Analysis

  • max time kernel
    136s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2024, 20:27

General

  • Target

    7ab7d9822231769a383d90c8be8bbe7e_JaffaCakes118.html

  • Size

    157KB

  • MD5

    7ab7d9822231769a383d90c8be8bbe7e

  • SHA1

    c2fac917d4bd374271a0eab7c1a95d9aac0186f2

  • SHA256

    803503882366242f5376857be75680cfacb28a5090a677a701d08301e9f4c9d3

  • SHA512

    9e815fd9af1d679714fe45c62a6409dabb9b8d092bc8b7db51def4599520b509fc4d2e7b078fce5d1dd4e163f01ab52d1fc872a7e7ee4dec74fdde38aba0f64f

  • SSDEEP

    1536:iG5ZRTUgW+q0ADt9JM8VryLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wd:iUKXryfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ab7d9822231769a383d90c8be8bbe7e_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2456
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1064
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1792
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2396
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:603146 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2404

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a00e2913183a75187ae3bdae13d7316f

            SHA1

            14c737d6da8354088e71bb47e68fc5bfd89602a2

            SHA256

            33f6467eeb64ad29d932a89d2b673185179ccc7be73cb13209ddf504a6d546bd

            SHA512

            b8093f667bd57d27eb72d665af5c31d988ec799c977a906e57b6a4e91b6bf1ba83bb7b027adc3a7a832b513e942063dd40f9c58ae6a62c085a36e05a36c4ff66

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a5fe9e1c9c9f22a669eb0459468fd0e9

            SHA1

            b37c1c73c574677bc746ea2436e91d32f5890973

            SHA256

            31178584208306b0f448069cde54de08f5b80e0b3a9d3ec1a5621787ed81bb64

            SHA512

            1aecede3a8492f8a2854ec2122bf084e30c4eb3bcad032ab8b61860f070cab144bfc6983759a6743722b26abd4839827448175043b30eaa8bdb5283e6d930904

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            907f73614c627b22c25034a549a9a481

            SHA1

            4a6a360d2858b82226b268c9cc28b8797342251a

            SHA256

            1bef864821bccb9c66b778840c580082b561b401a6817eb89c42b7817b37e5f1

            SHA512

            989a5c4b86fe1ffdc042aa69dafc49a91c8e20ffabd366e222ed9e2655bfe1144d1c9f080bacdb85597872fe246aadb4534c07a502dd75cbe227f806245f9be0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            beb1f6a8e79ab2222ddd1e23fde88d98

            SHA1

            ed3d2b916fb2a0db1ad0f28763dafbd8757fbd9f

            SHA256

            aa0ca6ece5d7edf2336d220f5bd0b863cc5f3bf1fb4a4b11756edb63e622e4f8

            SHA512

            18717634f69284dc2d6d4582cdc77364f07e7ec5d4fdf22ca1154eb5c1dd42459f7b69ea0fea0cc4cd6575cd013056a07bc9cd390017e5fcc6f267cfc013aea7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9de403677e85b57d790a3b52980357e7

            SHA1

            f2b8673a162d7fb1ecb446a7004bc652beef3947

            SHA256

            bce680635e5a5231a1579ba61d9d8ec4e9e28765d08f841c309664b3ac38d0e1

            SHA512

            1fbf431864496b009eff9f1a52cfd26691c30d52e2fde2e8adbae7b3369f90326fcabe110dd9e3063c6be111ae85160cbd53003541f342d4ae2bbe407d03ca68

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            329e0ade426c46bdd79a0625ae53e2eb

            SHA1

            62308994286a2caccab860af8fdfbd4c5aaaba89

            SHA256

            64fc0fa4ac9ba593bd7891f2570ee72a894a8284108221e8f386eb9ada0dbc84

            SHA512

            0b2c9846c76d3c3b79c447e7ce86814313fe9d032c95b5fb66b9c150f4e58b28270f5752350d981a1825ea9390ac39818b1356c571a3edce9df29d0a817d5d72

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b19ddf25cd5863d07c88fc8bfdfec28b

            SHA1

            eba2cce89e963ca4458a3e3f8fc20a6b1ca46d1f

            SHA256

            eedc028b0ca19176227ff0b707a381f6193abe6f9ac24ca25c64d76c39a0d50c

            SHA512

            80ba2f4fea9ee843d26596141686d1e77f3f63fb973aa77250050cb2de48fd0c1130930d665961412fbf4d635990368415a6ecd199d76846c4177552d09dd1d5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c63ac257751de17bc833178c92f72fff

            SHA1

            1e464e86e77dfdef280438a4f31bceb2dd654734

            SHA256

            4dfaec837a7bc43fdd82e1570220a7b5d4b825f21293fdc3cb8d61c73ecc86aa

            SHA512

            28c8a7311604f8545e64e6c4c421dadeba9a750960fb454a6f0a3a05d4936d50534f90de11823510892b8706041e0053a4a6ff03745b26b16f2c6a8ec4fe38f7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c57adff8b47555b8df0893e31d84cb7c

            SHA1

            07ac32443439bde751daf9a54daf1f47e498f13a

            SHA256

            5b114e6e352607eb4b6f51f840bb48f24458c14f232f6d086e1e901ac505d84a

            SHA512

            17211f6e7ebc1c222bc2880c8fa09909037e4b8ef9b8643830280bcc9e152eae77824b13cf2dda094299d5794b35adccea89a6e2057e40ab806956b94f690440

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            84ef39fd20c09ba664019700c796a044

            SHA1

            4bd2bec41442a005aeda5045233afd2ae412ef14

            SHA256

            0551e9ac3b834a7359f885140873762269548d8e16136c64e52adab60ac63267

            SHA512

            b74ffe5fe7990b67b1fb326497e725812f6da9f713ba2b9d572ac37e5047f1957eea6a5453cab2cb0e4c627aa8e339b67842b0b8ca236f1253c0b486c772b85d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d092f2946e955ea94ba9963a9edb1192

            SHA1

            11926d38423fa593a2b1014bc60a6b02dc3d1aea

            SHA256

            e42b601a525fbb47deeb8053f8a645a7259a00a41c7ff7ec5ae16ff9a9de4394

            SHA512

            b6e6afdc5059bf1d06ca3ce42c7372ad50535ff3d9460b622a8a79d0a112e9c9262549346460bfe73d4a6cb9f35862b6c5e06bbc0e683421fc290bdd6e6fa21e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            20002454499ee532950c4c9c9b4aa9ce

            SHA1

            f4b1ac439f8648d27b67a3e2df519b104c69470b

            SHA256

            23077c5bbeafe84a04eb21168869ff958afa3e338f2d523adf2c847dafd40087

            SHA512

            0c798d3b1739fb0be3f34de02bf745574ba590dd60030a4dcb369e78ae0d227b4c7940e6a421cb08e843b404cc79d765b7c89a268e38f307548f80c1fd526509

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            931d4966f7d016a534bd6ec20fcbb8fe

            SHA1

            fccff9cd80b175fa12c6495d4aa2df74b82159c0

            SHA256

            df71001f25b368bde7b6c75c8137cfc95b804f90ec333ef3676c6e45dba536c3

            SHA512

            d9f2bf879d37b04bb549a5437ecb16c8bafe6c6eded3e981ff8482d789bcff069048c2e01460d7af501428bcaa7e8b8ea6f82d6363e04bfec476d5bdeb8017cd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b8a957642f506d235cdc9072cf550d12

            SHA1

            8cd8da962c3f43aa67ef7fa6338f1d03733a5d13

            SHA256

            6fcacf1934fe817f749b3246819d1a6c44a584ebea5bce31cb6e6377a3eca4b8

            SHA512

            658bc4f73a5f9f8f4b7951311d0419af175674ec36762e61dd66c3f3aba8c18143ca31063df6477dd7ffb1fda59d957d42af4c00a547b81d19f89331b75e6c02

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b18dfecb011389586092d2c9f7039407

            SHA1

            3731a34a5c5b417f0e807cadbde5075bc1249f06

            SHA256

            70d102d30a67600e1127cd3f017b56979ef6c55caa8e7e0a25969d3164f53779

            SHA512

            5eb537139da9f1f9370c2721cc53ed8fd34453a1dc579be1d4d2235e75c9f5c87aadb06dc97f504fae9a1d1ac612205b24b9fb110cdbb6f979ca9a1ee9e71258

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6cd26f0d9d54284034282464d51981f4

            SHA1

            d845b080c65cc7e33b4c73819ce7f2a2ffe27900

            SHA256

            3b4074cc71166b4fd1a2ebe822fe0d1cc7986d19a21ebf19287ec2f974bc93f2

            SHA512

            18803112ca2de3c54df1f6612caf661275d32aabc5159deb65e67efbfaf70c8c87ef03450ac57b28012b1f3f6403b82740232624c91dab59c82031b2f0e93387

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4b1042dc5eb6737054306cca003a4b79

            SHA1

            3082056a7b5593ad345ff94d27810c967bc15445

            SHA256

            3263f1876ca1fcd09fe3d8e9b0be095da3183896b4a8b064f9d6943250303864

            SHA512

            544369a5dc3ef0d226318a998868464d5e47c0c638a83216d5b96c10766335e16298e36be9de70c083f287acdc54e30b916a9c25a313cdb8416411acd79e26d8

          • C:\Users\Admin\AppData\Local\Temp\CabDB61.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarDC02.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1064-435-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1064-436-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/1064-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1792-445-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/1792-447-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB