Analysis

  • max time kernel
    129s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 00:31

General

  • Target

    15797cbb26dff8222eaf3450c87cad38_JaffaCakes118.html

  • Size

    156KB

  • MD5

    15797cbb26dff8222eaf3450c87cad38

  • SHA1

    0ba1837d3f892cc3eaf0bfdd76f73e2667766a42

  • SHA256

    95e783fc142b9dbd9de0c7780eadfbc4643e5bb086625813cdc72d3d0701f85f

  • SHA512

    4960976a67b15cc622156addfaee922c9ea0f2a3074bf8f57a892b1aa033b9767dfbf4ee06d1fa156b15404de006a8f73e8a3dc9c07bfb30b0f8246854ed9a07

  • SSDEEP

    1536:iuRTFrUoEQy72yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:ik/ny72yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\15797cbb26dff8222eaf3450c87cad38_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1572
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:556
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2332
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:603146 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:896

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2edce1874ad1203116c247b0cf74e9f2

            SHA1

            99fe50bb19e92d846e50477b5a879b3a943efaf2

            SHA256

            bc41da7b1ce68a080eeb645a3a828d5b33c60adcbda61725c99e19b736cf8b50

            SHA512

            14752de341ba8338d427064dcafdc550a9e2568e0dbea08b639660cc1636d6c78773ca5df97631fe7b994276e79969b2cdc65b3d2d0c2ae1dd9bfd3c13efbd43

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            119a568c956f9e1bd937675fd429a13b

            SHA1

            f93cd5a678e76abf6efa5ef5e553fc7ef04a9f29

            SHA256

            2f44f9ec4fba56e0257d6137f32a46d55b9988d0ef0eb3e3b622dcca376b2d92

            SHA512

            4afea5066edce43a385dfedf9ed6248ae37c86e44360bb6198c315d31706deb2a47879f21b61c1d33106d8eb7fec2803c81396834f9a18b8f14af3d8f6e49eea

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            dee02b45cdee2395bad78df1e3371415

            SHA1

            6f0cc5adf98d84c8fdcdb5aa5699b4135dfc0731

            SHA256

            f375b709019db37070fff0233f86c6aefb7fcb0a83c16bff332b880c5805eb8a

            SHA512

            c57f5000978567a943633f8e7bdab53380773b823f4777812c388ed7b633c3c2a5e814a6cbeb3cff5c17321b92e524446e0bdd7c345cf2d3ae4b1996025e6a2e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4f102b6a446b88d329b85517acacfd42

            SHA1

            68f96694eb655135258a2071392faea4962da47a

            SHA256

            76f7080c1b7aeecd8a9fb76328de4a73348593ff9e0c3556de13685db6d0e94e

            SHA512

            70d2b3b4b04c84ece29fadcfeb02e56854ec249f9af54e8e8204e5276cecdad96233666dbaa0c28710fd08f009e48c6992337a51518c8c30c327926c0d5fb449

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            523a53be1e4fca1f2c637b4808882df0

            SHA1

            e192c7970754dae9b124d3208c1d85298f010bdc

            SHA256

            40ab848c0f11203f88e7c784b126925f48b27a3c413e0ff414d2417c2012a520

            SHA512

            48520398c4bc3f7d3aa529651774a73e4da37c4ef475577601bc32188451ba0ada735a7b41601ad6f674e8a3ef58343619605d02583205e9b2e8ab2debb2f474

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            50b52417aee261e4803932a51f25f765

            SHA1

            7b2fb79c9f586b0dc4e0dea546128f1b76876b8f

            SHA256

            86381aa2f5b3cb6d3aff2c5ce44170822b294bd8236a5e23b7714e6e8e381792

            SHA512

            1a8d77a9b3b7bee0d39ee228a325e6eb7b28ea8fc384896c38b1db551d5293eeff5223fbc55dc20651aa68b3e253ab72018649dbdc3c769db3069d707fd2c682

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b30337ba7dbd4c46120d40efafa6670d

            SHA1

            6b70e28c5ac0f0486b52ac8cbf59c3cb8bdcef17

            SHA256

            075ff11eb048b9e79fbd83618487f12b09466b89157d23da0767c321af80c32c

            SHA512

            99161ab06796d2fb69439d3ff6d67f7ad015b82ffa349272e34079f404972ba4a293e45b20cff275dca1393891b9be7b4180cea2a5ab2deb518549540421ef96

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            500aed65f94bcd5de35a150b79b63815

            SHA1

            6db2bc9c0f1fe45297a1a2f487404e93473e33be

            SHA256

            1d08d8bd7897cff5344bfad109007e7342ed5051f82adbf44af770fba3b353d0

            SHA512

            2fb312082ada63fb970321763a088f269e0123c8b8642ca0a3812b0cfff628902106a6b7c8770ed13e189fada7320b62dbd5db0c02acae16ae9a42c439d148e7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            49c628b4bbf6de0b2baa7557c94c9f9e

            SHA1

            8aa0cc45b2c9dea3a6fbb02d2fbd0d6ef6bc3a1f

            SHA256

            b091a26c2194df0d333fb8982fb69b8d9740fab39dfbcfb2db6d9dceb2bf8273

            SHA512

            829f3e0c85f9885b6be1dfefc05c4466efbe84cf785fe7c149149e826cec61bdf46c7f2766b4d8ccc81cf612e693e2c25c7192b1ea7ab23762e7a48fe63fa485

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            3a096b7d39c6cc7dcd00067eadafd294

            SHA1

            db7a30eba03edf6914b1f9f8510cb75d2b656946

            SHA256

            d9531992438e2f0ff0d7ea4812401baaf93cb3a3bdbaaff2027e04c496bd3f99

            SHA512

            118ec99193da5138a08c8b4bb325428a85f7a48c5e8e5cc22bbdd6627385c594ac69eb366abc760499b1fae7a3325c0d087285c38a431ca37675614cf0d64265

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ce2b91098181f22adef15433bd983611

            SHA1

            1288c764116aa658933bb3293ce593691bd7d20e

            SHA256

            be9cd20cb670bb030e5d3d9303669f49fee06d5a474f47973748866fe019188d

            SHA512

            e2b3c9c50a26a71c5c467209f0bce67772bce4fe3da657b83257ad1b2e87d3a0ca44bb7ac9ec990b9d8745db2ae7d698aef639540d6ec6175adad34a9cf66079

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            cd670047c63a30d8f3e045c46a87f0ff

            SHA1

            b9b57cd584bc543f3e31e00cd159bdda0970dfc1

            SHA256

            8548c59f119b272527823f8a853b424deb20accd9e9d88edff8b442ea6192811

            SHA512

            86c9c99c507fae00a76843bc39e249e2033f2759629e6da6b2f85b113f5464b88398fe48967e438082577d59d64c1ea6ee99401dcea47062e63855e313cd1b38

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c65d50a9f1eafc4322457e5678e448cc

            SHA1

            ed459b5b79ef4018f3951ff43b3d5404574f6cfb

            SHA256

            6ef2367e3dedcd518134ea9df51b080492b9d9e38b5ca3284dbaec0043b6f3c0

            SHA512

            798ed9fe40f866fc3ccc1f86f7ce6d5e53ddcee7bd2dd66404ab4d5088ec680cdb9b4edc5fee1189b8b7894364922e3adfe52b3f5f8e6a75b742136fcf8ba167

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a2e7c4ae6ba1816d36989fee6ebfa8bd

            SHA1

            f450414726b4b1585d17cc6d8aeadcb9205a3889

            SHA256

            450d32181953367180f6ed9764c39ca5d9623e6db00e0cfbf87ac60eb752f061

            SHA512

            ba70e3ab8d4b10085207b69f32aa951631d2d29a0e329cd4bcfae15c33b0bcc8561af9f38a363a43e50fa31338f318200cc79e4a7a970d55a8f79c42d4c0300d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0c70b7969d693b0128cf8fe0a2bb00dc

            SHA1

            0abdf822d797b9419eb231a3d33fbd7c466093ee

            SHA256

            9ee893321a09a519973ed89961e9f319f72fa26d7e5e81eb9fa5d3a11c521826

            SHA512

            0f4096e8a833f951faefb6527039323538e69b41a82fd14b65dd434afeb1bbabf64d0244ebaff329f1102c19209f528cc9e5ae46c19e15d5884cf2f09dae6cc2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            89fa2f9dab7c544cb805f8424b021236

            SHA1

            fddcd3c5b6696a441756e391c2baf9a12c3eb010

            SHA256

            0b0952dd24beddf19b2bbc57df07138a01c23408ded11f8c80a1371ff2641220

            SHA512

            2d5f4f89c3bc048a2c409d012194a5ece84b2a19e9319850760b12398df4b8f1795d3fdf9a5939ab97db903cc91687a52a6aa2051cdd802fc0a3920390b6a382

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7dea3ddf12634ed3662387fef5971e2d

            SHA1

            0fae43e9a706487ba435d4ae2ae19e01173adfc3

            SHA256

            e2ef90e9e179a35a1b847ed927685ce447ca54eefa6b4d778e2f3619e7f09d96

            SHA512

            ecf854cd762cda0af9de0c2fb8a8df5df0ab2a1f9543a111bce16d147ba95f36898d2132721281ce99d24133e46bff38c0cb06fc359a1b5a0e326f97f572eee3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bdf55e13f7e793c737f6c60f7d706762

            SHA1

            656a286bbef801fdab8b93e663e534df651e939a

            SHA256

            03eeaaee66ee67fbc4bde508a2424ebebb81c2377310210535a1f9654a50a511

            SHA512

            31643a16d64ef00ea1b6f03a17f7b2765d680fbab562789a2b47c8073cb5eac6d892d310626b237c2321fee79be1415dd36e83dd67f3e4e8f215a8698e232598

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            76ad69c203b0395d2f98e397460a777c

            SHA1

            7e605d3d8fea64388233db0ddf824d175c122d5d

            SHA256

            39421450dbc10f5ec8bb3c591ce8a68244652fe663886f08efbed4f6cde8d220

            SHA512

            76ddec5c264ad3dfc4257287101e8e8757cc194893f3081680a20e8639a79704119498c48b6f4463b30662bb3d1d1184e1d73510bc4316561fcb3fe7f9709fc0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1cfeec24627d8c1be6e476f8fe5b8b79

            SHA1

            20683235be0660064b1224aa30c7a957515260a7

            SHA256

            21ba9b2170ab7e716091da8161e910f035a33fbb23282781ff60fa5916de6f66

            SHA512

            8dcc7d1931e169381228513757591fc55107f7af27d706fdd67b455ec5ac8203a8b4debef240dffcef765d70e3028c6c5cededc5bc338fdc1dd9cf55edb8f1bd

          • C:\Users\Admin\AppData\Local\Temp\Cab5E47.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\Tar5EA9.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/556-446-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/556-447-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/556-448-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/556-449-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/556-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1572-440-0x0000000000240000-0x000000000026E000-memory.dmp

            Filesize

            184KB

          • memory/1572-435-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1572-436-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB