Overview

overview

10

Static

static

3

1144f87bc6...18.dll

windows7-x64

10

1144f87bc6...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2024 01:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1144f87bc629d720930f5ce8331941cd_JaffaCakes118.dll

  • Size

    508KB

  • MD5

    1144f87bc629d720930f5ce8331941cd

  • SHA1

    0b3478027aa2652db82a7fbe2e14e93326692a90

  • SHA256

    56638d3bc8f0d607599f32184885d78770eb5c78f938d2481f0229825ade637e

  • SHA512

    5d78aa507c7b30e93aae58cc1ef6e72a38ce18e4a40137494975987c5c94ba0062685ea13440dac730a55509c909be539a612cb27934d9b70a910f8c8214ff7e

  • SSDEEP

    6144:hhwcskkkkknffCp5CrRKlua3Bo30fHosMW7yefxmzSdrFN1:LwqqPokgszxzX

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1144f87bc629d720930f5ce8331941cd_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1144f87bc629d720930f5ce8331941cd_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:536
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2064
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2812
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1804
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a93b06dd1f663ae02db41e9d516a2ef

    SHA1

    d1c767ba700c9f2a837e96fa858a3692cb710f97

    SHA256

    8e52581506bad66a9baccaf5290369f2a04f8827af95aa3f6257c1cf9642fc7c

    SHA512

    6314455b7ac015cf3183c5ad25bbb82157fe356e1f1148b93cd74eb27d45afcc050d042124f7d1d945f8d53b26226e7d0f3bb736c3826da47a20ba6f966aa711

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a82f09b04fbe3842a930aeafb674484c

    SHA1

    ff60a81f3937cd768140ea50f54d3d9ada67f1cc

    SHA256

    ee9531020556ece62d1e904b122e412a1a52381cc81b4856b2efa87e3f2cac05

    SHA512

    b50813f1969bf3bf06d89d602b87ea606e7fcf353be9821a172cd522c1e915fda4e31e3e5880891b110dc27fe0becfad2b4122c34a81da8c692c41c06327eadc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b7210db192f13235d5de385cc45679a

    SHA1

    6585a6ec903f568dedbaaaa898e5cba8d0141d6a

    SHA256

    8c62b7aa989021cf34dfcf628e4de2493ddd943e5815413b571fade4172d32dd

    SHA512

    de3a36870ca0ace0dc9dd22efef7912f39e251e7b8207f1dfc345ccb7015f775314b48c119b326432547c28bc3a3db1701b6388b3278b77e7a488c4ee235c69a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    695aa6536f101ba4eb6fc54b18bf1d8b

    SHA1

    a754d47dedbaba65a12917190311bd1f3bfd2d10

    SHA256

    579140cb61e94d050be5134b7d076a9d594a463d461e4671654077becce1dd69

    SHA512

    119300d0db297d37259b5ab8b60b4962ce3d513ef373e5f60aef8c4b9275c9b7ebce027662307e8898e9dd335fed6495dcc853ac45d89b0040b811988e28effd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4abcde46760000dba6a67d3aebcbf52f

    SHA1

    89f6cfc20bdcb3d0894361ab4ff6d8c09d95dd80

    SHA256

    75e8f67658488376c7f0cd260ebd4ed6a08f442f8db1671f77b90d5f342647a9

    SHA512

    43f7bea4a59082e8c33934d922007c022f37b87baf6879d8bfdbe0c5eb69ad91ef4352e1e10f8cde8b58d4869d05dae28e962df49246495882c36bd803179d3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bf065bf96987c19bad560a3df3d3e8c

    SHA1

    97cfab64466e39f26fbfa992b1bfd4f6360a5791

    SHA256

    e45db94968860c3ee6f0a3d6623b77d8ff557f394dca1540ef4d15e994d845b8

    SHA512

    87c470a7ef1789c055a03a9e1fe504772263e6c4724ed43918c72d80fc6bb4582c32d659f529e92dc1b45b774da70b3cc3b97a2d516007e525da4293fa288063

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55cd10569b5f709c40bf239cc26c9991

    SHA1

    c1931d0b8fae0ebde69ab4c84376bed9ec30181c

    SHA256

    805de1ba4279fc598f81e9cdfc45f44ca0b79718f28ee1f52f2f5404bbf810ea

    SHA512

    dd8c0c83ba825e9e5f27dc727e19cde5ba3cd6a2c80f76979924be8858bc395a78b99675b1b237d86966b047a0abb003eb62fb088b0721426131febbc67f2c3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ace7e132797c62aa6280cede9fa6d51

    SHA1

    d044ce9a8881209affd7b04a79f254f8a69d973d

    SHA256

    f5ddd43fbdddf2d688973387b10aee493081e50d4266743ea664e1bff0f29224

    SHA512

    765b23f8e0fe14e7d9bf2031317fa310fa35813ba0bba77814d805c49f1a73a31f8d1af0583ae1a12354122b207f0044f413c01580dac443350afb1d2bfd3336

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    718180ec9fe05d3662008bd88e42ee4f

    SHA1

    6c416f10de7a0404486af2831545fca515174ccd

    SHA256

    b39c6baf3acdc826a082668f8207040abd200e3ca909d92680c9a2d7cf4f6c3b

    SHA512

    11d986ba2943de06a150150bbee3bbff1fd33bbe7549873418d8712c2a98c3271a68393d9a2a64637db1da23d77a159701de7ddb732b6511232fe906a29ad24c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b38240a0a782175517954ab12e8af4d

    SHA1

    c5e43717f0444ab25631deb2b684dcfd1ed5ae00

    SHA256

    12aca675162c5482f3092d831dd6abd8281280c5299be5c137e8557d5de34703

    SHA512

    20fe55ef467abd4994d605113126f04e9bcebf9eea139046f94ebbecfcbe5c1166809e658cb58c7f943e1359a7e770d901bc30d7ec65bed28a8eb61b92657993

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21d13b4c94a92995c762e0b702e1e8b0

    SHA1

    6b928c678913dfe644792ffee5285e2254a5dad4

    SHA256

    b4de5418d5f0706a1742f6bbad2c7fcd8d695e0ee56b720f5b99797ac143129e

    SHA512

    8433c9033727f18c432d2e9a30bd5fe7cd2a0be7572a475dcfc4c4b3947f321c62c97989ff876e36275f80f6e7b941a023ce6d259ecf4db23a30c1a0b48a3bf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4edb5d6bbdc3601d09134627982a1c36

    SHA1

    5074aa865856db511054c136c669bb52895ad07e

    SHA256

    bf285deb4535e59f23fc840ebe3fda750072b116c89f5d62d5aa86ab55ff5c26

    SHA512

    c89fc7f7bd9ba8cebdea11d362eefa6c3afe397a4360c92fcf04831859995d3783af5e4c9c3d45a8ab333548b16724efc0a315396d5dc1491a0e26644fb54b42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c9f067dada5822bf72ec4d94d1984be

    SHA1

    c47a23146e601652f897ecbd1247898c090be000

    SHA256

    52d099c683e34c1fc687ac3d076d5a76d637d246b93b46963014d6fff73a9fe4

    SHA512

    5e3f710393fc57b29774fac0d7bc5d1076ce9338f615a2f6c827e4e4084dfb76ffa8d9f12dfe1954b1b6390e72727d85fd49bfa7111410d150fac94654012c3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2964a556c13714af74bd98f5ec766da6

    SHA1

    e9c04d943a5308035acfd71302c5779ac139d8d7

    SHA256

    0a7715b3db754f9fc69636df5a689b6cb41184b419de029b0c4d7fda28ba6439

    SHA512

    b671404aca6ade5952ae8aa974b33d65a58c8b1d0476b4ae08e9071ec329e50e287303e40ca82ae21646b2b1b70b17b6f2ff25412674668ce158d3f67a98ff55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    375bd9e6c5fb285c9e1c12e1f671e6a6

    SHA1

    003ff6440ee6aafdf251e58c3606d217a282df2c

    SHA256

    89666875402ebc659a9306774b47ce378fb59e139fe4eb49df09a8de22e82eab

    SHA512

    7bb1fb8f1b4e1979e2a097083afaed383c5890dbe149f0f265656a61c8ae0255c320fabba38367ac534ec16d57ed4bce5b86cafbc30f29f87df75b03a4ac7f68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b0b78ad0611b8c0607a80fa5a6cdf6f

    SHA1

    3b75c9893473c5d20b093b39a5c8785f71bb8094

    SHA256

    2ca98ff225d83a3e2fb1ddc00ed13d0af9acd61ea6e59c09b3a8e16173d81898

    SHA512

    c5bcb9a4b95f093cacfa1ebf386db22547f3905eac51918f4556e99e84956c5d9990441c4871c9b6b4e9c4e3bca7e3cbbab31ec27be0e22f142584b5be99c5f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61f44cb33df52338c85fefe30cfc9b90

    SHA1

    806213a734dcbca74c9694461291a5abc2315ddc

    SHA256

    aeba57979261270e82a07b9af0bd78af176240d90b9148f9d8363538b493f957

    SHA512

    869fc4226b62eb64fb8cc936855748c7eaea3dc2f02b0d2a8eef4510b3647b01673114bd3122a5cd1d693ca606228f02c1b1f39a29a74da0edbbd06e93591c81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41bc8fc3dd1120fc824c0d7a0e5e525c

    SHA1

    cce1bbadc7c232c3a4324d1848f1b99f0ed750da

    SHA256

    eeb18742e2df3e607f11299c91034d0a88470a724fe4d9387c516dd35b1d1dac

    SHA512

    f5d78d61a600165d55ecc31570408861b0be2771d4f54215d13d0eb920ed7307d9ea99abfb0bf0f7b31985aed200627cb5185e522fd8379176ca512253fd8ad9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    290e954f5317e6e6b93f518a20a52c39

    SHA1

    fd39463916ea69d616ad28e6b60b5038ff50dc0a

    SHA256

    2790e2818fd25435d26994e52629a806be9120e5b33d0b05f1bde444a998fcc5

    SHA512

    9295272fc073e5433fc6191866424363847c3fa96082083953764b8744a7ab7e203e96b167285aa2d99102bbfcdbbfc09d7cf9f7ad86301dec3db7e833269949

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3505523665ad64f44978ddd7d98d3f4c

    SHA1

    f5394209777e942205329a99fe31f4af4442168f

    SHA256

    decbe941e36660d7e33a87d54325b29e01ff605a906b5f205da137018efca902

    SHA512

    f5e03f9c9c74cba6ec90d0f79ab59468b8caf39d9b0bc78a124bb26846c9d3cacb3e55c784881936e6f4ce070221bf06d4314549fac1a34bd16a0b7efe17e959

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E384F0D1-81EF-11EF-8D6F-62CAC36041A9}.dat
    Filesize

    5KB

    MD5

    040fa37332131859d8a35fa913643c9d

    SHA1

    f0f56aae5836ecd9d1ea7b11f555cc13f5801b36

    SHA256

    8681062d0e22fe7f4188964b54442d4d50675b7af99c72b6cae868829d7cc63e

    SHA512

    7ee7d933ff4382882b583dab2429343a2592c3eb438b97afb9d15f75ceaf3312d70243b6f1b2e2ae2206f6e3ab6d5416095d46781fabcd087fc9d8726e9b16bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E3875231-81EF-11EF-8D6F-62CAC36041A9}.dat
    Filesize

    4KB

    MD5

    0962d578db0afbec9cae08759a589c2b

    SHA1

    1d6b225e39aad238272f53502d758533a8077a9a

    SHA256

    e14772227b2cf7f832f75d74b375114fb2eb8ee2ef474e62bd57296a11daa3b5

    SHA512

    487375b395526f9132f61304f2533e7f3b4feb9751899523409f5ab58611757fd02e55c03fd890ee82f2557ce4d0310698a834a531a7828df95a6c6ee38fa532

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB49.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBAA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit

  • memory/536-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/536-14-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/536-15-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/536-16-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/536-13-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/536-10-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/536-19-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/536-12-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2340-448-0x0000000000140000-0x0000000000142000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2340-1-0x0000000010000000-0x0000000010080000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2340-8-0x0000000000140000-0x00000000001B0000-memory.dmp

    Filesize

    448KB

    Download