Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 00:53

General

  • Target

    15899ea22090e3fbe9770fe38bbb60ad_JaffaCakes118.html

  • Size

    158KB

  • MD5

    15899ea22090e3fbe9770fe38bbb60ad

  • SHA1

    58ac1270cd07b5a5485787fd97045c6e9a442bf4

  • SHA256

    93dce6fc9289530746d173946b84c719fcd023d7ca4876e4e6e863919903a971

  • SHA512

    c0d13d0375f02157cc8269123ac509e0b66d8b34df20864e1154bf43daead8e0f405ebf57585c033137124d5b5c326c10ab5aba21f1c9daf6168e594ce490d9e

  • SSDEEP

    1536:i0bhRTqa2xYxG35pVfhRWqyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09M:iQqJXWqyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\15899ea22090e3fbe9770fe38bbb60ad_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1456 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1964
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1620
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2120
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1456 CREDAT:275467 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2096

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            3ed56963cc7eb7aefe525a110dcec584

            SHA1

            9356d57f1bb85a86762ce3a2699d32b2b90cd3a4

            SHA256

            495163c420d25ff03b0f5fd9d1adfec93694b071da92d0ed6765b93bc32ec811

            SHA512

            5b1c2a7425bf70d3b8f485e03cf2988690a755466ead4e61c87207963c808894ecc13ee6eec98a713369bc10c6c8feb6aad276e21b34c239097231653f35b1fc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            564689987a5b218b5b3a2be5c8e6a0e1

            SHA1

            1ccde9cdc42e553de9e9c6b1a0e8d3e4b51a1346

            SHA256

            fab400b097117959e3db81a4db62eb98e191042740b7365ffb24c469b92e8af2

            SHA512

            07eae66d851ab6cb2217640cb14dbeaa4460c2f2e14e6b8afe3a49634389480bbe79266705c99b40f5e111a29919f7bdbe9b831cdb359c40319d532b42bd1730

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f177de9c768da811d16e6d1df558fc48

            SHA1

            bc0f45afbab13aceb95e7fa26664cfc284e396a0

            SHA256

            9ffc3059eaf6457f610215cea9b83e7245d034fd7bf764668d1ecfb415c2f6ff

            SHA512

            9f433cef7db08bb939b9e0590ccc251ac5e66ba90082c83dcfed327d65973d2404eaa0ce81b2de81e6655003e8e3ffa3bac909dee1c6aa775bef796c933a70f4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c05d9c135adb6feb35b1b19e7ef8a05d

            SHA1

            2ff464e164ec34485dd3be5b45fac63ef8619153

            SHA256

            cf9a78040c36fa1e1333aa9d399d9fd657b798d8bb094ea3c2605bf2c83bdf24

            SHA512

            dbf88a45ea9328ee41f3bb2b0a9a910825193dfe5b7c0b639bc75b494ed63088a05e525a7b7b65707425a502e352f82fb52982513cf029f642a093489d18bbf7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f745e00db09cc1884c059415157e79c5

            SHA1

            b7162d8283aeaf57811e702f1b97f663fb18eb73

            SHA256

            247a2322fe6c45fc42f04d1c12337756cfb8aec5039c4f5282d23670fbcded6f

            SHA512

            073b1fb74b4922fd314a7673fabec46c3a242a56e7fd9600a76c2b225c1f349d6b22735db43be0b8cdd659a434ad66b0640eab0e4dec5ba2d35b447b869bac20

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9c4f0b039cdbac78467f54b8bf9bb78c

            SHA1

            159757955af43d95661d13f93ceda59263b68b7b

            SHA256

            fe6badf2147980b03f4702e6c2d462e65d4f644e891f43e0b935659b825ab9f0

            SHA512

            e96c6c1e1e135d4dd8d6deb3f2b08d0e65189f70b656a69afaf60d79bb77e461618ba94f241045a5df28540805a3ff062fa60ecec3faabe8d0c909fdf9076faa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2cbc7eef08800a8f22629b00eda2d258

            SHA1

            6b2b33ef948a1a897ee33ebe538824fa93991763

            SHA256

            be027bb9bb1e538381965497c9446128db3a07e9ad99026a327c930b448238d5

            SHA512

            ed514d3bca191082043df5bd7471b99ddb72c9b94d7ba50e145dd063d25e1572f1712d3e192c1532280e9c322dbb4e24f4c2eeace4ab83ff7e9a2ad6cb51fc03

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            971a2afc255edd58826d9d2be733f396

            SHA1

            d5bd677fd6e8017d53e7431032f52e55c26b3e46

            SHA256

            b6f1c875d47ff23155900f4ea0ee8e2bb22c21ee237fff49b8d669b961e85224

            SHA512

            b12f41865c0daa597c0a357b7f6deec838b4e22b88f0743fbb789365d843fa1a31b8de2eb5613ba7bdc45ffa19456c8d3075e47ce66372185dd4b909f8ecf063

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d55616b8b0253d45aa851d4d86e5429f

            SHA1

            1c4b297da149179b0d4a7cb4250a5562b5309779

            SHA256

            843c04997046c1d719472a864f25b117b88268a072bc7bb4221e007cba9fdd64

            SHA512

            5cc285cec7abe642ec8d7b34f3a3eb4c49342d99cf76f174c388ed96aa1d2ed358b66a3a1bfa80dc15005daa34ac2c13d8d6fa9a0e661082a99284730af4d8ac

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b26278cb9f0cd7b82590d09172efeb0f

            SHA1

            bd948cf8dd5cdf45c9cd7a9584fe031586c4ce6a

            SHA256

            354e94fe00947c83a1792b07e88fc7efbc8817ac066486f3d2a205ebc82bf335

            SHA512

            30b9f555e434ea76c921ec658c2cb636621fcab505c36558ebabe568fad5617f30faa3befc18a751f8c12192c7a7bd6b8b82660b686a921a30b2a235c4eb3647

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d5144f975b6afeb0423c5b895bb254af

            SHA1

            002ad93da0748d8da2e0a70f7e4701a644ae4617

            SHA256

            ea6aeb37c22a546b120f9ede40e31406e6239749e637a11815778f82d050a1ef

            SHA512

            64319a9e55a6ed72e0c13cc505810e693aecab88c93ca9559beaf041994b6c9141c53f5535b26ab25fb34ee552f5953ca1369db54b09060f58864dfe332aefe6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            895f44edb10d4419d8491e5d18cd9606

            SHA1

            3d656322d3232b0f0ecdc45c9e295d83dacbc3c8

            SHA256

            fb5f3d75c7e960428afbdd3bd74725620885693356a7463b4397545fde6b8afc

            SHA512

            f73af85b4a626e283867a804cf7ab81d51705b49ac89f9b3a3f437edf3748aefee3eba4750a4c4eac5b0fbe98f5aee55c46d8d09f0cae9ed9356169c79db9ce3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            eb58042e6ad8ade8ac996d6bdeb064f8

            SHA1

            f34229598c26312bb241c6b77365998ade2f40fb

            SHA256

            f2444df95f02f2e966d8d21f3f51f8a6ae1b8eada01c3079e15243e53c423387

            SHA512

            f6474c5f1b7a5c151682a8fb53d7108cfd63815eadc8c44fe820f34e81d109f79f6002b137abaa6d03eb1780786a4435b6d4626c92c43374b1a30bf7c55b642a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ad04244ecaff7bd4db20dac10c3225a6

            SHA1

            997bf544921377dbc28a641f40faf4457806177f

            SHA256

            656e9b171b077473d81d68ede63c5e14c53be49dd5428b963712242e07b09b4a

            SHA512

            7f218c3a17cb13899bc7870e93d0e8a2e58a4e41b315b6b5170f28d273a057e786d07404ce17d6f81c3e92491584a2a4e8f5117da036a9f460405ad3e54f327e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            95c0a5580cee84265c3de51d4c3c1172

            SHA1

            61a5586d5f3338584aae22c6f556dd76a93ca780

            SHA256

            8ae85a0b862eaeda10ec334295797e45e750834945cdc3592055a226821dd338

            SHA512

            add1740b514d12fcee14c3bfbad9edf779e429a26526e600a6974abd1259ff9b7e6f09793ba953be1f2c5ace0ce2b5fd586d7fefa3a274e4c6485b034e80dff5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d9d3d483955f64d39ed9f0cb90c7e4cf

            SHA1

            753ad9ed34b40ac0380b44988cb3536460a92dab

            SHA256

            3fa3fd28b6867097afb688eef1d9491a3ac7c5b5b37da69a2d8b733f6eea776b

            SHA512

            b09e091132864b1980ef865889853ee5ab89c0dfc656e62788db07b185e8116fe4d39247c29e8d2df916227085697f6a21b7d6bb4e2bce98397b91fab8e73ec6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ea9c30db9e992d549d9771bfab42ce3c

            SHA1

            7500a5824a84ad7cc28bca24b0950657f39ef504

            SHA256

            0d62a22daaa190beefc3f9395429bc94406809d9055c480206af6d05f206a874

            SHA512

            91c8beacb95973d175f2d16be04d60a42e99039029927973331b9cb911bd9660ec2abe893d114c422c416773e1d530f7aa7d9433c7259333c66b71be150ff17e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5f9fb1c662ec166681bf29973a4e54a7

            SHA1

            a924e4105c5502edb60faf1d19d9097ab5692b95

            SHA256

            376a463391c3de1dc2bf134a22ac071c93ae3f4d38ace556b80853da2a07c74c

            SHA512

            991de4245d6facf2d0002b02b6f391194f8a8cb1c5c806594d521f9efbe881bbfb620f21dbb25b5eabd1726107ee21a6e2bee7d799b4456316297ca6a0c18e3b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            281de7b7a4b5a8ea918e85425c526995

            SHA1

            47e4ab24c79371ee211a20459eb784ba21404b79

            SHA256

            80d1814b1218c9909e3f617a5b899ebde6663be8a2dc413fa0ca192f1034e119

            SHA512

            68a3e310744f18e8f4a2fdd3970d68c1fc50d95121ad00818bcb918d10f883cd0d9696547758acb4963ad810a2b9fe56395c7d9fd19c6a5acd50f1a33cfca8a8

          • C:\Users\Admin\AppData\Local\Temp\Cab3536.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\Tar3587.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1620-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1620-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1620-446-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1620-447-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/1964-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1964-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1964-436-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB