Analysis

  • max time kernel
    132s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 13:57

General

  • Target

    0f07f80e5b5e8dcc6ba526ca2154f012_JaffaCakes118.html

  • Size

    158KB

  • MD5

    0f07f80e5b5e8dcc6ba526ca2154f012

  • SHA1

    2d351c7418d59319af998bfe086073f9e5f956b9

  • SHA256

    538985de697603b5a7b287abac11863e0a70958326cfcea06df92c6f201d77f5

  • SHA512

    84e3656774ca3d5c3040afc7a19711b721e380f84255bf0cbce38d30ef593e5c15070283799093d31caf947c3314f397dd04ced5029f8e8f19e915d6f3974b78

  • SSDEEP

    1536:isRTylIV9ayVRyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:iuPsKRyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0f07f80e5b5e8dcc6ba526ca2154f012_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2952
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2416
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1820
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:472075 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2016

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c73b8d26b7cd024615f9eb7ab77f0f7f

            SHA1

            a6cc2664bf41c2e118d7015c477b782d52f84997

            SHA256

            9068b5b1ea806203297725719e5824703688a871c350cd5a97a1a50ef46aa0d9

            SHA512

            bdbd78a0faf4837ef2d6745efcd086530669985e7bbe651d71956ad83b4c4a26983380941e70d170f7e5cb3c9cd532bff1fb2bcbacb9c2f1ffacd929b90b0b16

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d29629e5bb5d7c8d6d5191e8f2072a95

            SHA1

            89e9e66db1b35a551f13697b07cab4c74c97b61b

            SHA256

            719c9910f8355f122013005a26babf6259b9345c5f4f0f8a7d4a9167916b88da

            SHA512

            afc64845f8d534558d820eaeda607cbfb2381289dbfccef3a661d31260483e580776fc1c29afb63e3810110ac3abffd564d1953cdb35cc525226f9c1ae8ca5a7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2b735be2965791d474bfde45acd03e10

            SHA1

            437c0853ec3ac57d96ef3cbaa8914f8fafe11a33

            SHA256

            45875b2115139d716a8128db577a4820eeda4521ed9086c88e5de9512b25518c

            SHA512

            ad73621d1b690dbe39c374eda0f6f1a97027571b19985828f68dfc2750d94ff6abd1faecb037ba50e991571c143b62d79d4f10dc89dcbe1b4ac4fbb149efffd3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            33ce121563317c2a233cad92260b4c32

            SHA1

            f15b3c8ba17540018620f2cba39217cda8dc1750

            SHA256

            01f84c1dcdd19d4c7277962f4b071cdffbcdcda59bc867f933d45656a714078f

            SHA512

            ee4566a94748d7c0b2f4078da01aed839a8f2826ecd4491c7689693922d35a3cc313d10360b7ec9335938f8df74d4a9c28fb107b581299e3af686f77e9436009

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f232bdc7fda4b56c136bd727d915d430

            SHA1

            0b2fcf7a107e4b4e03e29388955a8fe936f1f1f6

            SHA256

            24fe332c2e6f35286adf6dc671a394574b2d0f70e64daef2391078da438c919b

            SHA512

            9d1be569965a69e0389e768986be392b8d78d5eff304ae1fbd0ba497e1749a3b4aa0609564d6ca28e8fca0758fbb6b23669f7e8e2fcf4814f10679b84163af66

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c5239865a846f1d6e44c3c996843e2ef

            SHA1

            31f2a99e55e94e1ec93e6de134090023809c7bea

            SHA256

            d16868bc707a4033803952c5a5ae40ce97b5b7cdd0697e2771de9e75bad3c0e4

            SHA512

            b4f66376872a6868d7fd2b337edb97182f6224658374fd760c8f01d540e1c214befeed29b042e57ab3554c9bb83df1a148398dfbe0a311b17fa1e75630852d6e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            29615088b906dc1a3d3443fcccbd7eb7

            SHA1

            cbed11b816fe2b5475e6c66ecc6ad3da947ced26

            SHA256

            ecefcc449f1a80f92e461a9611f7ed616811373b0017ad1f6cf0e4ce73e4c1db

            SHA512

            0315d91b24fff71008b3e21a99981b48ff9cc1c34a5e431b129629081bbae702280ddff4ab3551de219ba24ad3cace4afc0452e2ecb467fdff56c4411aae3e68

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5237246a01ae70df998aa140af471af1

            SHA1

            9299eda5e122945c82e3be53c8a9bf5f2f1fc916

            SHA256

            d9cbd96a305df1e084638d57b3dee2cc0cf4f7b521d42a1ecc793cb8ceaa3bda

            SHA512

            2f384ed1ae39552432ae3fcc6f0f7526751272330f08a0a24f6a548c358506ac641d99b7f574ed42e67c9631c0acf1c83edd059df5923f0598e26e0c8706363e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f868f1f60385dc5d9e100f872b45792b

            SHA1

            3871986d2310f3c9f12ba07879d7ff80374462bf

            SHA256

            1e277baddc9f7ce759720c1feb0b9d17139f6af8f03f2766de988400d90a0da1

            SHA512

            d0113f5a1943158b8577e42fdf6a02b37e45b5abe99a7ec173713bd346ca68d5b1056f3c7a7734cc99e3775533350ff4aa5d9de03879fb76faa2a1a90ab25894

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2b2d664a33e11cde7e31e82a913ae5f4

            SHA1

            37d58e99452fe1fbc9dba3977bf6a87bfaaac59a

            SHA256

            eb5db8589953c556b9f9e1a052b8b0bea39d4d424578d52ee424b82f129be554

            SHA512

            fa5edcfccdde92cf111b053945cc5f7367d8c4bba7ac94921d68a3cae7313c435daf81086fc43dcc2dff0587ee6144bc3ead71f261f074bb3b19c4b3d45cca25

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            76ee2319bde1af20a2e895dfe747b42e

            SHA1

            d312fd4eee7ca94979991e78f574ad2167145448

            SHA256

            7514b4aba1fb46fd7df939ce316491fae97064529fb5272141b35b1b074af350

            SHA512

            82ef4e45313418590c1090b7007b6b5c40575aa8b8cc18b717d7328205b734e0d56ef48e40f97e219af50cf90125d78f8712355611da619c1126fbf2d406788e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6e1d74b32fe620a735556e27534a653c

            SHA1

            745e5e8ecb89a8b62061ae5ec164b0f0d147bcee

            SHA256

            dde5d96abb1003d1e3b1f30e649c18dfc4bcad318281165e5b98aba0bd610724

            SHA512

            73789b5453461809a24c0d3bbff55463d83360f52f5faec21bab1b1a21ef9a1a57535aecf621e2ffd1a577e81b952c03ec242c301cf0c1aecd86cee5bc38c928

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b09a7a88c15ec226d993cdf207a5ff20

            SHA1

            89508d8bacd5f602b3a040a1019e5320f65a7c1b

            SHA256

            5209fe4d94191a695b14f561d343d5314dd8ff49d9907cedbc5c4c1f73d1c35c

            SHA512

            a871e621837ef9a479c4bd6226678aba782ca07a3e650c949b6d06c4643f1603891f838861d100f941895676b9b2f2eb71bb53472f1e36c4e99e7a460260d29f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            dae632f99a881c54ec97c65907d40e42

            SHA1

            48ad9e0a7975439a158946b5dadf6fbf81464050

            SHA256

            c7374628d96f54746ff5434d650fa85bc32ab6449b816fe21722e4bfb36dfc12

            SHA512

            0b5462d5b45ac076c6e0e47f02a430576195ce138ae30665ac23dd7c5d2f7474c968191be585a51593de9091df92a978106e82c6a61e2d639db3372c1a7b753c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            05de2af24035d43bc0731bbe07631223

            SHA1

            a8124fa2b356299bad9d0aefefe6e63cc286fa61

            SHA256

            888252e514557dbd7ce18951c2552b98f54b9e6bf5f332bcfbec2b52795ea10c

            SHA512

            6c429a9f1071129e22b1eb355db202c9db313cbb5d91b8db5d577ceba80d73bfdc0a61b91a094dce3503258a01ee802e04f15a60bfacbb48f48f1be88a3e7ab8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            589ada90a03db120c885bae38b0699ce

            SHA1

            bc91b5288b7340d5331fbbdddd9d3fb1f54a98ab

            SHA256

            85e1b7287a41fa186b94e22a602a4f25ac526560c2b525b30ea861712b637a4b

            SHA512

            e41031c396f158890dd1f14135b154cce5e9ee05443d64ca58e2cb646082d74787547b251ea349e2a86b2eed87e551d33f6bfbf6ffa9d0816ad271135f484362

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c39de4cebfdd9487e4bf1d851517468a

            SHA1

            7794d77ae6d49fe119e0fd88613176fe0dfe5786

            SHA256

            ef06db02dcc7606ee4404d2a1553285ba023a4c623e47a526d2953c19ad27e45

            SHA512

            4df644c68bc32098b76afa53d003311acd4872198636ec37147175075d607283d427452b49d39f4c3b1dd567aa4e057d9594953a2e7498da6634ffe43dad627e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4c646aed6561652687438ad2f9b95f9e

            SHA1

            4338a0441c995f37945f5d3d79746f7a707f9ce5

            SHA256

            5ac991282651ffc3499ad2f203db78cff8281b5e1c83e11a7a904e42d564968e

            SHA512

            337905fb9800593463454a1805fae0e9cff77c2dd7b255fadf77150d24849a104a0ee2e48c4fda5f80e6429cd5dbd8414910918e32eca93faf03f58a0b86f41d

          • C:\Users\Admin\AppData\Local\Temp\Cab8D72.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\Tar8E14.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • C:\Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1820-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1820-446-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/1820-445-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1820-447-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2416-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2416-436-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/2416-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB