Analysis

  • max time kernel
    136s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 14:44

General

  • Target

    0f351fae8b066139919ebf0ae48987a2_JaffaCakes118.html

  • Size

    120KB

  • MD5

    0f351fae8b066139919ebf0ae48987a2

  • SHA1

    d12e87f94ec573966bc793d682fc64046bc95185

  • SHA256

    53501c152ea9248f50fabab83c443ad65851ccc8fd72da69f686f4924e685152

  • SHA512

    825466f416d8a60269467f4c5b307cebc65135f61c928a5a980d919463b1e1056b0afcab409a7b3798acc1360b0d6333cb6d436e802f41d7a4d7f37f43206a8c

  • SSDEEP

    1536:5sfFkyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:5sfFkyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0f351fae8b066139919ebf0ae48987a2_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2188
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2872
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1608
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:472070 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2672

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c111c5cb6abdc95b402a3a11ce5a993d

            SHA1

            34afda165aa61411ded5a76196194366fec97544

            SHA256

            2744b7be83a855a16025e5af4a4dd5aae26cc818def66d6af09bc2026fd89567

            SHA512

            5c61031820ad1774c3521427567658bbfd4d2b82194956adb2ca844e5d6fb13a047beee5f609071925bdfab4761d16690de888eaad76a4fa6255acfec69b132b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b5700b9c0afd15ac8ab223e33d713182

            SHA1

            87eb2d25eaa2d21fb5c599cd96bc094d78794802

            SHA256

            91e466586dc5fbcaf9052207d1074e19b226c336bd54b15773771e0a1d8b2545

            SHA512

            6c9293160fb1cb38287d707f869d04f4db4e2d16681ee08c06c6260d6e8db7f3f5414c32a7d5c1661bef1fce6624a4515c2deef67172c75b801c10e05905b4f2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5b0389533637914627c24249e01bd0e1

            SHA1

            64257ae83e47a21056291f8855c6896f156860d7

            SHA256

            0c5a3c4591f0d0c1a3aabfe56eb5410d9184571038b2c692f040dcbaac003de7

            SHA512

            f4809215e0a937662e02149bf505856d4be6a0e39cca8a5c4a74024317636ab724c8d7bd7b8c1c7079473fae85a89512ae06d540b1395f88654d5c65fe6bf7b6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a92cbbd3f86f03f72b9704de3874701f

            SHA1

            8988a5bccb16bb99e0d85f50c20329fb97f16cf7

            SHA256

            4e976865cb7f11839e2a4d580742b1e11d4acbe914f6b6e7fff4ecd2bb0b0e45

            SHA512

            1fc46f4c4522131410db349bfae02d2ebc89c43c6f9fc07bbb7005fb55632a3ea2928b365b2ab6449eaadbcd4a1e3c1f95d0996d08b0bacb7a5c696e94582909

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f360f3b22588c584022066f6232678cd

            SHA1

            2c8023579f9d4b268685144bdb867f96169f76ca

            SHA256

            6136155a94f5bfaec565361f2db6013c71ef30feaa286b68382c662a6a00bad8

            SHA512

            3b8e7da565233edecc735c53cfc30741bdb3ca5919286baa4e0dbc8a658fbb4b90843aad83bd891a652eadcfe472e8a9ab80c7b52fab5e802cf75963b99506b0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            88b5d92f02b92e916e38265707801067

            SHA1

            bdde765afe61123ea29efc5578a2ad5c2a4466bd

            SHA256

            77b19b4dee454dcfa219074da9cf9475cedd375d6bfcc6c31e0b03dc52cad872

            SHA512

            f8fa8c3517c6d96a0c13421d71ec6eacfd57aff7ebb4a14bb3fc859b0e74dacb1511184c38c8a26c4555aa605cf8e2b39b36e4524f7ca1dfac3ddba26aead43b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            644b9e839b514725c52a6db3ac09a22b

            SHA1

            eaa0c5902ee0c54ba25644044beacd203b4e26ca

            SHA256

            9f4d692c6f9a3496e729a825871c7590cbaa1ab40165bbc25e03bc76706af668

            SHA512

            046e3fbc270300bf95e361f716a7d5e3e41f2928e85d4ed979c08d46e4cdd20b001b6d30215e49a6e2f2420fd847529d2de89e1a77c20a8fec1f27435682e649

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e99ad6402e0ad5ccd6ea01efe93e4411

            SHA1

            0550e47b60bb1cd486a8eeed106366b399d4caf1

            SHA256

            4c1fd92504b7402bff159bd8f545db551548492633aedf1510676e534072c8df

            SHA512

            ed8ef7f12ba8acd7bd153b785643a2e1c20b2d538a1cdea89736a5a2f6b950b4de2807974ad8b8008c624866ab9df01f253eeeba2f1d4876908ae83345acf9c8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            97010727022d95f856640a0d6e7f84d8

            SHA1

            1b36a1f6fd7811b5b2f7950d252d611d2ef9ddb6

            SHA256

            7bc9b3c115ba7c8eac47a26464151a9d33005a49757461f026fe8dee3b9a9ad4

            SHA512

            ddb3e05eb443a4b3065376274c9a97333d0ddb78dffb2356a6d83173fb0f457a3947e9a8f86bef803bedade2c298d4389810c0962887e8966d851e169e15b525

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            3abca513d7fee59b807efa9ad82ddb8d

            SHA1

            da3d0379ee84aae84d53741b7bf7739163b305a7

            SHA256

            6fe881858a1a5f0f7de44d0e7a0c17cda61b3ba272de98606716ca69929cefd5

            SHA512

            54511192e60b353d2dae849b627bbf00eaeade6f341e54dbbbd777181f0708b320a83557522c0ce8f9d4a2df6d70e7db4e8ec9a2ad916d5b1c35565bf2911974

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6d319ac1c9ce3c903c6e7f369503a395

            SHA1

            e33a52e9ec82fd63128e5eccaed2cd8ad7bbc2ea

            SHA256

            391747a36c81fc4905ab307d34837bb1d9db6eb64860ff5f3f58c405328b602b

            SHA512

            d4685b72b7fb95444f3c958dc77b5357551544ba62543e76a49d80e71d99599dbcbc4a590a35c29d5f488f7d2ba12aa198e0b73cdb97d1267c59b763055a06f6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c1327c198895c0079f6f53200187fefb

            SHA1

            d02675142859ae2b10da40fe51ecefc96dfe77c6

            SHA256

            6e54748e05fe0188cd8d96fd103f8976628541f16a19d767a986af5cdc311525

            SHA512

            f269b1508a45c22ae9a0fdcb312236110db36133d4cdba6850c91873cc4e2ddc0a870f88800ab341a7cc335451db546190baabd67fcf876cd3ad86a3df408397

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            411145dfb32582f4a369583e53da74b8

            SHA1

            6ce8094617a68bc483efb637a09a5705426c8414

            SHA256

            442609828b652cf2b470e647a3e25f92aeafe8c6978007c4e0cf34c3944a61bb

            SHA512

            3be1a6d05d482d810c2bb4ef952e7adbb701f28cc9c2f1d702978223f3f7ddf1ab62508c93dc4c5fc17d4878ac37aa3ebfec58edc4d58bb526873aaea4651920

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ca318891033ca3d0ed8fb2502cd61ad7

            SHA1

            9d9f1733f48acadec985f504b404ade93b57b7f9

            SHA256

            92a7f03cd9a2c95979680a2281ebb134b0ae576c90326b0669cf53b0c9970640

            SHA512

            0f2569694121348a2721fd160319f014fb2375ad3e3e83eb30c514c7d5e911aaf13c8b3b34c5ce2afd46342ff6aac222638e86942dad89c451cd543c418fe005

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            cb93dc0d47e6b376afded8ed93096e8c

            SHA1

            a3a2feef1cbec2378055251dff053eabe9daeb90

            SHA256

            97662eca7d01470da3befc74646d93f941655f00f8cd9e999fb532b9db7beda0

            SHA512

            f118d1ef6768a2a60c690649054f1f15d3b38d5162d7cb34fe6b206f446af65d33fb7508cdada764a5020a1dfa07715637d52e092ceacdfd06ed1d21f14cc7ae

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f6ff8d9142dfc3c630d8929a94327c1b

            SHA1

            9135f57d8afba4be85cc59dec5af9f130baf0758

            SHA256

            c5eeae8f1ec8803f1b7acda78eb888ae477818dd3834baf513623c138654d00f

            SHA512

            f218e7714b81ecb03ebddf9fb64102b8638e735ccc1b4bcd3174e433fe56251c39f2b19850d072d9f5cbe667cc7e222534a718a35293d32e6a597822b1a6bb97

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6743d8d8bc551514bd9a4496cd0dbef0

            SHA1

            a8afdb4b99f231859ab55d13fc06e5655858e39f

            SHA256

            0efc041883564041cd35a9d60d06ae6de43fc2f6283668a1ef7a6a80cf4bb321

            SHA512

            6679e85159e30807774f354361defab1a1655365b20c63fb5eede3048ed76bcc7c72ed8d90a5eaf2e85f3b9f5aeb78c3d6f1969459bc1745ecbb6be199e1664f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f797af423c8c8e7bf32890d2edb27e8e

            SHA1

            8d7a87d8bfb1116e1d861a29efd32e6df09c74ce

            SHA256

            d759b5a1a9f52fe003638a5d6edfa8500453583e5a6c9cb1751daf0b9377da82

            SHA512

            30f78c6cd6eb10d5e318d69f3f295a7d78f7a5a02fda6292e39798555b4e5d32379cff1204eb6c1769da65088d881032efdda8f4293872b6af01c541c893efdd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5b6a58aa2cdd1a4ccf5ea68cbf95627b

            SHA1

            fdfb16baf778159d4c59619a4345424de7ffe208

            SHA256

            52997c57b716cdbecdee7b78ce3a9e1632a776d8c2d392792e6b603a737ccc5d

            SHA512

            55bbc78fc42ab43e135f24a9c86bd519834c847777e13164a8dcee87883670f0c10089f5eb497919c53c9d5b08ea0124a2a85c209e8d1d3855af37c7cbaa2265

          • C:\Users\Admin\AppData\Local\Temp\Cab12E6.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\Tar13A6.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/2188-6-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2188-9-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2188-8-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/2872-16-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/2872-18-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB