Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 04:30

General

  • Target

    162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe

  • Size

    160KB

  • MD5

    162a018fb1079e2c8ecaa0ee3766c879

  • SHA1

    197bef6639522697aca85c627c3edcbb0bfe49a0

  • SHA256

    c84b8140e58cb9a18e18756bf5f08b1d7be318d2abb9db005ede3aca89b913fb

  • SHA512

    8763ffaa771e63282df042a0f34c3254f241be45f225717b9a555073c556ae588a5442e5f08876cf5420e523e8aa7bf56a0dbb3062b9e6a2e922e52de31d6ef4

  • SSDEEP

    1536:+aMmKEB9SeVOkNV9qpAUY539HpWwmgNkww5lx5IvLvEWgDAgvWSrInFGe7Mym8Ld:Q29xzP53PWwnzelxLA8rzYm8kqC

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2096
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2900
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2132
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2204

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ad84da43ca1d5b49409068ed151dccc6

          SHA1

          61b30b96775031a3acdc1704c797e7001262960e

          SHA256

          d952e2fc3bb3bb7551da3a4c417d4e3aa48c0b583c56881c76fb3a0371ce9929

          SHA512

          30181ce52f727ec3e6e9e80b824d8f80dd6b7ddab41e795b7cb0e0fae3ad69c5f6f807775eb6c4ce1a14a152d1213c66ef507d230512f1fff97aa576b1d2fc85

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5ff17a6f3b19b1ba0dd3663324188bb5

          SHA1

          3bf24fa89c89a21808b36c9111836df710507ce9

          SHA256

          2fd038fa8f4ac86bb37337fb02e7cd53d2e7b34d2265150e5794b9fd755d9253

          SHA512

          7a3417ed5ede8097af71d16eb19e0a6a64fb9e79361784577ada8e6045a3f82d5a30424f732436865c47509985571cde4967342b77a437494c7f44e0e35405d3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          853dff1ee0720451ed5b48d211df5016

          SHA1

          6ca403e1c672a42d21795f9cb3459282b4a82221

          SHA256

          b3fcd96c382b356738dd4e1c1d8a5ffe487acc45ac97747f977ac3c08b124d1d

          SHA512

          521ad744b2794f02424f97aecb553be9b704cd08e2ebc7703275a3b22be3ecdbb4a460ddeabe67f9538820e95d2118810568182127cd640da0aa0bc9e6449b8d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          bf3120e8ef573aadedda8a0dce8b5397

          SHA1

          9645975dfcdad65c841b03a119c285993ecf477e

          SHA256

          5bf6dda2d2bb0023e679214577b480a378aff5004b2fa1b395499a412c1fbdc1

          SHA512

          7d6d42260808437ff6625ab79da87aee50f21d2a66d0e6c7a5891fd2493f9de3f68368247b95fdd5baf41b1e2cb9fdde80b3561a7ecc2a25c81c6d580fffeae7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7fd5a65f74bbc1b4e05a23cd8b7fcf9b

          SHA1

          57e46de1aa20f75808a354c61439786fe99a44a2

          SHA256

          96af861b862e6937cfe1a37b63b7e593fd74142f6c0d3baee37ff6c6b513661e

          SHA512

          e21b56060b5692bad7d2497f5674863f2f3583ddf156bd04b56e32f76e5ce19dd2e00be2420f8edc26193f0cd9b8b95611dfc0bd3ba741986afa5fb55cef2a0f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          39c808e32bf0dfe722829571261496cb

          SHA1

          1511f554d16bf0410bc4a073cc821dcc6f398bf5

          SHA256

          9fcc7acb50ebdf26bf809bb75fc6dc88e060d4965af3285fe97c6abbfb87011d

          SHA512

          34b2260cb600ac355e19ee2b122b245b1fa0b0f157d3c8f45b9370caba43c7591e4174f9554aaeba81982646b1817125119360d1f5b8ab7b2b53f9cded49449a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dbc8bcf6be9dcda353eb45ed15928ad2

          SHA1

          9ae8236c2e474366c8d3234f94bdce2c23db9178

          SHA256

          f89c5622817250d9da09f9683ebe2cb0a979a11b8634a8f77318ff31337eff84

          SHA512

          22073a51d13815fed9c23770bfd714fde4ff7094a711be944298f739980a012c575b076d1aab3c73690f7d8e45478e6fd12f41e000f7e5d3f173f7f441002e0f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2fc95a114bb75966ae477fb31badea00

          SHA1

          cb1470d7a8d2995627b1759d4174a23ba5b293ec

          SHA256

          7ac7c2502511abfa8bdf61a9688b281b594e6f3e28610de43ee4f90b19d6b693

          SHA512

          0e167f1464d1ca262c642fe253a5b1dc5f7b96c7c229c0a72e2e24a91d2fc137fffd2d99a92e4fd85c610aac6931bd5fc62eb2d014f7e670a82d4e4b147c2374

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1ab342ff51a7e1c21cb9bbc15d51282b

          SHA1

          403bbdde02081d28bf8aa5bea3872b5ad16ba7ae

          SHA256

          647975bcfc188477a728d6f8bcf491373c95c445443927128ee1da00294b3356

          SHA512

          e32ef64bda73c4285b13bb6bcee191368d3be38c9cf852796bcd55b0775123801aee84010391653958e9320db2549927fa1c6179cb656b22c60555fbb74d785e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4a559568c47800e43da4d4af7157499e

          SHA1

          bab7cb07b919c569dd8af32d3a4e4ef247f3cd47

          SHA256

          f246bcb113064a3b454c4c8dd2e98b38d0b2c9b89047967eb497e101dac7d0bc

          SHA512

          7dd703f74955a726d728d38432ffb021569f70c304806b686823656fac067f84189b5de05c2f844360e9233ab3e388eda16f1fe55459dd79cd2bf7f69a0fe7f1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9017b74ee81c4dc4b10f70e75fe952f7

          SHA1

          7cf3b88092d87d9197aa641478f6c9a0a4558cbc

          SHA256

          3c2b2278091798137dfa261789484fe3709baf8a9d1ac93b94440f4e7f42d603

          SHA512

          e431a52ae0c4520a31c9e913abfcf960dc3245725379639905aba1879c6efaa9a04dce8718177e771ab4ff6c8405f965c543e7ff92885f910f65c6aa0d424400

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          563dc0341d6db33721cb7b64002765d1

          SHA1

          f3dd859f48311e9937e4d9b4fc7fa9f5a7279b35

          SHA256

          05105468138f12af078a5ae5020e2fffbaf49034d1a82b4cfe613278f005ce8e

          SHA512

          d77584e6cbc6a565c908d7bd0e3c93015e9a2daf9dea3febfcf96748287d73e47df16d587d0732784bd1edd33c0b0f1355bfa17607bb2d881bab848ff97a3805

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2b5820bfd40d8f88ffda5276e98d21cf

          SHA1

          61ef10f102f5a8a5f5bacfc4a36a2db9c4fe7d06

          SHA256

          a494ce8cb473569d844972e8c2386d26f41fe5d50b6117982f6035503373095f

          SHA512

          30e51ce5e62fbc936b17803ceb22100b1cdef8cfa29e363c9a61361e6eb1c7cfbcdfd32e1dbf85f2764fc63b19ec7f8e6443b62e6b73ef208f402ed5bec9ddac

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          940066f4b56350f5c71ba4090f0c7792

          SHA1

          47e21c6ab01a6689e916295385e7a9b17ca7e809

          SHA256

          404c0b37c22e8f7538e9c0c368dfde273abe94df110c0f219ec788ee7576f831

          SHA512

          ce507995b35704d221c29e47e08b3b73a93583ba0391262afd6d721ab2d32c2bc8aa6a9e7bc8c62624ad789db753cdccc39a5ced2471eb4419c84c9d02b4368e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3591483c30eb63ab0a22118598aefae4

          SHA1

          d03e0e574c3a3c2d26963dde2bf500249a6763cc

          SHA256

          749198c9fdf36f6ddd02f672bc5e45e28089baa5dd82d17948e1ec253b2deb89

          SHA512

          97fdc35e7889d3d1ae2e84079092d070a25da3e3fe4ff5fcbad589f7d076ac3b96351841a4e7337cef0b8c2d6b6c282fc0e58d95e508a666921d742cb263b0da

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ec67534ffff26a13ed1bb56ffbce9c2d

          SHA1

          fa03a6ac33d1510b66989674aec221cc5cd96382

          SHA256

          865332b946e80195eb8a767f626cae0999b7dfeb78a439aea494009be8d833b2

          SHA512

          e6c3959e36033f40016b5b82c199ac5cec78589a034450f933e793e045a45f6e5ac410bba74e9a201bf5f0f0c1dddf2491e06f470478f19dab53f8fce2788371

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f5f8e214dd1f9c22935a44850fdfbc85

          SHA1

          1327cc84706d4dc0cb09c6d42a2f11e135630b61

          SHA256

          d7af1892ca931918f40fbc36de32a977d543323f544b719e791e36d88dc0d1c8

          SHA512

          617f16988855dce79867e08075804c2b7c4c1cca9d6f574597f4f5c9b40c5baf3e2c245f008d35153eb0434408bca8fbb5717056ce4c7f4f9fbb5f4acacaf1fc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          06ebf9076c43673e69a8d5bf62deb294

          SHA1

          8efcdf2e1fa6acfb6188355a9988267ec36c8cbe

          SHA256

          c436c2d507b81edf48d03a3a9da4ddc2e073b2dbee6453a65450e7de01c67f80

          SHA512

          6336616aa7f9a61fc3535716c3f3d971a72e517ebead3e61336688bce456f588f3d8d59c94fc6b9a073276003e85921e7e3f7963f2e5e794e2491496442fd8ca

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b7ca6ab8127730aa67a738e800b41bf2

          SHA1

          ed1cec264a51f06f785a0160cbb272302396b1f0

          SHA256

          5267dba14116d56a7a79a2c086a45852b2d54af5dd7b8b75ef175c92e4b5b5d4

          SHA512

          7eda262340a0f66127666680c61ecb78f428734c0df75263025aaed32d570fc715da57fe4a22b28940f56fe4227004c9ebdb5987540ae1de918ac7fac5e0d58c

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8850CB11-82D2-11EF-8BEB-4E219E925542}.dat

          Filesize

          5KB

          MD5

          a217fdd7bef1261bcca913a8c648c8fd

          SHA1

          73b36a8d58acb2a49705627cff98179708e20881

          SHA256

          4066ef6d43d89a9b6e4257963069606ca82964d085371703b1aaffecd4915ad8

          SHA512

          a7057aa9954e52fa2feef5ffc49778160b326e4879fc1c97f28e04e6ebcfe7f36d21706cd65523fbe59e6794f68bead73fdf4c05963415840af71955661d7087

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8852C6E1-82D2-11EF-8BEB-4E219E925542}.dat

          Filesize

          4KB

          MD5

          9781ebf969814bd25f6c40d0805e2e64

          SHA1

          e80d7108de7432368e976f755d901477161cac96

          SHA256

          ecd5a206f8fc0b6fb3ade3e43ecb09f34f3f9ae2d0c8ea374fad0246e98a1e44

          SHA512

          cd14e5041d41e2b289d6b1ec07e998d820dc878e555ffa9db9703481a8201fc446fd8fe4c2ab507bc4c42f6b975f0a6d97b2986f76fb733bf1b840bc13fe5966

        • C:\Users\Admin\AppData\Local\Temp\CabE8BD.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarE90E.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/2064-1-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

        • memory/2064-0-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

        • memory/2064-3-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

        • memory/2064-2-0x00000000002A0000-0x00000000002A1000-memory.dmp

          Filesize

          4KB

        • memory/2064-5-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

        • memory/2064-4-0x00000000002B0000-0x00000000002B1000-memory.dmp

          Filesize

          4KB

        • memory/2064-8-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB