Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 05:59

General

  • Target

    1670ad86a1374a7b91e737a250d56e60_JaffaCakes118.html

  • Size

    158KB

  • MD5

    1670ad86a1374a7b91e737a250d56e60

  • SHA1

    0b41b72f785bbddde9e22b1ff1f89b1d85e39f3a

  • SHA256

    9704089855fbd9dae0830681b51ec899bdf762a627c039d0efcbcc364b033129

  • SHA512

    b73c2b70c576c5ae984c9c228a6f0d9e7ab52e840bcece48ad326787b27ba5df6de9868c069fea658163590cff454ffb26a4e25b7ba6a61c0ab6edbbc30b90e7

  • SSDEEP

    1536:i5RT1x0n8pPycyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:ifQ8ZycyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1670ad86a1374a7b91e737a250d56e60_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2488
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1940
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:3012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:472079 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:844

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c3c11a4e1ead0d4a6c6a9ce2e5decb2c

            SHA1

            54bb3326990a0f24658d1459f86019c490e32e0d

            SHA256

            bad7443e0a7b6b8e493cb58bfa6fe1929950a4950fb2a8028879d353abca2e2c

            SHA512

            ea3885084ff9be259d35185e9157dba6c840afbc9d47f7843dd9efa82abdb15f84391ba17ceea06620ebbe26de9bcc29faba9ba6c69bfc779b7ae90221cb8cdc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4f415efc4c5fd70c85e609c54cb69019

            SHA1

            ded35c05993b11bb2c526299cc1fd7bb225264b8

            SHA256

            90f367687f6228fd4c2f1158e820d9564390a50b4df8c9df759834e6adba0e57

            SHA512

            6d213a95d65f582ccef686902f68c8a1938e504973bfedeec9d5ab72f5921882cc7d98cd7cfac87445c81d6b785637c2eb75cd6423f47f3490c3e4c112de8c8f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            97faf653fecb854a4ac85c0f6f383b8c

            SHA1

            4f6f4adee358d504f0f6bbe7527fc8efd94ad7dd

            SHA256

            4cbdca9802c829dc7b64843b95f475decb1aefd49726f23680cfeb5467cc8abd

            SHA512

            b4b5096cc1b08c80d71d72af44db8d10be30e522ec6bc98f9b8f4fb7611d25da4aaa5be258d94d42def36979ae2791ba6502c5afcd1d1f2a8dc7153ce25eb143

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c1f9c98b3e8a534576f2a0ab3020ca08

            SHA1

            8c2a7856e572ef97f6ec2574e3c81e24ce8daff8

            SHA256

            27bf4dd60f4eb3a8b7e40f811de69940eaedc1b02f882276204f60affce95fb8

            SHA512

            4776563c86b2961c32974bdb09eb66056b5f523fe62d7287c27bf0157777afa985d6aa963f597e86cea3b68450da74448f4289e560fe7677111be4ef35df35e6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            77571edda8d328ed590904219458f483

            SHA1

            8c63c947c12da1ce1efa164d5f8c157674bf0343

            SHA256

            fcb5864c1555344fc40ce14c182608e6d9d3511e46c72767f514f459369b5722

            SHA512

            cfc401455a902037f3e17ba9531121df6e5d5d3d5b33e686c2552b7a52ce4b2671c6056cdc3b59f0d7fbe9617d1a2c087785637d847eec60f9d725e36b2b54aa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6cc20f28759a158b4a50094d2e9b83aa

            SHA1

            305c8ce5dbd58475f59793871e0660e483186b7b

            SHA256

            4733ece4fff6f0f79df7f0ec09f016e651c4f87973963d48b2987f9cbb27442a

            SHA512

            9603937a6006e3b4536d694a6fe0583a585064e967d0a6afdeb59f269130089817644454302697c7a74e62802d86abd02d0a17a9ccc41a62362de2a7ffc1a489

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7a93f191f4f38feca95c34fe87fdc388

            SHA1

            452bd81bc9f7363548c215542a5c04acdb66fdaf

            SHA256

            7407e7047e8967e6221e075aa0fd08e6e897474dec6233ced55215f88c72d9c4

            SHA512

            10b69f67584533e20b1ddf82c480fcfa0cfa6b603742b1e13e07fa1ce64cb85f35c80f99e310be4023e7fd1c8a478ea10dab74c377dccd22c6b73bf3c08377c3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a6a4a1a5b8569b79c91e6be8e117a04d

            SHA1

            3cd8cc96c8cf15007f94462ed9c8d5c26e0849c8

            SHA256

            f97674369a7f31845f06810d967c10b807f3d19ec7fb63b879e07e2db654a636

            SHA512

            8e782e546aa082b408544f15d6f08fdf5b53891a4b76e25d7fb830304a308ca24289452270a9166427d717a94af4de9ff5ee1a91d4b28d9f4c49bb91f6d57e45

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            97893df6e447b4c2fa2adda0a450213a

            SHA1

            692a337e05899b66dfea27e2625e649208f79394

            SHA256

            1084be0dd782fa22c5e353e7fb8ca672c9909d074f3e752cda24ae71e35955d7

            SHA512

            97128759d58a30b1f48cc6ab52d34ddf9a28811a18c036b3965277b58342cce1370521909a86d66be366aceb10cc306da27db090fba295b058af1a773f4cb1f3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ec9b8a1f5e1b57782e17a804babe67ba

            SHA1

            16373f76c11b12bcc3d58d0865441ca447f0fbb9

            SHA256

            942c891e655dced40909559507350908db3ddce70c600a64b724a047eb9f9dac

            SHA512

            66f17ba505efa5bbd15006ca262aef204b95d519145adc90e7e71f53952ee6d6e218eb4648d03bec60da92eec21bfe80c1a5b9a2c6280435a305641d59c4b4fa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d04f69352737e0bc59624541340b7bb0

            SHA1

            c183c4c6c2e3940fade6e45ab4cc5b5936e575ac

            SHA256

            8154f9d8835bb493f6bc0155ecfb61ee0f490e561ec88736f580eeadc4f3152d

            SHA512

            f0e7a40de695f4298024a8069011fb134f214acf999537286b946441e46b13f4604448e8010205ac4bea7fae16d17dfab2e086c56a6e9ae799ed85e3e295f19b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            fa0e004ac5d55ab2c2d05e0a8eec54d9

            SHA1

            89a7cc0dfac8c5066f89646c054ac5a2c384b5cb

            SHA256

            70cfca79e1cb779eb87e8f824322f173ff7e24d164a76a101af21df94e28de1b

            SHA512

            48f3cc9ae899b0dc9e102225e4fb3b68f53951ac301f2f97ee687bf5a9f004a6927b741b8a53675275980acd370954ce4eebfee311d0eb2abd4d60cc7240678c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b2c3ce0365f5ac2b3f959a255c7fa6df

            SHA1

            3864d89e95738c18b2dd89fc973d4d4fcd089631

            SHA256

            715184d672f8ca58637efc9a5be9f590f639f3896918c7875adfba7572c22a50

            SHA512

            a3ba0d94d20af927397e7382db3681dbcceb5bf932ef57c3e1dfa18bb7ec779a8f7b0bf3029e859af7b953fd800ccc534081d25868e3d167c121ab995be84943

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            239eb4fa1bc7e7a044ece3590182c492

            SHA1

            2b3b91b6d94df75b83cbd0ed4ed870473f761fae

            SHA256

            21906f2aa4986880f373835d8abbfda732ef40ab2a76606bbaece0d41a7520bd

            SHA512

            eea0eda0135f995957f692345ec5ba5881b39062ccf632047cf4c844fde82342e3b8b4210afa48ef4ed99e3b2a5013c0c8b7f4a5be1cd3e2b657febcab498e02

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4e161285fd0d172cc50f135e84564ee3

            SHA1

            1140d706926e58b55dbe8ebc423bf377f37bd3ca

            SHA256

            0a1d88e561f2237be643019591a740c762750288c9aab5a5f71b14eea4ad7fd0

            SHA512

            27fe3588d467cdbc76abbfd48425d961dc32dfa003b5e2588ca203929e257c5597ab8ea02e2387160b9d7bb635319f9d82e69eb88b52a395642ed1e7f495fcbf

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            344e12d3a2cfb0a84c48ef82c6ac1abf

            SHA1

            f7226114956c0bc5578edb84ce21e8353979a782

            SHA256

            3b5497ce64f5b8b96e7fed2b7821d53b2316ba2e98f1a994844d74e9a1fa7a11

            SHA512

            76426275eb9f80d585f726a3c129f7cfa098d3ad28ead3911053c5cdecdf55e676833c35627f8c89b33066651949fb08bc4eeb9c846660b9cb04d85357e4ac8b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b1cf0e3e916c1ff14295b4b3f5131d3c

            SHA1

            1a8e2b0d641b052e84223866f134e0afd263ff23

            SHA256

            b56bdbed505529dfc4769891bcef60a9e04483baa89220b715d45d7ffc28cab1

            SHA512

            2b34b21b641e30a7850dcab1bc89a90fe4133ab21d43b80f290f121f74a37b5cc38d7fa0b0063e7c555009561731ed5634f761af3df53b1722ac50a121a81437

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1b91369a535443729bb0f486bb56e8e8

            SHA1

            b3aecb6f9dafd3c385e8407c323d523b43a811a0

            SHA256

            e0cc7d76889826246309be8223fd2d2e8e18cdb8818f7c298c69f7f6e9cf44de

            SHA512

            bd062e6fe109e8024318ec60c17fcb5439d78b5f1172de745928a6bc18b9f37580c248bb4a3bffdaff2632a99d47088744196260ae949b3e2197901a886a512a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e0415d56020b3457526a5077caea57d9

            SHA1

            1ff3a9308f5fa969653eacc65413d317c9047829

            SHA256

            46740d99ca4aa5321c7d0df0729760eb4d7898b1a6ada03eb4cfa9ed41b19f6f

            SHA512

            0df2ae7658c0f7c4f9a9f29e72b0a17a1137402d3a9655e1ced63d33334a1bb5501deb05a5d2264b6fbdb93c26acf3c19c0382d0543b22fd3bb1b7bccba22a13

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            06a617189a2c6b8dbefee78350a34705

            SHA1

            3a8e571620f50428a3dea1fb7b247b35f655b1d6

            SHA256

            138643b004607e63c3c9762f1f4c387b0254487abcc3563a3cb0db7665f94cec

            SHA512

            6a8b11dc8a669ee2809a2d79a18553cb8115c953ce46380f015701db537f6b0e98d3cff8918a166c1871c94fb55baa54057e8c5e46ce5b77a566639701b81af2

          • C:\Users\Admin\AppData\Local\Temp\CabFE00.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarFE9F.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1940-446-0x00000000002C0000-0x00000000002C1000-memory.dmp

            Filesize

            4KB

          • memory/1940-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2488-440-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2488-441-0x0000000000240000-0x000000000026E000-memory.dmp

            Filesize

            184KB

          • memory/2488-437-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/2488-435-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB