Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2024, 15:48

General

  • Target

    7a4d3165a759fe6e938ec9e84b4bd662_JaffaCakes118.html

  • Size

    157KB

  • MD5

    7a4d3165a759fe6e938ec9e84b4bd662

  • SHA1

    dc7f73650b0d1870f8a59e084a61d382b1a045c7

  • SHA256

    befd7d92423a5d783ab274a68fc39b7e64e8a108f6b199186d86bbe268c959a5

  • SHA512

    3559f9f63999a875308db78687a90c753fe78eed6576c911e8145cfc5ca00cca96502fcdc0edfb35360859b7e2ce73fb1f87d286a8288df47d6af099150f5de3

  • SSDEEP

    1536:iCRTkhY1F/+MYcU5mHyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:iQPPHyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a4d3165a759fe6e938ec9e84b4bd662_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1192
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1912
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2900
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275467 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2444

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2da855a5db43c5378c8db0ed71762c44

            SHA1

            3e6465834bd8c7e4f35363734109d8ad8f0f465a

            SHA256

            807d514339b41e6abcb296f147b93c380efcd16f65739a0fc295228aa1e4f3bf

            SHA512

            2e7b99d3cac05399952dc3eed2a896387bcb7bc55bbb7225e9f37fadf48ad137d97bfc1bad1331629c3430462b8535ffd1f55fe93f2be0dfe36aed4568b6c063

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            af4938c56121ea73c9333003c18c555a

            SHA1

            ed7a035dacf6d7091b411f624420928d205ef78b

            SHA256

            070082e0b4fe9dd505ddc2fb1aaf73cde1742038842f0cea17621a7b9aa11e6c

            SHA512

            8f73c91a0ce8264344be0b3901574f11e96fc81670c93125c3dd4a6cc0176644884eb46093293dc2d8ea4ebd1cd46146c2d071ee890adba7f663d9b0672adc3a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            36ced4fc661fa3e4fc193485c99441d8

            SHA1

            13de81d62def78347c39ddee61efe399de3bc461

            SHA256

            edbbd4c2bfcb2e029f34b8a4c072c8b11300a28de0a2017633a92553e1ab346e

            SHA512

            8453f7c200e8b3ed7104afa540386e9c7120df6cd86dbf9a877fca1e54a715de95ba38034b367c2cc7f6a5d9b39dbc086335ee4faf751e3c78f958da377b9b9e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            216c7a6f6aebe03c9903c57ee1de917a

            SHA1

            fbfd4139ea57ee03eaf8d106c2d4599e54d3f1af

            SHA256

            cf57ae85a175258c7266344e79d7c7d15c81a9a2442325f3861cda4e26acfa4a

            SHA512

            166d77bf21252cb137cf56a3779c57187b6d63c8507f567015ca1522f0b82b9f15b314a8b3f7ba1d4e37e7ffe15b3992fe46802d601bae38371c364f215ef2a4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            84f6bbf08e7b0692c63896169add6344

            SHA1

            a8f1eff6a6f4c662dad7984ef0bcd049eb578bd4

            SHA256

            89d5ce65c8c467ae8fb7c92b39cc56aca37674cd72b8710654f2eb9ee3f46f2d

            SHA512

            c867097ae670091311685ae8e88c03d5eddfda8054bc428fbb66cd52a8a732d8214f3145f65ff6fbcb0f54861eef1e9858ccec37914f737665a13a1c52ce4c11

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f0d678e9b1443f966367e8665d83dee2

            SHA1

            7b6791bb3826c38e230f88c4de52ce60b65109b1

            SHA256

            0c247eb2b3339b8f80e1672372e30418e095bf8e17a13f7ce2eb735a843b050f

            SHA512

            dac00c7bf68fdadbae022aefeb2b54ae3512e6b34e8775c1408f451a993db1d245961e67a7c7dd359657565ce1fda7fe4dcfbc43f6c86720bbcb495f52c9c3d0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            fef52a9a03e3bfc60df637051bff6647

            SHA1

            51fb0baa5189eb851cbb026255e61af637399a58

            SHA256

            e7e4ffe10bb0fe9cda44db59d05f40aba9089433d292a1c488b2a70925356ef4

            SHA512

            4d90d1651aef738f611be6d43c1356d741ac6a15ec89867c910eea79fb97dcafc7edc74bbf05c9864bc1f5e18370ac9978229dbb78cd4351f507dcdc47523eb0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d2356cf90ad238189c6453943c8341b4

            SHA1

            deb11396fac2874aab3592268b22cd9eb76d18e9

            SHA256

            40332e14597b84f8585196c2af9b01c216cae72d25bfffa4309b0a5fd1aabf52

            SHA512

            2df0510fdcd5706c3cade6e54d04905cbbe8f210a1c5b7de61212b6464a69c7313b6098fe4f251b018f01aa48e02cb7f85d9c20f2813f349f42c2785146ce8ca

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a875d7e9f37e0a444047b00ae9d99b5a

            SHA1

            687ff5f08835a99becf6dda3f01a7314197a8c9f

            SHA256

            a071fed709cc8fa0d45e45ad15a5ac196878cfe9877d5482fd8749749c5932b0

            SHA512

            a406a075c120269c2d1a248ae52b761e9a4f7fe6f26115a7b735253b04790ae973f44a01775167f3ae77a6de1b789112f27d2c5b4d9b9c16369d053cb671760a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0c9f6c73b0297f3881f3380818239931

            SHA1

            8a040aecdea4a4c8c106c50dd4fdc7498ff8ddb0

            SHA256

            685a089180538a9718e468ed29faa0a4bd31845307907f3f656d51029f7b670b

            SHA512

            763a4bd0cda856e81bde45edd9c7cdb242c016ebdae51d01d9e167ade6202be9bffd3f1888d4dccf7e3f519a6a325a1edbd7469cb4761c1ef7f7338f7cf517ef

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f80b8f2fab01f038796ac9fb3589b8a3

            SHA1

            e7013133400d786c00f9f55aa6a99f510ae35088

            SHA256

            130c4d9fe1445f93ea2eb1e57fac72923d2cc61782aa4894f60f2e6dc8288620

            SHA512

            316ee54d5c59b10edca0076011d4ae84cfdeb91c3561d1c78c65b543fbd882ea35396c8711996a3fdbc35d8e705052237731cb65d9bc3cb8c7d22119ae1a9c02

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bc76756cccda21a4c14e08c1cbf26dc9

            SHA1

            10f0f1ffd4da1d515e0be5cd10a6cde38c4b566c

            SHA256

            64c51689c341ad33928e1d650cec02f44a5a1cb43d00eb64fa60684c1c2e4a5a

            SHA512

            d9d6239805c03c99923be35ccabc580bb0d6629449af6e3c172b944d8df073a3f09b1d95ac3f954e51e45334583efc548e2666b27f6139cb0bd0f13e24df8699

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a05770f6a34bc7219c600639d6991f3f

            SHA1

            08b2f1550948078d5eb2e19bde32ba7d4232c41d

            SHA256

            2b4b6340fe204a94679bcefad7167e98dc36e4aba43f46ab3b525d20bac89776

            SHA512

            773183d4dcc2730369fdf85893fd45aa799be25c18a1e3a0069862aec7386305947b4efde27f5ede080f373ce85bdb2b66575eaa4016f9f82dd8e04d648b3982

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f8b84e96d12cb06ff2defd7856591a78

            SHA1

            813aa2b3fe5fa54e213670ff6aac667cd654c728

            SHA256

            adadda7e106a7badcc706b0eea77242ceb073a0d4f21f300c37114cecd32b5bb

            SHA512

            f5be3922e723a6428081474df3154c066c75235cca60d763b1b7cb550af197d17231576f822abed65e76b4f7768918a3efc166be0c599366dbbd48a82522e5cf

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            fd680aca47c4dbd6a699de7171dd7928

            SHA1

            b1038c0ce92665a0838976128b07d69eeb852989

            SHA256

            ec9539595e1ebd5119205daa8e9746a147821c8ba6c0579adc9be4fbf6643fa2

            SHA512

            2675cdee2132f1bd114f54707756ab32c51a1f1499e5e4f8c823b58340a5cfb04a5d1cd4e8e6f64c18d1b4c37fe85dbaa496972498de6f63085f8bcbdf65abc3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            944215d236b0648196135bbabfe66801

            SHA1

            40b3cbd3a072cb3b51742cfac531c58d7f6e2106

            SHA256

            6dbfcf54284f707eb0ef777340dc4619cc9df12545b4a039d66df342901df0a4

            SHA512

            ec1b87ce62993c74f703394394d61e8a12c00b43f62c1099199280f2047cdb71d3afbaa7d14f39f281a2b3f9c0e659f4b85980bdb94489f517db2f9772f0e15a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            197b052f5e2620639ceb5f6b0728f487

            SHA1

            0f7d153df3c80fa46d4acca2ce89c565837aa222

            SHA256

            1593b6372c6c7e1b8c92041b8d770b7c7cee942cf7439e4a6c89316da9c0b358

            SHA512

            efd7cf0e6cc28bc373ec838477a1e2cb66fe2ee311717f7868420992deedb64f14b375864ef2fc2a8c6935ba79385292a363760e770fbdf8328b3c6b96b4b4a6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e5390da99e5b22f3e5faba2abcf4fd55

            SHA1

            1e0e28b7845daa6291d049cf1385e5892b4d77be

            SHA256

            d5a676b19d0ec68ec9c7217ddb0b886605cc3353ff6ea8424d3d54d4bd2ba3d8

            SHA512

            8189e8f2f22f05ff622513e3c8f7a45bae6000650dfcb6d223f70f8e159c09c0bf4ba56d88fe8673e636158ae17a1593bd8329ca77b9ab5e71e964ff84966eb4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9e650b36547a214874d7bbb14f0e3dec

            SHA1

            a5ad14a1f5d95c5e365cc616a90d2f1e3f4a56c4

            SHA256

            f3ac8e0f6aad741fed7a93dd931cb83c3bce7c1414628341d56d9c594c0d6903

            SHA512

            891a679f7348a9667f282f93c591b19f3374284c4626a1192baa1c523be3a28298a478e8519296d7479dc38f1e7cd8661ab1ab4c34c71b508936a0810893db7e

          • C:\Users\Admin\AppData\Local\Temp\Cab4C4C.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\Tar4CED.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1192-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1192-436-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/1192-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1912-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1912-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1912-446-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1912-447-0x00000000002C0000-0x00000000002C1000-memory.dmp

            Filesize

            4KB