Analysis

  • max time kernel
    128s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 16:46

General

  • Target

    0fb1575bbd40e5831d95502c7c7825e3_JaffaCakes118.html

  • Size

    158KB

  • MD5

    0fb1575bbd40e5831d95502c7c7825e3

  • SHA1

    d40f134eedfed2227ac6a85971c8d719e560809f

  • SHA256

    a73ff940bb5218408c20af7a39987b5342187a0e80bca7ea378e25941d9c1dfd

  • SHA512

    ba18ec14c61042bf2382c6919f524abaf6ea81c031a06d0d88a727e7fbd2d33039d6b656cc84f366842df04bd8a916c50ccdd587be9b55f0f8bd8494befed24d

  • SSDEEP

    3072:i/WK4292wyfkMY+BES09JXAnyrZalI+YQ:iYY2tsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0fb1575bbd40e5831d95502c7c7825e3_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3040
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3016
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1364
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:537614 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2104

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a8a05ceff69ba7e45369c7011c830d32

            SHA1

            d804801aeff1d878568ba4fa937319c8947a1c23

            SHA256

            70efb140a58af37a0534b71905a346e6f9f7e5109a9b34bd620694f42777599c

            SHA512

            65700aa2306325144f45f977868def5f6e0f259a18fdf12e8cf3c3ce7f61ef33de2ba177de5e920fbecd6f2a358160fc29a2eff625d403491dabe3d069284eba

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d97256b8f5f4f0149e94b6a49983cfca

            SHA1

            c99bc678383df968b2153257491aff186ef9e3d0

            SHA256

            c8e9e017c6f01c3f9405e0ff257c5f09811c059fd239c46894fcc40fd217e995

            SHA512

            70acb887205d14fcaff41d8ac24dd5a0cf32d451f462ed36dd76adfc4a7926df36eeec5ad91aa9a9d8f3d23bffa6ebc45c7b13d637070a216bc3902bfe90b547

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9de4992ec64d352d2b2267781b93212e

            SHA1

            7afcde8085fee20f47b03c11784e30884353081c

            SHA256

            96d40554f03f9f2cafdbc3924e8f93de1822321599defd1c620f5bf10c475aaf

            SHA512

            eb1b5cf73b4dc3a6df4af61ff46337142cba4537f36c51b13ff45f779463357fc142fda1f04e220b9f96db624bb057ddf2ea41bb31e2a8ab74c09681f521bf50

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            02caf414869a2130c8763e1b77c52227

            SHA1

            897b55daa5d20574452f7d4375ece80d7ccc2c3c

            SHA256

            227eb23a403628c8e4d2c5a298ca98fc16b6aa611fb2cf384c91df267ed9bd22

            SHA512

            321561a2f841c2270d52e46ae2fbc3e54cf8458a29b25b090ab51b1c50972aa827f19ab51d1ab1c185b57e7a1f14e35d24149d34ec58b448d0fa22613556a0e2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8313fac1c57615d917e2938ddb281fdf

            SHA1

            f3f31b4acd8b9d834aa33a453039e8372ce6603e

            SHA256

            79697edb70db438ecfe4b9429d42bda6de2484cfba45f4a7c470d7724880f0fe

            SHA512

            1a297930be962c4efb6ab8f75c44d8fdbf40a7e173ccb39a99a342df6f43c291a8732cb50873b8a56e962c3a9e5f833e4187b277cd708e308f98d33607c25aea

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f30000d302293abc4848153473cc77d2

            SHA1

            f65daeb43974fa1232932e0daf12fc0c65876cf1

            SHA256

            d3b9d113180cae503e487b3f9a11b60e3476f6c128f4289f61d9f8dedb0417fa

            SHA512

            62a1e9231c45805e03fbf19f9f9a86329d349da7c2fefd07ac36de421ee1ddca89eb1e457de28d43f245ce4dcd196ff3c9f80d7b4056b20aae0f42542c427c88

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            78a156e5a477100281ac1f78b1ecd16d

            SHA1

            942e838625d481c67319016a6b435ca52ff46be1

            SHA256

            8b9f4a95d056ac6fb845a0a3dde8b6c8d4ca1fda8acaf170aa8fbe572d67dcbf

            SHA512

            7ee442b4989fe71206d6f3b1dd9f06aa1cb4acc4e624573626531a65de31ac62c9245f0c580bc39b863c8c298f960a47254c4b4d160a789320ab81dba86c8a3d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a55ff64e1997e8b3dbbeeb4fe29a48d7

            SHA1

            8a37644b31791261df23a1d1b569a2aee82d6e78

            SHA256

            c154e826e0904990f249d05cd57cf8c389138e12e0bf1060955ad5f2068eed09

            SHA512

            09f16944da8c61d993259b28a96a4b12f4c76fceddd4456449a7743f54b48e945fad0f30816fd6642d31b7a6fe6c1eb970e3316ac36590f6b91f3c94cef76a69

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            665f3c181d330ae61ed3d51417ff3e14

            SHA1

            77f55f3758867838adeea8cee61e3fe3d3d7fc16

            SHA256

            7a1f81cdb966653056c9b12e2ad49675008da6f75e176ee7b24f675c06643cfe

            SHA512

            2edc4d562c0e79807eeb90efa703c9265cac69e2a7258b98f67b6343996d3452c32ceb24b3656ec5ad5c5f104365d60969bf4c672092dc81aa08e0570c550a2f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4fcbe140f20406d8e479f7c05f5f6139

            SHA1

            1c6a15c1797924dce3e046e23d31ccd4a9c94dc7

            SHA256

            67eb0f20c99589908a9c43ef51e66178c25d57c2b0a5eed90253329c7d8f8fec

            SHA512

            66422c2333388e2c113d88477533675af00925b300a31142cd808c7b7de3567902cf3f78fcc04341e1a16435c6dd39516e572c4773094816410f82eb501a2d05

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1da156af489ec4ba58c00a00dd59af06

            SHA1

            122f70516d489159fa07d90653c79581984b81b5

            SHA256

            24f4ee771b4abf8942db864161c447b7a2f1f8932a7674bc5641c106586b69c9

            SHA512

            777117f0ac7c6bdbfa4d8b9426467b31a0b6d4bed32bdafac5efd75be7b62f8a39f8b300e1d1e6fcf557ab8a5dd11c9c2c4b4f538fd796a82d85e9473c7da873

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e8961f42892941ef863b9e7d01380f46

            SHA1

            dbccb6cc671601e737e6a2608d05223566eb46c7

            SHA256

            9e224db14c3b98aca41d73876b82074b5d70718fdd847a61e96c2f43cdcfa1a9

            SHA512

            159f4209c9a054d30a12bead65d092674342601eaa78b9b6b91bc8c912ad042912583d4d76891c3c37148f9538ac69c168a655e1e5df6b6794911a801c8f1065

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7a4ca116bdf2ed7406a76f543fc5d552

            SHA1

            a6289c9d181ae3072b8ed6ed42c2fd8a34b23701

            SHA256

            7bfa47473894b0ca55596c79e06626dfebeae0ae14de622148240740c4ee631e

            SHA512

            f0d6ef1cd4f0c1c6485b407fc132ce13d002312ab187f8ca6e22a13b480bbaa480bf31b1612f407bd8c3a056770961faca160d7d3a7be6635bfe8360311fa34e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0f4d11749614b94401fcab18cf4fdfe0

            SHA1

            da0376954d7d2118bed0d327e90043f7daea51e3

            SHA256

            08ea5afe05c752a732c14ebb0fe7dde4eaf6c5ba95a7e26f3a7c748d2bb66a8f

            SHA512

            6b0b1ccb1e59ced4fcf6e90495ba1194d0eb29a9ae638df9648e0ef5f20351c2ae44b8ae2412fb36716a539e8aa150601eed74240c4365b8ac93068d0a03d0e8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d6e46feb1b8c3f9cae4fb03883512734

            SHA1

            04c14a7362fc33157e8f4eb58a261d8f949ec09d

            SHA256

            73a38a8a470f1a5bcc3e355a588427334e8471c03f1d0957ad7556d331da0efa

            SHA512

            5d421d03618fbc72ff42b8469de51f85195846629e988fe45f8e574368500ff62e4054d1145d481c4f7708107dbc72c5e75d7b9f7c035fe8468c3d439165f4b2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            68cee55244f9c701655dc5fffee7cb4c

            SHA1

            664e7a21b0031985b472327caf91c976100acda2

            SHA256

            bf1848c34055db6dc6a99d826c471fa34eca55ccbc82899aea36d7446d24db74

            SHA512

            11580ba363906b4c794efd63b71bfd143b98bfe0fd3e6f13cd0a3eab96df7e6576d2dd793bee33cdb67843d366d283dc6133c7e48319202cb0e6f216852dfb2f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4d64a67dbdc72d6a1d41010dfb6fe3c2

            SHA1

            116a5d142ade9959182787258ee74394c2b09714

            SHA256

            5feb4b22373d478da3f038ee848d9735fb4139f825ccf88b7ee24cc9b58ca8a3

            SHA512

            2cd9ee0962022a3ccfd069090c17cf525886c615b28eac696addbd8beff5210361f6fc83218f7260c869da905293e48af5e3c6a802b5f64f2089b84f9c1aa41b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c843abf0898242c17798462439dd4bf0

            SHA1

            71b2662a8d85da6a74b0a644d6e5bb165f91e7fe

            SHA256

            ff13ba77572bffd31b6a22de7f7200c2a5b47f62c642d5ef6667fc5ed7e5a3cc

            SHA512

            f9701e6def1245f8aec3c5ae8fef391c354ba2160c0ed144dbaa8702d1930ac66804ce8247fbfb3e80eefa7f94f845004f9cc6cb1dabf111ec3a6753a1ecfbf0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d0fa4a04935f5f91c72beb1e94e7ed5b

            SHA1

            1c829a90511748734d079d3cade5367a0d2010e4

            SHA256

            64d2c0abdd832491a2e27a1a0148af6a4315704c593f8b7c19622f1541f03cee

            SHA512

            791d8246a037f867d4be32fd59961e41ed993443b5a9b830e46a731f8e0c58a8e2473a879f3a0df1ddc54e109b357cae8f43502ad0c9235556f2578d6c3417b5

          • C:\Users\Admin\AppData\Local\Temp\CabEA6F.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarEAC1.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/3016-445-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/3016-447-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/3016-450-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/3016-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/3040-435-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/3040-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/3040-436-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/3040-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB