Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 21:45

General

  • Target

    109cfc09fd1bf2dd9c1e05c681e5a7f7_JaffaCakes118.exe

  • Size

    46KB

  • MD5

    109cfc09fd1bf2dd9c1e05c681e5a7f7

  • SHA1

    9c5d91f9ad9e1d14676e7ad194a72d9077d2ee77

  • SHA256

    0a0f7f83fee9778a35af0d7ecc3ff7ecd99d365a659c1ed8da4804467f780a48

  • SHA512

    8012e00d69acaf133aed58033bc1815650cab3330464fc7eab2f034bedb10110210bd6e23cb30af822c46038d08d39e993cf15f3a1a3b81a03cfb27963f77157

  • SSDEEP

    768:pL70HBuggGV+NxR72o4kAwkVZVVIifk8XeaBx:pLjggGoxR72o4kKZVVkaBx

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\109cfc09fd1bf2dd9c1e05c681e5a7f7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\109cfc09fd1bf2dd9c1e05c681e5a7f7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2800
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2896

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b2898ab9b6f96df84dbb70e1bf88b7c5

          SHA1

          2cf7ca36d6299fcd47c96418d0294de92612ae99

          SHA256

          a5a9a5de3b139d3eda9ab02c931f47a189fec16e1b988f3a0cc7377db91a94f8

          SHA512

          016ee3f21ded906b0ed5ca2e089939b0acfadf0e585fc874bb0e9672f8696bd727cc3fa2c71f8fc09eb334b68e11406599e360945ad45decff1a037e5f52ac16

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          29f1312c0be075ddc3c991c22a492aae

          SHA1

          643e0edf1f5b14309d4d8eeef4fd7c2f810e39be

          SHA256

          2c67f7bab9b74a96eab556062c8e7cb1d07915775ba7fbc3494d54cf2b386892

          SHA512

          a94c577f73489d8a0f66302f704730b14bc1b90eea0d272cf6c7173bb36c1ecb8db2ccb586a56d081c8ea9b8bff732862a88288b4c26a8fb4282c718ad4213a3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fd233bb6bdf173dbe6264654a6c99165

          SHA1

          1b32df3154eddb83dfb80447ffab195ddfad9bef

          SHA256

          2d00c58e6fa6beca0372d5a06f3f8fb7484ecc83b45b2154ca73d23f0cd905d7

          SHA512

          42e2b7633a7743af8db780d0a142d35108b6d2cd90b5c9d45beb79eb871aecceac9b571bb8cbbf1f42453611face43e0b3c1e748364b84ac4acabe3ae90405b6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e6385b707fce884a78997f34460da587

          SHA1

          ec473b75894c598db49f1f23ed141a05a1a990ff

          SHA256

          4f0da0e014be72461bd5ab3dc0d08e4b1a8b2b003c5de9471ae276e53e11aea4

          SHA512

          3099be575f612ff879964e0d332a110f8969a014a17d03c7823b1058454ed1f83fffa13c77cf14a91e33cf8f5dca2c43e8e55938cd520bc26d1b90bc92cb7506

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          884f85d025f1d4fa6796f5f561e1af11

          SHA1

          e464963254688b6a5d1e32cdc073f3da178b5744

          SHA256

          bbec41a65b90bc96fb1886bc8e9087ae2725e268eacbeb84c0cc873982b60fea

          SHA512

          176dead7b21b4fabafa2333027083bb48be32edfd3c9e5522d90f8c7dbd62528c2d44c8315c7f2b6a36bcda1dbd00be025a8e29e1c1da53da4f3b74919188a0e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7664851570469169fc4195249f942fc4

          SHA1

          54cfae2195321a2e0eaf2b19db1819291b019225

          SHA256

          ed6d52621056bdf245cb8712460cd9eaa2573cdf15fb941f4a829f43289609e3

          SHA512

          5dc821a33660342d7162bef38722ca724f2cb5b889be3d972fbf86612fbc1f7fa6982170018e3c5dced699ff746377dff690d1569012360d0b940245b19f1f63

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          10cebf3c4d602b154678e1bbf1a886da

          SHA1

          32ad3739c183dc5825e2af298c1f50e570b05df3

          SHA256

          f2bcfc34078a684720b27e247e3103204ac0af90015e6680a640f65d8889c59d

          SHA512

          c6b503de0adfaae044b9df4293158aac91168e1ae9a7e74dc4289a8e88b62d1a2cdf1d401a4d9dd06219dde51fde34f2b394669c902f46e44f3857e3e9194090

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a67b579449260c27d7e984b718bc184a

          SHA1

          d965c0b6daa4de99127d8f98a96b1da9912074d6

          SHA256

          b3ff5628152cca2dc6d0dfd53426017c6f509307e678405311e3f4a68d6d7ed2

          SHA512

          76ac9d6cddd3f0d9b708bd09eebfd3fa5b14d561e0ae4883043cc5817825d2797acaf69dc0f1e55743409d4e4ff00239eb63f2637f3ee35029045193a1c90ede

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          453376b070da362609b639b4dd56b55a

          SHA1

          105b257a1fcecff3ce49595bd93fa14383b52215

          SHA256

          0b0ead55b11fd65b79e0d3a23d472a674fbfcc56bf30d48185f2e0dedfdc47ee

          SHA512

          2784b38983130de87a09b63259bae6068143ee08af445039094d595983dac288f5bc5763880b53ea055ae439d4841285ab944f1e9215a9b446d9649a42a4491f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1eaa53742a4056a8003bfa8af37671a9

