Analysis

  • max time kernel
    132s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2024, 16:05

General

  • Target

    7a5a9b4550b632d8c85c5943c38306e1_JaffaCakes118.html

  • Size

    156KB

  • MD5

    7a5a9b4550b632d8c85c5943c38306e1

  • SHA1

    6d46428476f821a3e398de1c0013afc30c972975

  • SHA256

    4a5951cb47bbe0a85a7d044f4556a441181f9a1af4ff4acf9330958c5c422a34

  • SHA512

    ea870892f11d5fd47d77189e02f7676f8ca7aaa4cd6a593b7071db9ae48c7fbf2bb62d9a1d89a4d4ae2ca46d4a1464aec5744ca753a1a2d4c5234fdaa32c374c

  • SSDEEP

    3072:i9Pv+NLZEyfkMY+BES09JXAnyrZalI+YQ:iZ+NNJsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a5a9b4550b632d8c85c5943c38306e1_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1516
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1048
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:768
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:808
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:406543 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1492

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8b389441db99da003963f5219d62725d

            SHA1

            814b1fa3ef8dd92e1f2e2abf2e2968e2278f6ddf

            SHA256

            a6c8e20c80dd19176e6b64b273b6aabfa9f257ff7aa0f5e721c3ddaa37788e86

            SHA512

            fcff309d60b0434376d47b5b1516f27e662b69e47368fe44467ede3543b5e976c40be963c2f0c24e5c13fbd7bae0c1a0e1f05370ffaa5463d1d26857d81f3af9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4766aa4c5889e40d8e337d0356449638

            SHA1

            36c3c6d02fedef724aa1bffebfc005c29a84d89d

            SHA256

            3cbf8b7cdcb3134fa38668993eb8176c7d7f17ca8b9c92e73561729cdde55fbe

            SHA512

            5b773d8708bd84e3ff0877f91f45dcefad995a2e86734cf4a729d6f80203c3388059b87ea4109197cf382809125fe3b5822512b7706c59acfdd034b4b50e30db

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            22cd810996f182a27811858c02d42238

            SHA1

            ae6169616e3a37d3eba2be37b5fb4773d1d37ce8

            SHA256

            13029d5e3d86eba64089b9ad4754221dcc097d1896125a55368f4b0480a2387e

            SHA512

            2c94c7047004a429fa13b8ffc961f5f96c84fd2a2f86c9b00140b175871d8a5f4511ecd0bf3e3c7df7bd47c906ad047483aa5731b9569df38e72b982b22d4a31

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5e85e6adf440a608a26de8a4f8fc830f

            SHA1

            e4dbce6c3e590b7c6511f5e8cb9764a4a0ff694c

            SHA256

            8a82c772fb3b248de0d6ed7e831a9664c4324271e68462db8e9a3f5dd67d1ce8

            SHA512

            f7405548c3f0cee8516e0d009dc8ef4d799474535b80be8830a781b0c7bcc0b8ec861dba2c01200227a68680e7864371920724a874af2c552c44419be57490dc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e53dba473f4a01f4042e2496b341a238

            SHA1

            5906c8d1f325a61e0d18e856ade2b8944d77ac03

            SHA256

            1cc0ee152482062cd8d387ff46513054e4d01e3657e380a0bf4c0c74f9eeadc7

            SHA512

            3b2df06f8f6a9b10a65a83d9f925240f1e3d51a4be7fb3f5238403db5321a73e2ae96608370de824464ce5cb72c2e4eb37e61308bc4f69ad21707071ada57010

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5ba320287d5d4ed427283537545877f9

            SHA1

            8d6dc9b2b4207d66205792764a2aa7a4a823a363

            SHA256

            43828d6b2b39c6ad7bf6092ed15d04c0fb40e3e9aab5b4ede6f961d2b9f21185

            SHA512

            a75620e9b33cdf9c54ebd5f5c7d49c578ea4cb8c2272ec7f1e781b0db8629169c0b7295e2a4993f62d3caf258d2aa1a7a32042050c5a3e8f302290ea25482657

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            675e4515369c5ac91d72cf3f1acb1ab7

            SHA1

            d3e05b72bb1eb745ecf7632fdfae9ba28f69b984

            SHA256

            45a549f693df16ed329aa577a1903ab27c3a74f29b0bfaf11e823c48fbbd82ca

            SHA512

            b63e210c3b3c74bfb2e047916dd6e74a3172a78e46397ac11b2d095999a48b5b462b5a7b52542b831b1be33ce43ddbd5cf285fd7ac2335e4a1f852c9a0abee95

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8552add0445c32d46ff1acada367a479

            SHA1

            14abaf33a9d36a8b8b49ace4d928fe6b3ca99d31

            SHA256

            c85395ba4b3ab18c60e7c2d17b6e9b4d602b2db597fa47d70e58fb7f7f36e736

            SHA512

            3bf583a075c470f54352887a51a0949d4d80bdaffbf75327f4283a3d77d3dce20ad1fc71544ad549fbb9766b9c6155ed0f8a72ed662318a3d04cdd237a3561aa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6b6e1333fc4a1100618c672cd66e8550

            SHA1

            cd95be4f2e73b90e8c1420655db2b4aa8d787953

            SHA256

            6166263116ff4a8013fbb65ae43b673be799190e520ccba7f5b99b1da5411087

            SHA512

            fb4d0c014a5ed17fa1c77f07b0949c5cd0a5b6ffe5aa2f81d402af3d3e134892152f3f88954f75cfbac7c16bd853c19019104d7c90e5843b173a92b65c3b1f58

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8390eb560207d0852801302453af1047

            SHA1

            e3adce83a00320bb62d336d8dd7cae20835f77e3

            SHA256

            b94044a65af01fdf24b1de9d8da5798bdef723ce64f7d0f9dfadf31957ed1fa4

            SHA512

            379b89555e1144d75d79f78a8d69288147d3225475c6b6f59b33d08adf588ac9b4b01ca2b0ff41c10fa3e6f56989a67effd573c54fe13ca76dab1b22b3e61bdd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7d498e770231d6acb36fd4478f494899

            SHA1

            fe63b7610173e87293a39a79b05b95ed81a2ba62

            SHA256

            aca715a2c59197fd7612daf0c90d63d465df68d86a326b475f560367b412f71e

            SHA512

            08760b637d2dfe22300faef8c9f35dc97c7ab3ef8b64299c3f68fcc8b5f00de5e26fbb6307930463ce745a1c506b77d11be7fd512b3903ba0fb6a91f44df03f2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a7130e375343e10ff49b5b46451b0010

            SHA1

            b97404d7e4588d67a879d439d9ff0d5476e0c78d

            SHA256

            a9acda76cc31c59680eb36510c9678d0edc88da012f0e8475eae9f2d7bec36ae

            SHA512

            a499f4d6969c97eb42665be118cc27415213a5fd2d454ac0e6957644eaaec1a952cbe75451f682da91858daf3071935c1e21de4165574a5455d2c0b9848a4cb1

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e0ab9e01d469297251fd038516274e26

            SHA1

            37f3ab28109ba03ff287c2c70b502037a676e75f

            SHA256

            52e863ed08f42eaa26342abd88da17a70fa4e02ec233cb3150f2bd86d976f041

            SHA512

            97dc3e32b078e8123692150834c9b1da45fe1505f6f037c8a15f69c546adf29a56f1d7dd51fdf141fc57d5ecb762b7d58ecdd9d711092adcda48e743a08cb7f2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b5d6a4ff98faff1e46f3ee47ae66e223

            SHA1

            4a8be7dc8b418714796c172f456cc2fa9660b858

            SHA256

            8457241f1dd6500269551447070dbe9fd116095bd83cd354773da82ae1a5033c

            SHA512

            544cdda8210eed768e27e076065abe64d189499df8f848d94a5d94fb82840d18257ba2b14256bd8b1dd1adaa1183720c5f2ed03417d99f9db0af519b6bd1ea0b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8d2d947bd668e238b8d841cfd1c1b99e

            SHA1

            24889c22900970ff30a37678ddf615f07860f1c6

            SHA256

            efa865ef325c36ace46c92f69c92df26497456a23019498bbca514415571f95d

            SHA512

            a9ff46ba47c44516abe2cb8d7f9fdee72debadd591e29f1239e31898f8b144712260e3d61ab452a764cb0a38ddddf0bdc75b84257299d446e269e63a8e2ce326

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            26bd59306d8b1b3e098886a7237b71f6

            SHA1

            c10c83caa7394584d7a584519133ab52722e5a70

            SHA256

            6e72fe1bc6fdbebd8e2f51aa437876ec17feedf2ba8ab83778471a724f1fc19e

            SHA512

            f3d109aada43cde8812dbec85f3c73bd9080ee5de1124f4c2d6b061f4ae5bd319f3d146c5047047e22bc60cb65510f6d14ce88e9ab2c3cfe6a3df26254767956

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2d56024b7aeede04fe38d5adf5dd334f

            SHA1

            a4b28a443f843e138b52e7bbd5f7d2ab667c1103

            SHA256

            6ae1995ae4eee34c2812c05266e00c7ad146b4fa1d1806feb4a66301706727eb

            SHA512

            3235b1a5fb2c2c2207e5d8c34a3801fd11d1f7afe6c27222873ad58c29e6d8e943f0876b73e6e7160bccc909478c412e215466045110a4b9aa75a75fc3ff8df2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9506462a70c81b265dd6b55e2a0aaff6

            SHA1

            f6fb031291b5a90cbedee418efd061d41747be97

            SHA256

            f0c9796272bb7def5ac47329c519db79bc64f45b99cee7f349a0de70add9a24f

            SHA512

            42adf10d217c567f5d9853d188a20601dfb803918b4f9282d1cc7281df6781e0676900351ea81da3e7c9b253f9b7659c19b6a286250b57bcbe65d9ba476c1009

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            910b4a23965b5effee9fcb91f10a54f3

            SHA1

            e0fd3cc1a007a9f93419d2fd40990229bf06f293

            SHA256

            c93e56228ff13688851667abecb96e943ecba9f5a14d308e0d6453f59a1dc6e7

            SHA512

            bbb72b5a8d509dc6977cbcc6bada5b0d5cb8fc89e198a977131c449e0791629f83702644d49d9dc0b8643b60de2affc1ff59a8109ec5ed713ef778b8565d1307

          • C:\Users\Admin\AppData\Local\Temp\CabC5B0.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarC650.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/768-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/768-446-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/1048-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1048-442-0x0000000000270000-0x000000000029E000-memory.dmp

            Filesize

            184KB

          • memory/1048-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

            Filesize

            60KB

          • memory/1048-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB