Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 16:54

General

  • Target

    0fb99df2eb37c944e7ef289f9dccb123_JaffaCakes118.html

  • Size

    156KB

  • MD5

    0fb99df2eb37c944e7ef289f9dccb123

  • SHA1

    d8111c191a2280191b91c497c452465d3db5259d

  • SHA256

    51148f9eda7bf059b3b63b21a2e60b7dbe818000557213a2547f86df66f3fa23

  • SHA512

    56d5a3fb9bafd0d2f1ce5201d84529cb9e09acfad6f67e8e6954ce493296c071e6bdfb3cfec5e579e656f44be26a957cecc02cd482bba5290375b56b72470652

  • SSDEEP

    3072:iW1JQR28N+yfkMY+BES09JXAnyrZalI+YQ:iQJQR28NbsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0fb99df2eb37c944e7ef289f9dccb123_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2940
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1620
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2352
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:406542 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2368

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b8841bd04f4be89a4a2cc700beecbc7c

            SHA1

            6e4f403381a1c27d44177596258e98b13079c405

            SHA256

            3c716b44ce7909722a52aaab0657bc35d4934f87f4b79261a383edf0f527dc17

            SHA512

            492ccfb77eb024d8ea7dd5c3b80d12d8dbf9b9a0535ed3b8dbfdb01853f0efc8eac7b69ada21f3ec3454c4ddc44dd745655d33ca93caad90a040d42eefbe527b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            89237d7bcffa5bedd169b1c6054ce46e

            SHA1

            122391ab7685d0eb3e1fbaffb0aa3c822ff4e107

            SHA256

            5acfca115abff4647c3a3d7258dcb0d1e482a6056891cda3989de85c3f351df5

            SHA512

            a6a7ee84a6b95416313430bd599e7c4936622a0267c77349c0a0f64511424a340f6353471841027034836db0d16087ccc3c0b12914bbadda969781b56be5d658

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            995c440e8849099b553f76672eee8717

            SHA1

            51a793585d667ae107492f0f45a04bbd0911e2b8

            SHA256

            874b09ed85af186d55de4f3356d654d86b8d8e6feb85f1f63ebaeb9faeabbb66

            SHA512

            3f3364600d5241dd8b8dd85c4ffa7aff13c54ec4b6258b0224a987e1cb83d24d375299b41f34256657a02e37cf4f44c4e0542d46419ec7e5e2c7e7c421fc69b2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c41c90040d9bd8fdf493101b52f8fce2

            SHA1

            ca171b38e7d3ba535871debbb6902ddfdcd3f0c8

            SHA256

            d18df3df62995883f07bd5cd358b3fa3b7f3a13ca3e6ec0437349af9a72e1ab9

            SHA512

            f664f51b0474ea0be446befcdc77c48609e2a660176b6947911428e2f7263af5df1651e92bfce8f183b3a79ab96adb3a0f8087c18e0b2eef8da4136a965102e8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4e806840bbb39470d2f8055c3c36be78

            SHA1

            56e9614c6b1e225f060a5df6787448536ce9df6a

            SHA256

            faca5ee1c3eadac97bdd6e98dd6998928ca025e3001af9977d8471658d4f0d37

            SHA512

            0e14d39c4f7ada17a06e7085728a01a62aa944183169368eb956305378a7ab09ba9b08908d0f44c7c01ef1845f4033f415b5e39c4e7c5e7552feb26ba48ba2ff

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0207295f4611ded429db1836abfd5835

            SHA1

            d3841d0927b17a68bff90be4a4c38f72fab2e073

            SHA256

            6aa60281662791c8abb3b1ad657a3cbf60cc124db2fab57374f7d1ca3cc15999

            SHA512

            8ae473c774b088ee44958629bc0661905288289aef5911726bf4e83853ff2a8993a80b68fb14a943fcee3d85ada9a193aa766e9071d3f27038650a9ddff10342

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            523dadbba0e40c8a9f755496816ac3c1

            SHA1

            7dd53d06f634e613d0ec57e68718cad1518d7576

            SHA256

            d031d12d834a57efbdddeadd20c4ada80172117e1c38ddcb9117c9769a3a7373

            SHA512

            fd204e31ab6cedf68e9140cb94f618730c877c0ab27adfb05e2a1c6123db0c8a4965a43de7d7c321d0efe8121ca7a26bdd29412902dd6270f2c146a1edc31fdf

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bb81b5c4f75bb0caae16b6d6623ee61d

            SHA1

            e7524f36f05a36041c42b85f6d728df78ff03ac0

            SHA256

            70a77ba1333c68016dc58675d086e65dfc44582e1e8ee1a706834724c21aa5eb

            SHA512

            d80a54a21c183b03fb8c9b0417c8a58f30d17727e18a405e02f64fd43ed398376df4ddbbcaaac7c247392da01b97ed0098c6bf4dc273685771ebd3b7695e0c26

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c0f8c9fb399f294165152de4597f87ff

            SHA1

            017840554ae5e0dea52e1c8541ea8b669dc8ac37

            SHA256

            e1fe76d7ad2806ffb629f44eb357b128787fdcb0fc86c178233117ed7263d76a

            SHA512

            263fdc713e89f920e2cd35ce53a90d573663b554dab5a5bb85fd568dae405f1e4ca69b24e9b16166c104464ed964dc2f8f0e533a2a695f289e210f9c91ace449

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ab16d25ae28d70c0714cc57f788c00cd

            SHA1

            6c96a51e495f8fbf9b8b63cd5b95e2d53865300e

            SHA256

            278d4263e199573bf81f583d17d2aa523914ced32e0ccf803676e4e891e2bca1

            SHA512

            20cf3ec5c39898f34544cda70f911faf468f7e1b3e87bcb752f1f1a841982628264ea82eee6a9be832008f4c5e96ab8e930256f78a714a055288e913a0e69613

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            823052379b34a8a18f31c3b9372af179

            SHA1

            c6eb175dcc3fc0fa23f58e8f2fe4ab10b68688ec

            SHA256

            f820224851e01d8dc0d8489343ff1110de6b8a64570990369a048274d7a30ec8

            SHA512

            e1967a50b496b193e2b33b197b1093f1b8080ec54b1cb91738fa4d70d9a39243e347908c0685a738c2e33f6317dde88c0824fb31e3e34e35d2b387438ed90e72

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bf781bb18e2f7a965e6fed9c9fffd122

            SHA1

            3bb1c0f55d3deaaff211c6bdb1c22cb8f19f2056

            SHA256

            dbff6a13cae60fbc2002e4702622183164b09e43ecfeab37174c8af186e14c29

            SHA512

            d67b6fccddc74cc6b9bd0aad7d92c0b37a3ebd38edc6f63a1503e3c3b3874f53182d7a209b34ae463e069a8d457ab60f0b4768cce2430fef0c192cdbeae2da47

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d4d140259ab8ec37f6421fc88286d7f2

            SHA1

            15c8eab3aad7447f5f880738de558a492ff1c3e8

            SHA256

            e47884a2c7bcdd63a77ce2b4b7d9688cc2c56e2ba4be3ef1ebbbf2dc6a836316

            SHA512

            8255b635fba660a283009510e0092f84d87ab13a10a1bad376869145869d3aa4d658fb7b4921ca79cf8d7067eaa4e560fd69c6827a839bfa748ee7554a409857

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d88a42a514ccc728ffc1d0fbb2bb3c99

            SHA1

            4d538dda925ad8afd21a5fa29a31529928dd7e7f

            SHA256

            4fc5d8d4abcc47142dfd888091a2f5b8444c1cd17fc8554bcdbfc75495986ad5

            SHA512

            3d2d4294a706fd25c49a40d1fd7bcb2cb72cfac4ba648026dca36e08c76e32d5fa4c3fb3f07c5b06925d61cbb14f7dbd28a61a2273bba375cf3fbf2fac422903

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8a2286fa2f318320d94e50db7f484655

            SHA1

            64b00ac6251761987797abe4fced3865461ffaed

            SHA256

            2d8960cd6189cd0cf77df9ba2b775dfaa73e99eb25856f1516ea600eb68c0280

            SHA512

            e7d73bafa8d9540e57db9ab3decb51c3d00e754f6b972ccbb56dd3802fd8b3cf392a42f1c0531f669abd3f7b2c7de082c69c7178d6d5b7522ae84030610fbd93

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d5afbb2c9e75ccaae323ba1b75d72863

            SHA1

            df806c142197896c5af219f0ad937322ac266e01

            SHA256

            8c079b227c3f076c0ec00a11c862d3d65808153e5b8cf7db67d2427fa39715c5

            SHA512

            7521962a78d35bb1f603b24d38f7e3ccc0db59972d9fdf06a9f13fd0cf55d78ca9312664f9064cc6357f733813e563fddf2f23682686682a4b9ea29de49fcf37

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            90d528567d582987e97b4c61e91f39e7

            SHA1

            8a1bae0d4d4d1026292a619e91716f992dca233e

            SHA256

            ae20765de1bf02047890b9a6bd07f2a2a1fc84aa0fc3540fc833d795fe5425e4

            SHA512

            744f3ebc8e9b5b1bfb4b1cb6a8a0e638415d9c6d165f11fdafc1a7973c4c3fee35d8b4637a12c493e585d8b8fbf8e02b7247cbff697dabb2f0434c04519311b3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2f178f075608ad85d8e60be45cabb9a7

            SHA1

            1fec91e9ee9c548e8579fab2ff9a9e602bb218b0

            SHA256

            2f47f5eea45d6daed541efabb71a64e7650266d778fccabf86cfebceb086c83d

            SHA512

            17a6954e4d8af1a8812db6dad3c2c3795d6c2beff2a763eec27f05c5aa1fdd537f1a92612e95c20a7fbfb8ea509d3459d5cd0c5621cfc490a6366ecd25ba637c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7041883861ae7220adca394be0ed7a4a

            SHA1

            c49e130576f5d68fce95afa8769da1faf084dfd0

            SHA256

            466edc73a1ec1076e6fe32525280609e7bb9f85188af28580ca415f5d8ad5e32

            SHA512

            93f721cce1118c209e80c5ed5fa6f8feca4d7bf565ecdd0c1030d236733fc75aabf2554b3c24d73f7a286f8ecd5d12bcb29dbb4fe857c66519f0fcc97392270e

          • C:\Users\Admin\AppData\Local\Temp\CabEA90.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarEAF0.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1620-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1620-446-0x00000000002C0000-0x00000000002C1000-memory.dmp

            Filesize

            4KB

          • memory/1620-449-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1620-447-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2940-435-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2940-436-0x0000000000240000-0x000000000024F000-memory.dmp

            Filesize

            60KB

          • memory/2940-440-0x0000000000250000-0x000000000027E000-memory.dmp

            Filesize

            184KB