Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 15:26

General

  • Target

    0f5e116d5e5f17f313021955dcfaac28_JaffaCakes118.html

  • Size

    155KB

  • MD5

    0f5e116d5e5f17f313021955dcfaac28

  • SHA1

    a94c2333504e5b09a38e6ae2c2cb1b9f6ed57062

  • SHA256

    123676affa137279b497038bd919ab37f1cd741de55038a255981f89e6d16b8a

  • SHA512

    fab93f03adf30d6b631c21a3642729a8da60067106f975156700f747d7862316e6b326e562c798acbd572c4e5142488490875a7876e5ba40f2a843f963ec144b

  • SSDEEP

    1536:iNRTWX+XUjf/Lyw7nYyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:irsjrBYyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0f5e116d5e5f17f313021955dcfaac28_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2320
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2508
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2440
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:537613 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:632

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            cfdc4ff7640764b7a82aa3fceaea85f6

            SHA1

            6ee9603dc100cb412e6c45ef767d89ec1875a64c

            SHA256

            67bc94fe4a9172ed533eef1f75b64d5363291569a6ab1ab4fa2f4c67cca45961

            SHA512

            c62bc34f93b0b8b7e4496540348a7812b2f095221331106bf9ffb21c9fb7be21878e99ba933f0e43a1bdef416d0a11b6ec91e51af639c8faadcababafdc75b92

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            20f14c030c98b803bf096aa21a8c8678

            SHA1

            72ae958df1135a3ab87aa94a6f827395b2cab315

            SHA256

            6f441d00001dd52920de46815cb1b6eed2f27ca642054943a1c5cdfa554ea120

            SHA512

            5395bf4e336a6968e697bc49c8e82c11aed99334e7b0050cb05ecee5e87da0857942e5aad3d59671df1e0d200915be972cbcccec4846afc251ae7d10b7f239dc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b06bac1c047eb5c7178cd4e2d6de5173

            SHA1

            1b8f8ccfe2aeeaae6dfe4859797dc0d680eb5559

            SHA256

            f1d1f8186a7b66d1c642e9edd02d3a1c63d5c27cd8797b0e42ee9faf088a6476

            SHA512

            657f84866b81363a200517fb2f88729171c5a3e481cde6c773d1f59b3ff4c59cdf7ec94f06009ce786c50dd2ae404bfadf8cf5ee3c91bb5f53a3d82972115725

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b8435fb2b6b711ff48c4e7dd2a9f4b6c

            SHA1

            b45a4b0b1e4650f4739055be53735ca1ad3d267e

            SHA256

            f09faf651cee83133ba3cca9131c291a2c5d413ee3ae7019a4e05d38fd1a8732

            SHA512

            051741e669da88a86480792dd6c5f1fea8f2ce369772ca6ad9e629232bbfeea0cf0546d3011ebdc673ab8d450e5785fc951dd0432ac0fab67f54a676148ffb5c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            65f3fa23319ec2abe93ef342a7c695c5

            SHA1

            b528078682a8789242ebf5b6e2ff03297e8b8065

            SHA256

            3d5e3befe9dae19446cc324000a77bef0f182bae6c8c33de5dcc75a853af474f

            SHA512

            2d3faa6b468363c483c4bba0c5b7c690092f397a4d54ec93bdd042006af81b4523dcc324037428d44bb7135a30fb8b550214400addf2183763302258b181e69f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            56b380db074a26e8ea7829dce366ef28

            SHA1

            7e8ccbd2d7533a9da0b8a388c8b27f127db8dac1

            SHA256

            b8c3c80e0d6e31543157f5d46fac1cbd93e483d1b6c4c6216ac41bdb3cc29c30

            SHA512

            0156b8c994982ad3ad1999e7fd69918270f978ae71f961d3761328b37d604264031f720b64b1de6f9bbe11af1e5f239534d452a67efb16608e3b2de746fd18fe

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1cd1dae27aa8324c65bcd790a9f66abb

            SHA1

            392e18295d2ef89eeb19baeeae9f9f97e1f8a428

            SHA256

            ccb5e690301b55f568966b8adc94f069d00274e715acd2e1ef00047587e1e12c

            SHA512

            633bbf7107e91984d5ebd863e6ac1b668f265fb59fbfb1ae28c61e900cc3dd8860768a83741ea6451ff8e1409235f124bb82445d4b9444df052411a5dc6e93ef

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1bd626e7622c990e78715106a6447041

            SHA1

            56e7edfbcad9de2569f95c5f0ca348b7346b2313

            SHA256

            4ca77c4a933a6a196e9a3450a339822655f6a3a2d435f5398bf04e0e62cbefa5

            SHA512

            b3164048749334ade9306357b75ef43617ff4979bc5b2b0b21204786cc134b5731a79aff217fd2cd8862b31616dfa61b007e56770a73b53f93cde9941f1b90a2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0f4108ca8d2278b920f43ecad60db02d

            SHA1

            ec92c1493786f435e9b1dc25ad127767fbdd28b6

            SHA256

            14fc61ab45866bbc98443c2d9ccc94f22fd1302bd7d875dc9621ae715d303c1c

            SHA512

            c8ca2990ab3287ab44955debc6d80e595080b11dfffaaa320c68574f1aa06330fc17ac3fffe39ac68f1248f635405f69805ca7181e6d20d76fcea11a1946cea8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            47b7e328c40104c0b57156213c716b60

            SHA1

            8b7121657adec40766f06b49cffbcefe3f9e807f

            SHA256

            21a89beac035c94e3b1732442f2cc64482badcaca1954253f70a3adb46c1cdf7

            SHA512

            9d7ecda58d612bb47c32c155bbf0226739e934d1dd7af0e7cf7f82a4941bc6cfbcaece872519010efd82d802fbc8bf8fd175218ebd560f0a8b68490deb45acdd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            968394e66252cf2dcba13dd363b6b0a7

            SHA1

            a58b5652a94dc4143b2d6c06c63320215e68c2b7

            SHA256

            cfe12557d8cb39c5841220f58b294200904d7e8f53147521e08ad365c7c7e19f

            SHA512

            577330a989ddfa64364509cf92c6c64d8914207ac6c73d855c575b24b6aab075166d295156d6f6a904c5f49613dbd9ea007a264667f627384bfacc10c3d02dff

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            638095185084c574a194b76c25ed80db

            SHA1

            9230b9fdf9fb32c98e0f741d8515ecb1f02be69f

            SHA256

            b69deab8aa29c5dc4d2c9d182c98a613486fbba0df08ba02714cc107577573d6

            SHA512

            31343d0b09cd35910db5a45d284582235f9e55d72e180ce1122d1a993696568022ba74c041b04d52ae6ecbb9ec655bc6703fded012d7b49d52616b97b9268c4b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            15ccf577adfb1a23473032be1fa4948f

            SHA1

            16b4b9d3adecc3e95b0f1d1a4962123122744b09

            SHA256

            5828605f0242cfd39437320ba1f2e40590a6fa97e0f75fd4b722d1e69f35442d

            SHA512

            e11f807f61bb6f63da5ae3b2a4f03943e1423315aa52302478008fe7f6e0869da4c626f9ba97829e615d4115442e03be1d81a670bb2264d10f716263476e5401

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f559ad15ac1dd930079eb398d18ca66b

            SHA1

            586c957e9e49f58d68dc642495e65c367b0eccd2

            SHA256

            ff483c54c86400ed7b768414bfd725e53cd13eafc2b04fce36f668879cba50ac

            SHA512

            211edfd7319a1258bddadc76c1d0dee3c200556bb03d0b6aa4f4aea9dad2a2f59499734a79a36c76c63a60eabde84f8b6ab6cf2dc2a67691318baeffb349aecf

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f620a76ee7bd9fd94a40ae2b72aa34cc

            SHA1

            33b262606a55a85c512250c0a48863b20f9ff616

            SHA256

            d753f12ae72c822eed2e80fa65552362efb6b13e1a399322e2cc92c0fa5b4bd0

            SHA512

            af4ce9b8a064fc8b7855a0697e769e0edb97d6f42e9ad863f220fa82a48b5ea5fea447666aa868cbd18ee844f42be71daf7954feecb17ca7dbc1410c394e1c87

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f9a14e739f91da77d9e2671e069018fb

            SHA1

            40138531ad362df3872c09cfbc16a4b689c7ffce

            SHA256

            19299ca2be4f6b86e23aa485e8f7f168af64626bfe332a39b042b2b849caf685

            SHA512

            4ff13d0b3169af410de6fd1ffcb46206444868cf33438594a9b3f44f28552a156189c5b111cb4c832f387280eff50cad34d680d4d4f48f6d6c59509778ec93e3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b8b0fd677cceae0aab69c286f74df571

            SHA1

            4d8e9f225d0a394467cf8c8c9c4df418fbd11d12

            SHA256

            de50fce8eb9fc5dc89b52b01d215a7ea2307b63f8b0f0591fce12bf0ac12abdb

            SHA512

            fc41cf0d5cb1f1c46b1391f0bc789cfa6db012b9be51aafa7bc4af15f34cb0ef708640f95301166dbc21a4b0324ee90112ec90df1273129cc61f7c90b31033a4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bc0326e1ec027930d5ff4d66c6bb08a7

            SHA1

            5f496908c5e061cfe1bdbb31b95905d1a574b62a

            SHA256

            d02328cf2f1c9c87c73c4cfe17c32b51be398bf867c4a4844f16029712fc9e17

            SHA512

            8dfda40ee07b98c17fba6eba41a5e1bb243a49ea16b565db4ebf1b77b1c79d79dd5dd25b802b9a56ad4a3604017bbfe8e0344ab2e8f3feaa478b266a60803646

          • C:\Users\Admin\AppData\Local\Temp\CabEBC8.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarEC19.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/2320-440-0x0000000000240000-0x000000000026E000-memory.dmp

            Filesize

            184KB

          • memory/2320-436-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2320-437-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/2508-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2508-445-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2508-449-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2508-447-0x00000000001D0000-0x00000000001D1000-memory.dmp

            Filesize

            4KB