Analysis

  • max time kernel
    132s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 22:22

General

  • Target

    10badc982afe7c455c7613a23b7408f3_JaffaCakes118.html

  • Size

    158KB

  • MD5

    10badc982afe7c455c7613a23b7408f3

  • SHA1

    66a2b518207bbd67141021728e959d7779e96686

  • SHA256

    33cf573f9e95bfd6972b88600104c05ed3a10ad10375fa96717ae68804b3b952

  • SHA512

    0da6754760648dbcd3048ffaa5340f0e312ab4c360632282f0353493915a606c5b0214fec304bc8be73278c97a9c5eb4618276b1946da4a8410c26b84d0036a3

  • SSDEEP

    1536:inRTN5c74P58coyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:iJlnoyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\10badc982afe7c455c7613a23b7408f3_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2152
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2992
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1280
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:603146 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2392

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0075873dc944c32560cbbaa7a410dc95

            SHA1

            93af2a09c67d43049c581228e8a6d3556d6507a8

            SHA256

            45ccc6b434b6fba6304964e4fec58e7282ce1b5f1b0200acc5cf9315478638aa

            SHA512

            0fd337447c01f0b3f3b625562d649b5f28dc914b8e4d7a9cf2ef25ac62ba9679c186eefa3f5968c331d367a4ce881b0b7b560c68530b4fecc79e94d248452887

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            49c6ea297bf1cce13b4c8b1486ba27f3

            SHA1

            72138673784cfeb5b5adc9586bd12b084a030d7d

            SHA256

            8c94c4323b21feae8940357ff7d439e2e60f04268a06a5acf89f51755e4a38b6

            SHA512

            697ff3f7db19c20fbfbcff338ac4586bacb5fab8834d7720a6686e49db1eb5df3c1e720e0837bb6d16d85d3e30302cf4ec7a2fb5d52f348f829f9fc74edb6546

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            3abf9771b19165403e551e53b1b33fb1

            SHA1

            0f7dbc22709fd3f1ad60dbf317d3d09312d17ee0

            SHA256

            8632a267d864d4f3e18a4e435ee081bce2f42dae4a5584c75baae30440f3a912

            SHA512

            c03d77a6c4b39db68eac688a58b8b7fea0c15954b678a18d1c5403b9d21650ff123cf57453d1bda59a508cad9489dfb56ac714ac7fdb373c567a16f2b072d097

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e4f387cb6408b4f02ff52ac3a9142ae4

            SHA1

            4f9d7b520b0784fe661fceddba5903a9cb47e6c3

            SHA256

            653fcd3d482062c71f272e35d2816bdb886ceef5869b0c6a8ee308fe7fdc3c10

            SHA512

            05e3cd065f53ef0fa561129a30c823e05825138cc3d12716872f40135a6b79760431a82d36c68a8912d323caefbea02de9c451096440d71940b8a6a3142b62e9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6543b3f6e3914c86ec1dc32e2d5ce4a9

            SHA1

            3fa72fd554bc9d2efb22e93a68262bd0626acc1a

            SHA256

            fc606fafd2bdc2f3b027d33b0bfb20e1a5b7d485bd57d7c67d65c197000abaaf

            SHA512

            5389fcba0e9f702b9c2853f84efdb4e60eabf881814ca2d46b8c9ae204cbafd85a7df7413554beb338e5f4c976299b442c640e226b8e9f998412c3f0927bc9d5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7257868804bdfcfe02f63e399d7700c8

            SHA1

            f854282dde1ba8e4f7238a71022b71832f662316

            SHA256

            b61ce97c78606f5d47d5b197a3b0b657f24c7043ba779e45e3d69e8f2758bbab

            SHA512

            d8c76603e55c9e805d25b1e17f580104d734da3047b9d98dce819c4ad28c8866097633bc7603e20613f71b8893b9748360b2ff0e35512e8ba93110fd1191eaf4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2c10ee2863cf2162a3d23b40b707bce2

            SHA1

            9229415d9e90f21cddffeaacd9dac39f19552e04

            SHA256

            233a4e54a3b5f2035bbf6462d41d53cdb1e6893ce1368b845973c4f9ac361ce7

            SHA512

            8c483fbf67e76c5ecd8c20b5855887352d4cbd5b1fd803c07485d58dfaf28a85fb37b4801e1cf3566e1e8f4ef24933b0fb12fd6fccb2e66b508aa400a72d4043

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c7e2e44f6b04396f3a16245c506d812d

            SHA1

            8791c16d7bc03ae0f66d88580aa9e1394f94dbef

            SHA256

            d24dc62130479b772e76b09e2543f323f0b8ca2e8f358caf6e957d8431a10301

            SHA512

            7b3a97f2726341338a9aff21819e01300691e9887e47927c50100e812e9ba5e5d9174a65ac9f070b6bd60920e1715ae6a2a1761d1dae3af8cb791bd798a52a4e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a4c7d036d046b51995075b909078f413

            SHA1

            35a7b7ca588de52b2297e0bed6ae651c3f41342d

            SHA256

            c6aa772ddf39ae153f610a5ef2edd5aa54d4505494115ade6fd2fbd3dcc480de

            SHA512

            aec13b536329422d33b6a2920f6bb36c640f089a1d1fb8de8e27ed70bccac48c601201a4f9e431d9eb65260ec1e726d4dd9817c30c92f281d91640a7b45b1faf

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1b5f446412f71544c3bfb3ed1eb45123

            SHA1

            2623ab8c718aaece3140ee6558dbb2efb90286eb

            SHA256

            8e423ae4cb2860e001be296a4591f91a428e012367d60829eadecdc3c134005b

            SHA512

            6a6eedbac75d9914dcc44d593313591d35bb143cb7593f659d4cc1d8c2c796491b74dcf88778626cdc915ee89453ae06a10fa01fcfe8acf81bab3c3f7c3523b4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6f901a54d8af9db49021f3ba1804652b

            SHA1

            45d7e044940dae16d7f025946fe7a10a7c07446d

            SHA256

            9ec99e3dd755ab8a9873fa1bb4091e67688747207c10b8e1b94294db93d0032b

            SHA512

            89b0eb291e40f4cafcee612c9c26688c3d357fb8967298452fc4bad16072683d2d4d9bc9d6aa83fa223e8486717b69ef8dcc10c8a81e43e9dbd68b6386c8a1a4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            36f683f1529f9aa26b7737a35ab3f9be

            SHA1

            f26fd739397deaf67caed5daf09edae7a8b4c4ef

            SHA256

            2bb1094aea07092247c2d670e56382e3ed3f588fdfa0855105a79c9c1aad50b5

            SHA512

            eb324e550d1d07f9330c1e68be55808082c464192c964abc03d87b49b97d51dc0eb91945a7cf06df7357aa7ef95ed2225c236213feb1976c13181c99026c3fdc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            653c9ce8916c54826b3d5071e4c094f5

            SHA1

            65a732cc5f77672d5b5715b7785af0ac5a020920

            SHA256

            2f952f1dc29c8733c7ee98c3d22dab8473dc539be40356c4782703a3e99f36eb

            SHA512

            1f8461424ff3508029ad2d67e1b5478d867da921788a2f4e70313d31a7003ce781a46230571ed884083e3cc85c3b18910d61c9023c715b39ed6d6f4485dfa76a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            66eae108035b71127e8bb76de54b3fa3

            SHA1

            e67ccdd7dd74b9b29d4416f14d40e6d0b7963b95

            SHA256

            64f002281eadfd3f82760b008a0a8fe2beb6b97064a46952cfd39a7c36f7fa99

            SHA512

            8ff24b81242ea40e55337a940165313a45581f3494462f3963ae062c71c03d6eb3153b2bc52e4b1d18c609864cc675f97c77712b4d974412d90999ca7cafdc8a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7c904cc6126490214de9de508b2ec870

            SHA1

            48ea20de6388359dea37ab0fc48cffb04cb0dce1

            SHA256

            a28bc88323cb3adc6ba0554786aa05a8807ced834f39f22b0e41eeb1621be498

            SHA512

            bfb8b3b29a06a7da0271320156047a09e2c796164e4b25b7e9f01f5cd28abbff84a1de8cd6c81e58944b69431a1f25d89c063317b38e8cebb1d97370a1b16a3c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ffab81c344475ab76c24e32d88314cb0

            SHA1

            a2c0f908d3656783099b45c6e36559fefaea2d5b

            SHA256

            42e84985606de1f4464d882e22015b545ae8c3348f3c71cd94ba2175fa462936

            SHA512

            66c6a41784350e316d874e0cb54c8b8062bdccf76a3995f8a611d23eb486fa82c5affff13125cb4378d2ea8879221d3a48ec7055bb824439408eceedac839da5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1ead834bc5a726c8f25cfcf80bb51972

            SHA1

            f583de7c80da2521b7ce8c65a4c9d2e1fd599f12

            SHA256

            8f321823ece189d4cafc152f15b70b1427181c04df1d9012d7fc41cc0756e033

            SHA512

            ce12a6486a2f8817937707f41c3b4e1872963860bd3031f67c08f7c97bbe0608c94d398d455bcc4c12b920b2f3b7f4ac493e9ece9eee22177408af05c3b7f5d8

          • C:\Users\Admin\AppData\Local\Temp\Cab9434.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\Tar94D5.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • C:\Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/2572-436-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2572-437-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/2992-446-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2992-447-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2992-445-0x00000000001D0000-0x00000000001D1000-memory.dmp

            Filesize

            4KB

          • memory/2992-443-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB