Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 05:19

General

  • Target

    165189284c8c14d8afb26440c46b85f8_JaffaCakes118.html

  • Size

    155KB

  • MD5

    165189284c8c14d8afb26440c46b85f8

  • SHA1

    c95113aa0adf233702033b01964512011feaa905

  • SHA256

    4d82ddcdec080c3377c345c6b7ba81486e1d79270e44f4d0004eaa14d523a77e

  • SHA512

    7cb6210bd2a93b59124ad27026b075fb9de5dcd1674246dbb224231271665beec0c74adf55ba5c7e0ca0cf9c192d0864c71e411f77ab4748cda3c99c315e4ddc

  • SSDEEP

    1536:iERTccVcZozb3GMCyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:i27H3GMCyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\165189284c8c14d8afb26440c46b85f8_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1748
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2244
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1764
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1976
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:406538 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1036

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a114a50a6859207f51c63b9c5ac89b2b

            SHA1

            4079fc1b8f875bd80490f2c59dc2afe5f71eed72

            SHA256

            2de4a002689b7fd91164b3b8f21cde2bbbc039869353c09cf9b38a310345e51b

            SHA512

            c6935372f611825d44db22f1aef0c00d881346dd3d46268aeb504e5b5318e07431e5b162a7a4248b519a6f54c606c03ead28240cf59f1be4c5583cab13c2ca0b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b128696700740cbbc7c323f69a7e4142

            SHA1

            ce68f90ab40bba3ddd29b7bc09ee6a01c7f5c025

            SHA256

            cad96aff148c68b078a26db147eaedf7075be2ccb0a0b666a015b995cdef23e9

            SHA512

            08048f9abe4550e7cc4324cfbe76ceba03559903b49f5654f78f01758970782a551bd154b5cafd3eda3f31407b93835424b8a960d3bf9c095ebe165306541c45

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            370575ca569192e9f1c22103f8fd60e5

            SHA1

            a627d6b80d35d032df77eeba34b83b79129bcf0d

            SHA256

            d45f6ea39e0dd7ea98c393a13f4f2b8b01f12f17889e0dc719abe76890ae5662

            SHA512

            82b685753a08ab4a4fbdee45d24e02b29a812c78ef0edcbecc8181fb6fd3e808bdc5d7e3c341e259a16f8ae451b6f93590f4b258ebb389de7ba55749ed135a1b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ca1c9c75523d49a7a13a45bb379b1e9d

            SHA1

            e82cf9c444ce51262750da7b8518d09e6ec5940f

            SHA256

            a7748b5918a5e2d1faca04b7a6871730b31c1977725dd104834fa80d8f21f82b

            SHA512

            fca039267c814fc2ccad847f770ba3a041d80c743797cf1c62e542be4ad3844fc7d7a900f59ebd898b58ba9136c39cfb050143179aab271f9144a0843237e644

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6a954d8ad64dd6258f40ada4c94fc8c4

            SHA1

            6a34859a6323278fe69efa6460a322aabe3a12ed

            SHA256

            45a7ef7608be581c02f2919cb8a83df6c4798ef206379379b6193c5d66fcf143

            SHA512

            d812daf456be014251b093c2efd1c383a219aaaee0f7aa079b3d3bdfa668137fc5c82045d58acc0f4821ed5e9d54335db168d35b591ba597db04e626f7932de8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            df97ba6650d031c830303516e2075c82

            SHA1

            cafb0e9be40ad897f6395a2991cd3e1b28eb3bb7

            SHA256

            e2edabc0e2ae21473736b7c9828e4f63454b6ae317c1ab00523204fb0cc9d0de

            SHA512

            0a9230538b8804153d2a4ec618a66dc225c11663c17f5e23009eed6adf24092258d5accc3d7710ccd2485749dadaae5c1212aa3a25382cd67d66f58cb2b8fd05

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5374dd92514bda5d2b8234267143d7d2

            SHA1

            eea08df28bd6b548da1654795770286ed30c00fa

            SHA256

            b32b4a8d7f4fcdf90e593a566093f13365cbf43afc1b376f8bc33d33bad58d13

            SHA512

            58debbd2cdd9ecf7a3c97fb44704911aa0e4efe200b7a2c8257a469d93fb446f3576a637335435e929cf4cd0f20673a83d68864b60dd5101bd345b579d312152

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5d6daa8780469d863fa22a41063fdc76

            SHA1

            d0a2386460c2b4fb424e2f16987e6bba4bb11b2b

            SHA256

            9a2b4c42c4d6d3f5dac95a3b29115585a18da0843e2a10b5c733f0f9bebfd336

            SHA512

            14ec9ed312116e3e472adca926521a15110c40d33d234a5eaaa346b13fc7afef32ad31ab083dfc44032a7dc229b018ffd2f18212a13fc23b1d2fc903c1acb3a7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1ed3a0561c33d886eff6033f7fd160e0

            SHA1

            20e69f6b6f1109e0b4c4e0b8fc5979053db75c3a

            SHA256

            e18d5092d5246687ca93124cf3625c2428789adfd433c56c9ff6f79935cdf655

            SHA512

            2163da8a939635b15f8ac77ed345b749ecbc58cf157ab72c81e1eeff3dab0e004f9a8fdcd4a75fdc4a26a873b55f62fe7618ca3f8f18015ec3fb27f27cc43b3a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2a9de0ea3af415108d20845edb201ded

            SHA1

            b91da5f5f26c3dada818fb4f193d3d500e599611

            SHA256

            ab6e9a940e031b220475830733482d937fbf4601ac016747e64c03dc53672de3

            SHA512

            48360493db71093d8661f8a9e25e72e058fbdcfaba22e96952f0db08b5bf428a35ce25ec653068c730e730764ca571ecba16adbb09f812cbcca79a8783f2506c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            45f02b1470dbc6d8d9b27f1a0aa8fc2c

            SHA1

            93af3de2d61627081de0f708cddb8d3edaba621a

            SHA256

            4e97f241e7c13ad92e5813510359a48c7d1f48d54320b16d275167046a33ec8e

            SHA512

            89715e5c3e73475a1a6cfa3a2083786b7f080e551949767e0d0f26b2a496ebac8570b973ab0be0f76c634087dee9b7bfb893af7794f05e41918d424c0292a80e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ef1057c5482cd281804aa230db16eb69

            SHA1

            2ad456315375995d2e2db6668caf5ebb01c69525

            SHA256

            4648c1d4bc93f42dba79c34ae6c569059ef8fcbbf5cd4f2318a3afe14a3266e2

            SHA512

            51b950ebcf96c5888d6cdae8b857d7f28f3d91bfc1c1518f5afdb6fb365c77fc8f36cb8919132a367f1a8a0cddecfed6bda9beb76d490285adb84f0e8fdadf71

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            95585af3be7b9e994a0671e09898b58d

            SHA1

            6421a2df010f3a8cf6948f2afce6dd78de6bad76

            SHA256

            db6b26236cc3642cebd9008d70d6c10cdf709a86e04f2e881294e3c3f2196c07

            SHA512

            4e8f97a70cde190b4fca355d9d7de06c246657724cb8ed8a71ab073073adce1e11ba65502f5ef5dd8a19aab19dd1cf714cce9a925fac9a80e626b61b615cfea0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            93206ffe3da52975828bed0ee2a00006

            SHA1

            8f421df95c2586ff1301bf1ed660d145b10ed0aa

            SHA256

            c53fa3d81ca773b1ad9dbd77aaf36dad2d4cd6319972021072100c54cd887cb4

            SHA512

            f18d2f5730aff6d066258f4f2b1bb79b9c0eb0222e1ffa22e9c82825bddc03d21dd2366cfdefd722fac1998b17a2e70f52f4bd62877846ea5e32bf168f35db57

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            366803e9a92f6e0e27ce6799dfd50595

            SHA1

            cf27a5b7f51dc96cba232561049229a2ea563bf0

            SHA256

            d79814c8be59099d6123d2fe852ea5348ec166bac323ce026d80d99edf8737bc

            SHA512

            de8b3f7abd7ceb83a58724e15e12595f3ba64939967d90ebeeb686888d35815a58608fdec86e73cbc2bab4163880046784ce5276b9fc94f4d26641ceb083d3ad

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            942ac4393c0f794a69fd18ab3c873890

            SHA1

            bdea804e8dceb19e25c47f5d8a4182af08c25ec2

            SHA256

            68f85c9fa17ce4fe32ad7c68a916d22593cb63c12bd025f3e427b9298e6e2ba7

            SHA512

            38f61cc1a7684de1e06c3473dd650ea96a9ee2cc34d7626504e2df9a1390f5280cffde8a40681652e694ae1a6c1938caa068a2a45447d29fb0d1b994dada81bc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5711270e6eae5d58e25d300e4ae1b1d3

            SHA1

            31d88d14ec3fa0c35f4b1b37f3c6837c535c2be7

            SHA256

            94921ec8d74b83937cf2407490fe43b0377694006089c5cf332ab07ba21d6422

            SHA512

            b046a1fb07a719aa43eb26004abd8b3382688bd921f593c533a7a4c7b8098413c4808151b7a24bb95b989a3c00f0ee2d603fb2f768b26f6725d8120181950db8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0ba66de15f9e2b25edf027da121d424e

            SHA1

            4bbaa031fe3456704cf0103e2a937a0816d5563a

            SHA256

            01113e4f71fe2ad240b113fe3657ff4689aff83d50bac64b6c17023a69554059

            SHA512

            38ba1a9a7b4c8b5b9355bc472c40bb1785ca2b5e36e809b554db1a6dc47b463ff69e950a2452968ea41aa2ed6855fd3a05eed970efaef3b3ed4b2b4c839020ee

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ea33857c798277fb1e0e170025293d20

            SHA1

            f989e8474f5a8bc4ccfa5adda79e3f9e5b98fb90

            SHA256

            dd77ed74c0fa81cc8bce015036393c7a67c6734685abb18346effc9d8ecce74d

            SHA512

            b2cf7887b54be11f65975eca6f68b29d97b4cc65ff0cf5a4961025afb73ae7bb5942054854c7ad26f7845058f23b6b3e38c237fbee9de68bfc74b04f14bac617

          • C:\Users\Admin\AppData\Local\Temp\CabC4E7.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarC547.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1764-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1764-445-0x00000000002C0000-0x00000000002C1000-memory.dmp

            Filesize

            4KB

          • memory/1764-447-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2244-441-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2244-436-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB