec

            SHA512

            f5c602f1673c1d6186e667a45ca9839b4e1381c7d108e225b3d45cd7f71cd895a87c8b7356e360f642cf3dcecc9baeeab7a5305c2d80d0752b3811047326eefc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            622b7dc80b215a6157d1db70b07d189e

            SHA1

            7aa92714c5a991e7975f7681f7a3e310d471e41e

            SHA256

            244e372503c69cdd04d2224a324899ab595d442d9d25f913f465790dd566df21

            SHA512

            3170d0f24276e58253e3799c77acac149a3ddfb350fa07b21c79a769901135707b38454e9dd07a855e8196b7219b60c31ff1f3a5b947efdc16736160abeaf6d7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bf3061cd2db9af0a30c452d5f4f7c33b

            SHA1

            a40b0ccfb67d98709a1a66e732ee31e9a8fa830c

            SHA256

            b7e3fd637caccb3728bb964caa83585de41c5ff56d3259297d163c0f49a24a0c

            SHA512

            9f0dcb9f79153a28843642e1b6c33dab36a2acd90a10978b0133cf1ca32490ee336a6cc213fdc70358100a5b178357dacefb9feb794862a043d7e98cfe4494cb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ae1e6de462dd1d6bd1f8c1afd317403e

            SHA1

            cabe3777ecbc960dd0e26da4da44431c145fcf54

            SHA256

            6ab6889cb28d313dc9c5456ac8eeac5a87f2bfb15a60141bc12037645a37e36c

            SHA512

            f14232edf34850b74012c0093848e089444fa14eec24dc19f9d5f5e8bb4cedee1041b4aff04c9e4fd529d3dcd43fe997955ab75687a9ba1abe0d3c4b83fb0020

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            76a9aa93d3daca1ca667488b345ecc54

            SHA1

            f56be043032316a10ec2e69b408cbd44418636ee

            SHA256

            f64328f7161b1227dc9e2196514bb70f1bfc452054b53e8f84c8fc68222bcffe

            SHA512

            369850c7d0c0ea09be05826f076caa201c908e82c17e30b484f14ecd22d2ec7bde0678e4ea7e036067db0ee3220359f36bb2dd095e442c90c8357c116d662d91

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f1f0c33195a8c9ab285e29e659219f99

            SHA1

            48ce92715ecab0778d4aa58246d4681640ef0af1

            SHA256

            6d98182ade34a08d267e3e3b05f816d12d1e77f4abf4d9e4325b1ac677af13df

            SHA512

            e6fd101dad95a8a675047692d27fdc42db5ae1bbad534e95b56fd77f0e4423480fcda8299f75373db80510317a916467d1116c1d7cc83889c9593d3772da8670

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            258811f7158b4e75f61bcf64bcfe1dd9

            SHA1

            82c70a0e95b11030d5767264b845e32d858f18ea

            SHA256

            22b9bfab0423c951fc9e5c3b1f82487cc9a044ede8d0566b5bcddde86a488074

            SHA512

            5e83a87241cffcc892583e853dcdf7c889572ffebca9c9ac66e77769cbb3ce245f747b929ac3bdcac256d313a9a26745d64158bf301dadeac9916b3f9a7891eb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d6206dc1ecc9de613c65f92d24ed0c82

            SHA1

            2f02b47a8261bd2bfbacb4fbe5674ed1a292dca1

            SHA256

            d0468efe7ddcb5b075d778f1f49897f241d4f0e3277e81a3073bf0e320fd6d5d

            SHA512

            f7f9906850f9a5c0a0ae67e96ba4f9a8b873f14bdbc362c78e04b08b33f273b89bdea13689362e7d3411a96088958de4e27af6359c826754b29e85fa9d180623

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5aa8760badbc8dc1c7c92045e4e17c80

            SHA1

            bc7454fd5121d32b4c6dad7df3e80ae18907fe89

            SHA256

            68d90e7868d2913ee98d62a703cb2d7790fba7b6ba12c0e0a21094371ca1f977

            SHA512

            97f47b0bcab3ab8ddaefa4d9887bfb75f301ba85d13d2054e609d0b252c0884626f41e66229d3cf305e8ce16e8f48b266afcd1b4930d23108859533709f55d6d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            98bf430da638d182cfb68e1b90d8873f

            SHA1

            16b5b6911cec259618a283e77a6c89bb5b06c64b

            SHA256

            438053b2dabbb8bc8d82ba51c62d2b8422dfdc354723878c2bcdfe2df3856842

            SHA512

            bafefc63e52a2e3aaa359e9be457a00b4d0244d74e1b1a791fbcba510b375f3caccf7248eeed82080dc22a0e3833feb3fd233e6c2d98700dcfa0852020c57b8f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c12b26cd9603e58fcb672013530b263e

            SHA1

            a9a6803144cbeb097900509271eecc319abe89fb

            SHA256

            0de4e6392f94ee337753d2344e1c96bc13a75f5f368b7541c2cce86f2d990e66

            SHA512

            272ac8a35ec6c35b5b81588e0231f281efaf480fe9edcf068aa33eee98f3d67d8a754dbe3a0fef37868b2ade7f52c154cdc9defd9c40188299dacfe025ae099b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bb105d6729dcdc9e644affeea59f8ed2

            SHA1

            df1eedfbb04bef0f043708c98b6a6c5647202ff7

            SHA256

            c432631dfb03ede5817e4c0f0cee0134c1e6c73f4cee1301668772dde5b35f43

            SHA512

            1a883d6ce27350cd3de232816bab2339c0ef7b65790f9e04e78bdd42ca106a0e499cdc6947ec4b537d3a419856dc179738d52eeb2ba48e9b043da561014c7544

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            01158a6e11c7a8f27bc59b0623f8fae8

            SHA1

            c1d8c747b4cadcd80305d8776eb5e33e5317db1e

            SHA256

            9457c9a6ad408f7cbc1f373740f8c6032c48e8cf4dbc753f5d29d09db3095e34

            SHA512

            949b4bccf1fe48758d075f1e234e7a2fa06f24c1882c84ab8489c5cc2bdd82e10c41ae3eb82d61270671374c780db866620a06fa839619f32ed4fc4b3c95fcf9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            542969dcf9e0ba4d2c0e5104cb41b4a5

            SHA1

            e263dfe147ff86d83fb7ddee8a33f68b2b1a8cdd

            SHA256

            fb1efa5cb18123af82d43a490a228024bce82963db9fbd4e441363169db87d5c

            SHA512

            fc6e799249c94ffcc2ef93ced465e29fd0462cf85b0be0b4681ca68fef6f17d1640b263fb5bf702d6482168c851ab21445d5398b943cfaca280d718700a72bca

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            04b9533a29f855d14f38d2bde368db99

            SHA1

            19dfebb2459aee2eca03ca5fdf8796a35a0d8e17

            SHA256

            e2cd0098e0a139632bb31920eed8163cc36b717b6437040edf6e71f9adc56e47

            SHA512

            3622fafcf1a02ebd1195d50bfd78d9688f1585fd8da680beac2d601d4cb25f6f05224455e93d3a1cbca7f0a9d03afaaa3e4f48eb3784f56c7e1f97621c348621

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e0ba9836aa2720bd78f32decbfe52d2c

            SHA1

            102729f5c0eb6db7bbfbbfced84322820bb1d78e

            SHA256

            c239fafd38d4b9ea87fc35dc917b9e1c8e07c7d22ee9efb17454719bb0cb7f02

            SHA512

            22aa31960fb78f3ee4bdbc5e040c487f785dff620ad8bcbb72f64bfac6a38cd7dab0d02c0386562f8922910d3b6e86a1d99fabf17944cb4b500b2fe4334af1b5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e4038a5e7b295e1a633cba8440f6c844

            SHA1

            d11bb50f75d52fb58f780334690ea832a1a86746

            SHA256

            03c7f26ac15c619982cff60291e0e1afecee18b1fc32e1eb206ae6f30a2b241a

            SHA512

            a245c05882fb2ea6f2f22a610dfd3e352d9517872a81577991ec09a6d51ebcfc1f5969b85e26ac08e9c799fddaf9a2f18ef55c0d98f3427fd7d1472cb3cfc1a5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ced32e1a0027906bc48ae8da79558d98

            SHA1

            988afda1f68ca7ad1ec8354e6231b484f0fc0ae9

            SHA256

            86609dc571e903d8c10217dc61b8790558cf7f844a49100c80e1fff1fb8f4939

            SHA512

            13b4e7a51158f83fc1ff526fd0f1389e09c9d3621bf9e7622d99bd6df2952efb6f56681b481420b9aa9a4e905c7d605ad7f2fe110f5b3bf2c57c9663078e34c0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5d024285fc89de798994d00d74cb6932

            SHA1

            ddce9f69f5aeb8b3d7eed1f267b155edbb128699

            SHA256

            3b6ae33cf20bf68abae58eca350f2119fc9c76371c304dd546fda96c98872368

            SHA512

            11df2bb37a8dd7ae9c5956d296b2861b202952d2c78f0e33ec8b293553aa0e1a7e1b863f8648229aaf035bb02137ab152570bb43f41f4b26bc5c6695b2f399cc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            95c5e70831dd94c10a3e6b076f5639d9

            SHA1

            cda9a7433b37185bce4d62b5cee0b081faf4cf34

            SHA256

            2974455eaf281c1820ba6962e9bd09d907d102f87a00417733207fff7c8cd07b

            SHA512

            a571377f62aeffe56c1c626496ebb4b4885714faec6908490f4ebb0d4fc1dc39dea90c06b3f0c01eaecdf49c539b8e2929773badd774d6dad2ecc3c04279b345

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4baecbcce1462c257d3a979116fd124a

            SHA1

            a9ab203683311dc72732f4d7b21b88e8c0b6f2de

            SHA256

            4a79326852c7ec6b19d8dcbd103f6c9abcab6246a1a3e8cf64d7f493adefeb01

            SHA512

            433d6c8264ceca88121d09f6b293ba8e8e850b21048b7d70632ae986ee48b77de1586b6e03b48c068631c26f69ba5c5072bd5dfbde57cf54467d6b17759fba20

          • C:\Users\Admin\AppData\Local\Temp\CabE7FE.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarE861.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1088-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1088-443-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1088-447-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1088-445-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1088-446-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/1728-435-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1728-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

            Filesize

            60KB