          SHA1

          865146df1be18053bee6c5c42d5b86dcb4bac800

          SHA256

          fef5f359c6fbe13379bb2549aa24d89d245c14faef570c7e03a1e1b3e9fec532

          SHA512

          35aad28a76453ed59cbebd38d56d34ecc0759eb5f23e65e594ab3ea22ffd574e46633619c5a5e8903bebb9effed5a05041b6a639abee3fba5ce317410a8cc362

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          61bc83f00c113adce140f4324d0ca828

          SHA1

          8e299246997188cd94211642cca8b876c7f9fd94

          SHA256

          50df069606739003bdc4f3d443d2e6fde0df0244f41ba496569458e296c3492f

          SHA512

          398fafbf27c7fc6dcf86757c59ea04ffd1e53c6b73b52fea2aa841f481887765979ef7d7b62b7bf94ee2aec3f769397c24bafbaa43935db18bd3121b23eb99fd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          adae2902f4c9292d4c0040e6aff4851a

          SHA1

          d1739791f6a52dfa339b64fb40a3131f04c42caa

          SHA256

          2936762ff5cadd0e2effd8ef1b65aadb6dc0cda92ee05e10f61bf8cf504c399b

          SHA512

          da83213c82128a92d97fae5504bc0bcca39f61dd50520db923770279c19d76d95c433a596a3b57fba9c5ac6d28450b9aa8c59ab4e6701587f107cfda53f3ef24

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fd286439db4e9dd098bb2b3d7111db89

          SHA1

          7ff88eed8566f09ec1fa371caae11252d90202c5

          SHA256

          cd989b09554c6e47f4f29b22bf465ddafb98e2ed213c2b394c576f113b28d83e

          SHA512

          ea75b652cd24c371bdd02186a2a654eb07fc28da1dac416bd856d613b3b992cf854837ac6cc5feb153a93422528be47a335a45b5a343a9485cdccd1d6af0ea8d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8dbcebabdef361ca063349ea1767368e

          SHA1

          1a2f17d23e45056468cd6acaaf1c7bd76756cd9e

          SHA256

          d260ddb55da4d2c4239c74b6e1fd0ce6065f834c61a60b3765f50db634879caf

          SHA512

          5c20ed654e3492b89a666fa95247d25daa65e4770f444c6fb637d05aa162579a80530c2522eff5de9e1549bd2b0248282c13756dbc69ccf54da3cdbddb4c72f8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2d82b30a6286e2508f9513a3bdf5f544

          SHA1

          f1dc1b1356a430833c8adf4b259d7ed1adbcfe5f

          SHA256

          28fc682522cad5f975fc111f9b17bc15fae51bd18f6d63523fce001db762691a

          SHA512

          e804383abdb93792a1689129d6033094445266ae2e3e94d65e2e12eeabf4abafaf9a649526fccf1db119863492b319fbc6317bf98b56b6bfa4df9a9b2ad06ec7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6593c60b7dc3225fb1a8f001c677aef3

          SHA1

          11f83db994c7392363155b6ec6132f7f4d6d066b

          SHA256

          0fc5cc2ff6ac6900496f5599cb818bf3ed5afac4a41211df6eb4874b15b9811f

          SHA512

          787cecbc6d4a849551645ff73b004856a749f69b004ad261b06372bf4051b6534c2711f2c5f349f5d8b4f73f622c7fd22c51536f68e01987d6e9792ec370713b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          42a85491986d2f49f051b7cbde15a9d1

          SHA1

          097a33aae10ccf7bf99daa1e7207af737e322dbb

          SHA256

          8fdad219767dce223c6fcab79684bfe433279dd4885c184393f4ac7a1acd04aa

          SHA512

          aa1ef728d4287ced8d014be8c83e471dded0fbfbdaa63fbb193b23a5a78d60169106ce3384e6c7fbd3e1c3572528fbe9c0290fb9bf31c0b6c32b37c803d7d31a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c5c162c09ff8c1754124ff852c27d5a1

          SHA1

          b70a4650401e7e4f4368cbf617a66c38b1b9598b

          SHA256

          bb965ace63da5cef8e803157509498d022741491f27707ae818d7a3b04afc225

          SHA512

          8183660e21f9462041ad468170c60282429f29f2338304837932e71ede3e4fce40ba5104f95387e59b8b72d8db42f740e3d75d17ca315bff5b780eb35fad68b4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ee10e5444cf855a9086d79e09959b65c

          SHA1

          c2d8718fb3456c2563acf147ccf7038139b2a0c6

          SHA256

          2328931f8980bc3473a7ae4dda8eaa2e550aaa2d0b03d40af51447ab98e47867

          SHA512

          122f723fdced89b308b3d0a275362e398826291d4b5a952fa14be976890dfd0b53c0673fcfd7039c6b663268c6c57b8afff5ecd1981e9ea5e8019cc46262ff43

        • C:\Users\Admin\AppData\Local\Temp\Cab30F2.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar3153.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • \Program Files (x86)\Microsoft\DesktopLayer.exe

          Filesize

          46KB

          MD5

          109cfc09fd1bf2dd9c1e05c681e5a7f7

          SHA1

          9c5d91f9ad9e1d14676e7ad194a72d9077d2ee77

          SHA256

          0a0f7f83fee9778a35af0d7ecc3ff7ecd99d365a659c1ed8da4804467f780a48

          SHA512

          8012e00d69acaf133aed58033bc1815650cab3330464fc7eab2f034bedb10110210bd6e23cb30af822c46038d08d39e993cf15f3a1a3b81a03cfb27963f77157

        • memory/2188-0-0x0000000000230000-0x0000000000239000-memory.dmp

          Filesize

          36KB

        • memory/2188-2-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

        • memory/2188-9-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

        • memory/2384-13-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

        • memory/2384-12-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

        • memory/2384-15-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

        • memory/2384-14-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB