Analysis

  • max time kernel
    129s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 01:15

General

  • Target

    159a68b85570919d7ca3c98de8f7987b_JaffaCakes118.html

  • Size

    156KB

  • MD5

    159a68b85570919d7ca3c98de8f7987b

  • SHA1

    b6e5f6a1a7d0186a6e700a9180a5b4383f8c1273

  • SHA256

    457d1bdbe3782b7a3ab0941d14403ac6aa846e3c2614ee021fdb868fa903fdef

  • SHA512

    0175149f49e959d1e86c323969507a67dbb74d2af09d969717d9a6f152b8f564549e0ec7cde3228459c89774a747003701227546146058d0d21cc09170f2aaa5

  • SSDEEP

    1536:iwRTpfqdL3yKqsH0yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:ia3Kd0yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\159a68b85570919d7ca3c98de8f7987b_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1044
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1856
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:556
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:472074 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:892

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            31ec2dc805538a82b9f8cfb150b59889

            SHA1

            72ae0f9abbb83d47aee9746c09af084ce223f44d

            SHA256

            f3321c82df98f1856661f0b186c33f48e8c0ea16d7a31ebe222d6d95ced0486f

            SHA512

            5a27e672eaa6077a4cb7180d7fe16ee8214659eaf26c0dbac9052b381b270f5ece71e9f8d9173f717a939b1888112b050f19f22582d2aca8765035456d222a1b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b3c434172f42a1a0d00152c00c679e87

            SHA1

            b7a3864c4be1ba1d22e6ab242cfbe292a7f12474

            SHA256

            f1d95e251c9a9290bde91b1e98cefd9328548b661c5b4f3fcf587f195e16951f

            SHA512

            540ef1ce364455f4b49c81fab5a46609733077f620a7aafd5ebeeb4f4c176255701ec3706d924db332bcd9c3dc8c5fc6eda78f6fd3ce7c4fa28601ed30045ab9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8eab5d4b6aec23aa2784a1422688ada5

            SHA1

            b3147be24aa44195ad6c0178cbb22ad5d4e40f15

            SHA256

            d9449763627dc0bce90087431bdf420e0cd9c41ea40f3e209bb081556c4f98f0

            SHA512

            d999e8fed30335b1da6792a9c1a22f11e508630c8a8add509950cc02179fef523dba68aeae0c82c3ae0dead303dbc1ab756c931c4978e9ec9180d04fc8a5f874

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b1b65b5c91959061738968de870791f4

            SHA1

            6742e8e4abdd85bf174965fea0e516e9afabc17b

            SHA256

            4b9c8b6690aa8edcbdb47a19c5197e530a7f1f70bc4beeac590d5c78e361ac18

            SHA512

            c2fcd408f1d8a26f7b9d9ccbec0a7331eb74f58e566bde40969a617b323d66d7ad2d01fd7d2468840d5f539589a053863ee5a048666618632ee03df5f222d2b5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a5fcef42b393cac59f65a59e376a5653

            SHA1

            4e2f2349c7e0d5cd201f5ef6a1574bfdb78fdcef

            SHA256

            a1fdc70e79ef2ac30170f738dd4a36f2d5b49d680a26a65e2c4eb117b3625a5f

            SHA512

            1b1fba7f42755d64418d6e1b3a1868e8bd8968917b4bb90bcced20ee198a4bcff7541ef4e6d3c93aca2cac0ee271c75fe875419bf5610bfc9b5021ed43f85969

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            502274e2041f22b258ea069753cddb8b

            SHA1

            fd508cf97a629bd1951dba082eb321b0cf928c45

            SHA256

            97397718925d518f1994f74182dc505477e8fd3aef1229d4bed5a7534c370b51

            SHA512

            db920f143a0cbdf0bcfa659298a403ff7d146d9b2825e223e1b3734ab4a3078115b5a0e66b3deb66b8e656c5e48d168c8176c67841dd1fcfed2d894119af6715

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ae62bde677a54c2a080299ab2e7acfbf

            SHA1

            b4844b42110ab9023f449994a6b89dcfc7fa9ca4

            SHA256

            9a77052a062f02cda465b56f00b86ddc87af5a60d38c166fe92d256c63d14054

            SHA512

            6e4f79c7a491347519eed07f9cad5afd7c4c569991bf9d641ca716ab9561bd71cf6a8632887e628f57a78b09eef9257e97325f33ee19dd66ae27bf9222d27d95

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5d0d9ee5bef4e3bde52db7cd069262f1

            SHA1

            7a402a29579f2dea24107a0e9a3c21ed06357044

            SHA256

            b46af73f8c87fe6a17e68e9426ee674d984204a9838e014ee85feb58d24b396f

            SHA512

            47524764e0aebb29032b4208dc2bb5b939b35ccc20ecc85c0daa22419edb289c85dc1aa520906877fa90e6ad492c6de66951a1bb4e335cbaf34f5d0636b650d4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9711b9697dd835e23ebd45fe5a214a07

            SHA1

            7498769199abb7e8e5f19a8379caefe4802a1557

            SHA256

            a72c30660dc2cc1ab119d124669bdafda4e60452bc5acd51073772508b823506

            SHA512

            b47c9529979d46e559c596dc6a55cdeba53f47f4d044232dbef112ad0b98c6f79e4ac80908f21d10d5a207ccf63fcdd15ddb3e0fab8343011c572c5a67eee009

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            43bf5a09ca9eda56359092dc9f1d5623

            SHA1

            8a35be3e98044459e44eb4a516f3cff28d61b7f3

            SHA256

            7378664ee70ab44d8cafc8b67fb3055b610d139617e03464478f0a0aeda77387

            SHA512

            837a4a0562eea60fb286b97475cf240cbf7a79ef8c5c1ca26e0cd710571c08f9f3c2d539f48d34c5045202cba77d7568ef4ba9820ce56beea27ff7753645ada5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2ca39273b3609915dd2403cd70629960

            SHA1

            22e4844d9a5c7d3c53ec62af0ff1b01c5fec6d25

            SHA256

            bddac2f3a4462ea363ce21b38312d9a38672c1d0ea5a94e41e9116c6ed836fcb

            SHA512

            a2cc2d4f90b5d471c50d15b9276733b8ef9d34f6bfaee74a23feb6ac288e3e8e69531636a8b5ca547d8dfb15956998b8f7043478e9a9c6b54a16fd944cb5ada0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            40a63437d866e2f7556b8af3731ae8de

            SHA1

            c2e8f8a2231a9f9fcec031fbc4f22a6e5fb498a3

            SHA256

            f3400a4ded603e2725e854f2fd464a218c8d911d76ce4f4b008b45199c03d84a

            SHA512

            d9ecaf1e852b53d941aa32170cf95c8f1f325e24e5aeab0f6af6ab9b39c538a87dc42dc93747e7826fc574543f2c41131b55c5bf2b74054b8599e0bd402f97e3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            33a4db3d747599aa4ce569603ad8ff62

            SHA1

            37be8c1a91448b5aaf6cfffcc6ed6a5a8dcdbf5f

            SHA256

            312b2a0befe16bfe4140f2bc66c3ad1192a5d867f9c3caf8961cebca5fc081cd

            SHA512

            c588cb0aab4644afef5efeaaa7d8ab6a299c4ff21d44c1e03bc2f21c53a344f9914eb186709195aa59cb2a010cb33690980f39000112915633b7d05ad827c183

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9811c1720381454366887a19742c6299

            SHA1

            dfc6d98800abc79b6830ecfef38654e388c5cd03

            SHA256

            d30bd6dca805c7526cca3ba4cd9efaf3eb1ef6b79581b53dd4fa7dca1c953217

            SHA512

            a7ea1168dff970efa291b0ed85a5a76d4767a0f7afc58bf34fbde6b9336734a74898f33ee61623d7b483a5ccf5af774d269f56fe36dadd47718bbd450f2b64b2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4a468e0cf27827423f49429d3e63953a

            SHA1

            2ad89eed17e9b360ea78562f936d24d90eeba052

            SHA256

            86a68f94f9f405e0b45a7784305e37cd194d4964b804c07c24d3ff849eadb421

            SHA512

            5cc1b958911c6d7a9e7747aa2369a1263d9a6a485f683c20c50f93cf40c316c8b1b7642c4efa2cce801c34f6acea9ae0ea60a378eb5085fa4555c79b800578ac

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d5775a5f11214d0acfef4e0a177a81c8

            SHA1

            fc32fce47bda05d942d3fd09ad434269f381f9d4

            SHA256

            fcc38765a9af0d5d28c49d69200019c63c6cc6fb3e8b0e616db5866fc5c33825

            SHA512

            2f16bdb181856d7228d10927afb99807eac96c824ab09f0e3c9ec8b5b512ae1994b38f417d189c63fa478a8b8c9de112d13f9158a8a0a48ab2f4bfe94089b7bb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0d1c84dfd4472009f3fe816adbf3604e

            SHA1

            886680a2b160c8731bceb537de15b1d964a30971

            SHA256

            6e77a18989ec6016b8a7da5cdc447e65c99f9e847a3be434a6d542cd07eddf75

            SHA512

            dc6abb7b01ed302377e28719a579ac319067aa2b31e55efa7cad014dc4b006b074f467a2e7c4b37587d450d1acda5b7d0975a57da6be662d4a0dbaf34094f0f9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            811bb2be5184d4c396d8e6c1502a807e

            SHA1

            e870b78c4554e53a68d84008bda9e42103c0361e

            SHA256

            21ae918b1e79173f09b82483fa53a5009b4af480f74a55f644e5c898bdf7446d

            SHA512

            e2ecc0b98b8b23355c2e2b20a13499579ca1721095510741906928776debff6a3a82c656b6f1a665db46c394963892827e085c06cd9afbc79ba17669023751d3

          • C:\Users\Admin\AppData\Local\Temp\CabB7EB.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarB84C.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1044-435-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/1044-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1044-441-0x0000000000270000-0x000000000029E000-memory.dmp

            Filesize

            184KB

          • memory/1044-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1044-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1856-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1856-449-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/1856-450-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1856-447-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB