Analysis

  • max time kernel
    130s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 13:59

General

  • Target

    0f09d64f420e5eeac5d865fd621189ae_JaffaCakes118.html

  • Size

    156KB

  • MD5

    0f09d64f420e5eeac5d865fd621189ae

  • SHA1

    a2115d588b5a02fdcd2a3f766f1d02b0b217e592

  • SHA256

    9e499a53b16ad354b71e6a4fd6590a15d07847309d8a308093f2cf9e6612b3eb

  • SHA512

    9ec335305c84726b549d7a967d8012ed2b826d25366515a5bb38da2ad1a8ac81ec75c99e9da89353a58ec92b23f4389af415aedc4d6acdac74182140daf7516d

  • SSDEEP

    1536:iSRTSZ5m4quhZJ3teFyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:igBk3wFyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0f09d64f420e5eeac5d865fd621189ae_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2136
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1108
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3032
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:776
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:537615 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1984

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4c5907527dcc3a27469115a94cddfc49

            SHA1

            b9a28200c65e1fde721ae2b500393de2b1ece6f1

            SHA256

            6156bfe6e46e5bfe4d900f241afb05e887fb98bf7228a60c0c3661d5a9acb485

            SHA512

            47a1b78ef75fec91a0b61e9a3c00e6599de440782f7e140ae9531a8cf8f514f9574adefdcbdc7b5bc0907be2d48954b31b213c29bec1db51a6da055297cf25f7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bb53f908c78452035aea197fd052c765

            SHA1

            51c0accad234f9b1080e98eb62a05359f2acb4bf

            SHA256

            143a876311ae566e6da04ff5b4f10fb3ce9af72423868021b4d10546a56ed990

            SHA512

            1e3b253b2f946c70ddbfcb5989b415058cb4744ede04ca07cf288defa9806cad4c2beebed2b7ea96734d60e0b0019631f7a4e54e7eafd61e4718841913438d72

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bf1ae5166ad0b7e6e997fd0dfd36a5da

            SHA1

            13bf364f2a9b491810d81f3a5c590f229c7fdbdf

            SHA256

            b44486c261a2f91f3fafd5d0c7716f12ecb0b4ec42f0019608b24b08f8c32ab8

            SHA512

            33cfd2b643822665b35a6d35a60e8c0686e7a5da7d784af4c2c1370ffac6a6c684a9ad3d75c584ae34f64aef545c62e3fb5f14bbccf0cd2e12c92ab3fdebf497

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            96550a3401a067d9b2b8c1ea99cae116

            SHA1

            cf04e2850a4afc3a579e5fd91e042c558a303861

            SHA256

            ff29320a3e2165bb836f924993f74881bd84a9f5ffb2c266bd093dca31e02a10

            SHA512

            a41261ba8175db4c204fd540ae45464bce360516737eb24a1662c358bd22402359f15abb295da75c8db610f80165c5ab5e106b744ec9409c4462ce14df5898f3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            36589a844ea3b0a47c6a007ed597594c

            SHA1

            6f058d95efc2d29b3ecb8deaee39716afb2ad56c

            SHA256

            68b188960a6918dde2590f31e19f893f3bffe714bcf032da33392f47c880f351

            SHA512

            f4736540783184008d0c6eafa45afcd019fa56de2e20a179bed0b586d6155d94c92ed04ee433680969987fe217ade814765de33b46eb2778c79832b2d0864124

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ee2dddb3f64078dc14a9808f71c99774

            SHA1

            6a406ad103b39f06c01a8ed5860cfb8cc2ac19b5

            SHA256

            b85ed542dafdd2095bd2ccad31b3653ca874cf2104244f3a913c2f8f518d8d98

            SHA512

            8845922b80b5def4d9415293f5a2b6c6ce3541ad2f4104e7b0612e88c2a298c2b7a0c92947768c41a06f4c36be37e5fa8eae6e24714b68a60bb55325b5f344cb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9e433cdb245595e64324590e3b0e9403

            SHA1

            5aeeba1d4b189dc5fb80cb9c239241f1b692f1ef

            SHA256

            78f749e61a7498b8e5a270e3473779d18264800c86ecec25b5b0114278eee828

            SHA512

            b4941bb1da5b7cde46aa6bd0af61e5f6e7c7d92ca77682f8cb35d4012a624216880c53d15eaf9677afc1105292817ca3a01f07f87aa4ebc71f07a2475e6ce698

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0243c7f5957b6804269e19b8501580b3

            SHA1

            e5707a3a76b6b330a96fd1466e3a187b5ca4f3a1

            SHA256

            59090e9c543a0e3e9de0203ba820e42518d1170c7879a57771e9bba7379d4a53

            SHA512

            8a6bcf504be034896610c0033be4c28feb946406d897942279cdb97e53eaacd8b4bc25856bb5c405c5fbd32dc1285cfb195fc90ed34b3d67f724b0776ed74dce

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e2b85bb434c5b7c34de1ab167575ff6a

            SHA1

            25ecfbdeb0885ce32cd095365a237f4656b95bfc

            SHA256

            de8a8f63c5271ba2b1966961b12f848e862c4f1437ed2e214fc11060c8b9ba59

            SHA512

            db10b25ffb18646a170aef19fec2c097e0fdfe41a0d08f824e05ea632f3329bf20b51e8829e4af3ab28a3992a541de73282cda858079ffb2f1739744980c48e6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            010757d9fa7921322fe53ac8670e0ea8

            SHA1

            4fef1e8de7666b14d7614e4d8fe949a59b72b2dc

            SHA256

            c74550a73d87d9e53badac198a517e034660d40a7fd3f92ed3a1b796dcf44daf

            SHA512

            6f8fc67c809b38c4fcb2088cff2a1158af7a0c14ec82eaef30d7675cd3279446495be04832f6bfef89e1ec228c7af35f3dc3fd701ff0404e7183f3cbf5343417

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            494157ce14700bd7c630952a91893d7a

            SHA1

            7b54db3b87f2804d527f9ef87329cba9b979f3c8

            SHA256

            88d3ba9986dfdf24a2badc3b0df1b8937611d4bae36601a2b13e471100a28593

            SHA512

            10237f4f2a4551b2ab3670c0f5d6943e55150bd2dbea76b06e0ddd4a95960b752aa52cab0cf1e1f8a1506809df8029ec35342738846332ab085ed92a4f9bd352

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            87dcee08370b8f41a24d43bf3dbf3364

            SHA1

            ce91b835cade18f07bbf76b0e582c72760babe56

            SHA256

            1e56ce52279ba6e1db997df1136c57244cb022e5a95732dbc0a0d127c79c6e81

            SHA512

            d09265230c84bf69ff8e7fcf70f60539873259b6a6df4ded894bcb984dfca1ff9e2fbfd57f457cd08656d7a62a4992ee04732a58247b75f71c5beb35d7ebcb1c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a5e55019f21fb5fb151cc0e7e05f2bf7

            SHA1

            e49b1bc1019179aaef80c74bf6df044d55f7962d

            SHA256

            74ee6659dede00735fdb248b72a83dff915da56a158c42fb5e80f19af939aa45

            SHA512

            0f6817af9ff4c4f0b5ef27fa9d320875fc1f10afa38c4ba61da6423ac9113dd7738a9757ef646f254a470a5a270eaf9161e262abbca165411602099078117012

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7ceeb455daf6fb5e13c8196e0c661e7e

            SHA1

            6b064cfaf5ba59d4f8f4b0b1ec3bd8977b8bcb29

            SHA256

            3fcf6ed611b5bdfbc0d83ea7a296b8a584e0418326c9af0bb96a8cac13463a6d

            SHA512

            93b68dc74e54dcef40154959b9233bba007610259e17330bc87469d29d2ad55fa10b49d572558a648ac9af32ddb5e78335f2ebbe5b9dd0e42dc0f9f1ee6abe33

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ef3da49c14fa532739ab38b0f2ddd3d9

            SHA1

            410a0d549a2fb2e0875dd83f6ae8a986c72963bf

            SHA256

            98e1369653385e84469e6bc8aee8166b76e03789703e9347937bbb9f86836840

            SHA512

            bac76c6f549893f371203e18d76a5b75674fcb909a8f4fe5f78b5423ca73f2f641889555010fd8e3298298d96755015b72bbf6f77ac13576fdc2175b193c88a7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            eff2069c206f6d83096b20ef27e7dfaf

            SHA1

            d0ceeb38cb9a2f4d9deb788d7c232d0cd409e105

            SHA256

            714c9666d4a7152439b8a59a5d7c2ecd4cb5d5740661eadd5ccf75f5ef15c3a0

            SHA512

            df02902dfca69eacaef4d7429bda87065a6bf0e4ed4688daef7dd187b101da7923272263268e16ce885f2a8fa66b5d7fd5170829b90b02f17aeecdbc3a0f2b5e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b4a0630b576f604545c0ca05c5ec4491

            SHA1

            f659312bd90ad43bf02ccdfa07d717f24670e06c

            SHA256

            d3872561a18963d2eb85d0dc45a3eeb2af907e7fc3e5c410af73762dc8570b6f

            SHA512

            1447b7304d40feb176e6ec04acc7bc71f494e7f29b4e0a2bf46b872591d51f59e4e46af16771b8b03c4c58f4bf3652bfcc8589e0dfcbb0c09772249cdfe0422d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            cb9a64880bc1ad73bb4c8437606ad192

            SHA1

            a9c2bfb5e51b5ace431b8686a358f5c9b28d50e4

            SHA256

            f2b10433ca418524a37c128f9fa0fe7a976aa652079d0e415eefa88b70c43b51

            SHA512

            9fff3cd8c31f99cd5ffb37ee6465518bc323267ecf0ba1d1c7f748e24270dc614f76246c2a83fbca831b8441956954307cb70bad1c679e1461b09142b1fe73dd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            477344d7bc611a4702def797ae9aa412

            SHA1

            bf85a6148f0bdb90209281d3083e3abcccab8a43

            SHA256

            3a31992ff185e4af2b86cc701f91845d789a1a02530905227694d05c3bcefa76

            SHA512

            9d65639b59434f33d6d719ee202fa29c4dcfb5445453fd98527cc3a3f13afbd94c86b92f335edbf8c0a00ef027c6cbd3282a42942a276a0ba63ec6aae6e71d1c

          • C:\Users\Admin\AppData\Local\Temp\CabC43B.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarC4CA.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1108-435-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/1108-445-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1108-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1108-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1108-441-0x0000000000240000-0x000000000026E000-memory.dmp

            Filesize

            184KB

          • memory/3032-451-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/3032-447-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/3032-448-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/3032-449-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB