Analysis

  • max time kernel
    131s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2024, 15:13

General

  • Target

    7a327c419cd66259ed365eaefb96804b_JaffaCakes118.html

  • Size

    159KB

  • MD5

    7a327c419cd66259ed365eaefb96804b

  • SHA1

    75c7c3ce82f191cfab8238005f0d318dfc6e90b0

  • SHA256

    588cc2a50ba11b79f07d1de185620628acb4f9988120192b1979465ce9d7f02b

  • SHA512

    d72280417f5832eb0692f9a89fbe7b3224cdd832dda60ed6867bd96ad4a09532b90c5ade57c8b2f011f59372b0dbd9de74910e853cfc4c19d4434962e87ad516

  • SSDEEP

    3072:iZPq1BQqVldcS9LSnsW60TTav0n4NsIMpIoFV4+vZBubTUjL4rbIS/WyfkMY+BEu:iZPq1BQqVfcS9LSnsW60TTav0n4NsIMY

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a327c419cd66259ed365eaefb96804b_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2292
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2252
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:288
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:406537 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3064

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            576e495335de179d91e9d820902dfb12

            SHA1

            f23ee785654036dabedaa9592c626be63846902f

            SHA256

            d84140c533f0eda25957dc7cbe60d44e91821dc835e4a483ce333bdd5154b6cc

            SHA512

            b559300ce1d603785c91a86c5c22a96503188747290ce65f0278688052904639cf52c85b035010de778343545766b7c9f122554e9abdec191f146a9fa5b7f2ff

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c4751a7d94545cb36488e3263d1dbebc

            SHA1

            623e0c42e86d298c9fd328d1bdbb0f6a6b54cbb1

            SHA256

            9be20911d2f9b330237e00d92870f013ff02665e9337d4c25f80cc3c017d26e5

            SHA512

            47d6f1b49062e904f00d4673e2c44a0ee7199e2920128f0593233894220bb860d74ed88cb8b71b0e1db2430ecd455b0ecc8e5981399d036c4606fa8903287d03

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e980c13b539d3cf2fe21f6c944df88e9

            SHA1

            3716870d617a2a4f0c122b056e31afcc04993c80

            SHA256

            3a9bf7aaafaaf9d61891daf5e11faf3ab422aaf979565f25dead1b6c84b682e0

            SHA512

            ab68639833bf16bc19a65a40e4d1f4b91d1ce5d7b7d888a12bdc08d6b6583cd5d92b1ecc04b7b7a229fa14460a0b8817ff79b7aeda6837aaa6671c7893c5c8f2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            063b0629f907b671203d2204a8972dd8

            SHA1

            c3a8195382ee8cb8b1b7bbc60389ffef08ddcf3b

            SHA256

            624d699891e7c741710eaf6ea191d59cd3e0afd39d77220075905b1c706e9261

            SHA512

            67331bff10772d399d60f2afd7079910cb5247203904835a09e33d729ee0474b20aa22391861a26d7d3123ffd4791e3b8d80201f9f962ab69f911611f802f1ab

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bde20cdaabc2a519114dc96ec5f0e362

            SHA1

            b7a41e106e0ec0051ab1ab8374103ef73435fda8

            SHA256

            e0a335cac87ca6e63df5dc73435c5eb017aa5bb2179c780933e43be41ec52d95

            SHA512

            79904df2d04d442e0dce81b90a58bd4858b16ed0d19b834d99eb9e3a5b1710c6f688609069bfa1e0e1afd55f78d7eb8f1e09b6678f78b7c71cea2a1fccf45372

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            db5179724034dc253474d58a396ceb44

            SHA1

            4931c30c49d3a9ae2a5765a27480b974b0db9cf6

            SHA256

            757c526a6a77c932b8fd8d52b776015516f229c6fc901d8e5d0f988d92d0db1c

            SHA512

            27720e3c932ed79e7a01d480e461511a37a2dc0e3a9d74044eb107386cd0ea2e3f018bd1a07a99eac55236a0288bcde48ae202437d49697b9f7131014a70721a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c78d56192135d9bd07055a1151c3f0e5

            SHA1

            0b8b178b5243c65492adce0dbf50c533bfe54cbb

            SHA256

            43436594fa20c87e095e617d5a4b980a8b9ee45437f4d2ca68ebc52758546beb

            SHA512

            f305339375d00b78341ddb3738427c4838fedb8dd4c84faff7791eaebd8146a7387befd2f4c38b2643cdc5915522dbcd29399c8a909e8ffb7859b8d464fad63c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b1799d5d83d8b211940eb3ab4b652982

            SHA1

            ce7c2ab3a74aa350979020705e7ff5388f5b795f

            SHA256

            6a45a53478bd922020eab999119e83a94c17059abb19a73b7bd751459dffd966

            SHA512

            d13f806fdcc1001f7e30f3cb088883fac306bb91d0cba744d7f2b15f4a5984cf441fde053f88e170b000e52ae43669390c0feb74a083daf9c13180c209a45732

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            746e1d64e8b3ed5e5dba6aaab734bbe8

            SHA1

            44b36dc0609f5a2f5ba76f73159ba05b0b8f8df4

            SHA256

            4f56ea1992973364fd02e5e0be7e233914a0a712be91e0ad7ac9ded714dec78b

            SHA512

            b9eb8d613699947729e00a98adb3a74a17fa2891890e2b52458b1936affeb9f4b3f1ee75a245ae45b4adc027ca125df1f7a266bbad98a510408491798251cff8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e84bb38a7d631d4f570c0bd53033979a

            SHA1

            354e4a2dc942b6768cad807d64a51d1eee8f16e1

            SHA256

            7e07eaa59bef05d59564930007f906caf18987ec18264b9e041c66a2e67e867d

            SHA512

            3fb6c94cd1d94fa6a33364f77492b78a0a37036110344ac9caccc22835710b9ccd6faca0a6c9940bbda20577071c1ed1e85aeb01386d6651c62e4acf621309b2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7a271ff488bc20068b5329d6610cab95

            SHA1

            1da3635c2b738d374bf133988183b8b63daecab8

            SHA256

            ce2d98bcf5347186be2deb77da9a430390b83bba4d0d29eae9b178ddd00f33ef

            SHA512

            93fcab4962b9081f6bb7efb2e40425ccf146ec94f157f61c62396f576a2f0f7c60afe4bc095bcc8f391c3ec96dac66ea1c5ecbb91191eef69502f49bdad21fdd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8806feead44d77dc644489faa710e343

            SHA1

            59c8f17da592de7e86a853dbb0ba0ad307a880a1

            SHA256

            3f084dc4e9a1a21948cac69900b6cde3b5c219cc3663eda4d16923bbf6f722ad

            SHA512

            370e5338a3a1e9bf838097f2232b4fc032d416d9a76c041972f5cd2a36ad53f0d8a99977b958028a6b8d794cd613d5f8c835bb843ba27b275c559a5e724f8737

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4b15f10a90c455f2a34dbac6dc2f3959

            SHA1

            10c4d56b61904ef859c983298353102115dc5ba8

            SHA256

            8688aff783adee4b8b86e49395d1b5797f985e3b41ccf97800771a6f925c67cb

            SHA512

            3446b4229005ff99718e7c0257ba23255ac7a440019d0a5c3471f50d315bf97ba519b713881e2e64e0d2be82941546985931f3ebccceece0fc567b6e71d9a63f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            21e3c35015bdf0fb9eca516bd2c68fc1

            SHA1

            50f37bc069f521fc5e9ca2bd16fbb1d3871ad78b

            SHA256

            40f3b9ae6cfb8d546f48d0331b22e285f0a78fa0aaf5c4e58c14cdb715f294f7

            SHA512

            07e52d7f7d853caa0b7b2475f0f311939377e409f9fddc14052b960ccf6b666df0cf9c3ffb3cd56db61bcb05a6fe2ac83f2beb729296d6fb10f2a064bd964b56

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            33b135845f13edb071ff0f91fa5ee994

            SHA1

            1d7ba480e4c2dab1b4b3bc7a299959bb54ae5579

            SHA256

            6abbb939abe17876dd2c77d66f3f614256b5c20c808c94ef6f8f49623b01be6d

            SHA512

            928bb8afb38176ca63eedd82867604edd402d4f643c1eaf95c67ebf348cb38ee4a005a649279ff1e69f71f816f83cd084acecd4ae4d0b5818c506c38933f6e82

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1eaed81f8ea0f50adc5abe69323ec40c

            SHA1

            af6e85a0c1abb67549cf1ee66a717c741318c43b

            SHA256

            196a67767564c03de7cea867b1ac29038bfdfb354251f5d060ca16e55b584f93

            SHA512

            621e66d4590f1e1b596e8fe98895d5d80712038438be387809c6b56d4c03036bd1bc01e8e1769b3f66db47dfc93a9f3e19f357844e2af564ff342b4af0790e06

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f356fe16e1374b8a9b5a251d68139448

            SHA1

            cbc6fc4ca53491d7641130ae7081b83600986e0a

            SHA256

            91cb8383222a6686ffd31a2ad12a0c11ddf72e08eaf808e2fa4b3f2a76b6640d

            SHA512

            b8ac64348c6b903f1b3bc3f8fdf7a87e5456b43335c16f4c3cd0013b1e833018458d87de250ee8b57cc386a4ee2e33bf8b70baae3bbaadc0cd209093956f39ee

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c3603cb7099a80d92dc5f75ad1a432e4

            SHA1

            812a61e93984e4d8481635ccd2c57481f2129d2b

            SHA256

            bc1692b339e8f723b2924b613723cd99fda307745ee24fcd649353fbcba1684d

            SHA512

            2106241bf5d4ffd59bfb3f63b0fb7166067e414d03a85152ddcac1af25b3fe05199baded31b121f0b51564172e8a8ccebd1ca83a955b76358193a0e3748d0cd0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1bd9bd5372025f71bec37fb6ec3b879f

            SHA1

            55a54356f2a5d32204eb350ec892ff79cd3701df

            SHA256

            aee2f3377eb8040b35c1c3385db720d28066cf5c68e700c3db6dadda86f326a8

            SHA512

            e539a9bf2bc9eb818ac3acc2d6ba59c9cd4219fa8bd96bcd20e7735ea14cf4c27f98e3f8f0dd2bc77db901685765cb857d7011bf18c84cce9971b17cd8fdcab3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9f4e9b674d585fb80c84eb88e226fa7c

            SHA1

            4253983cb649311ecfa5c13443b9dc9bb89e27e9

            SHA256

            890d66c89543fa396de6201854e99b5b3f72e20288abb1194eee453c20f93d93

            SHA512

            34bf731fe8d9312b9ddc95ceeb6e292634ddcb37fd4963d74627cbae71e8010621b4be9864eb018b16c0a49cc3aaf983652e61430e7e982a94390f7ff016d06b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ba66205ea04d4a597ded2e3eccd698f0

            SHA1

            7f7fcf49e3ab840aa05159af860ff50cf47f702c

            SHA256

            fc7a6f7653def6ceb5a1f7237bd080b0d8181373d634579bb92b19ad4dc9e2ca

            SHA512

            940fc626ad82cb7d97ff0bdd1807f658b5aa0de097b7fcf742e9c518ccbee7000335387456aeb8153eb9f391b1eb0ad43b916daff77672c2a90501254c906ab3

          • C:\Users\Admin\AppData\Local\Temp\CabA68D.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarA6EE.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • C:\Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/2252-446-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2252-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2252-450-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2252-447-0x0000000000250000-0x0000000000251000-memory.dmp

            Filesize

            4KB

          • memory/2252-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2292-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2292-435-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/2292-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB