Analysis

  • max time kernel
    122s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    31-10-2024 01:41

General

  • Target

    811036a3041ccfc11e788cff17461f3e_JaffaCakes118.exe

  • Size

    362KB

  • MD5

    811036a3041ccfc11e788cff17461f3e

  • SHA1

    7b7cb77e2dc5cfc36137b199fbff0d4c796f8787

  • SHA256

    a9e7fe11e388104ec8a387cb10a8dd184c47e7eef0e69e004c5d6388291b99a9

  • SHA512

    d6db18e90db37409d91aaf0717a10f4e300aa3e0ab44ada5d98a3df83bf50a54ac1ab491f222eb91a40f49abd8a2ff50549c51d8b41d59b3f79fb33c7b8df2bf

  • SSDEEP

    3072:Lk59fo2r2f0oJDib8iLws7ngPZwGj9Tf8:Lk7o2r2fj2P8sbgWGj9o

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\811036a3041ccfc11e788cff17461f3e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\811036a3041ccfc11e788cff17461f3e_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2828
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:340993 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2896
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    454a925e861850f23eb8e2fcde89f5df

    SHA1

    819282117ac71e855fa37ede3a072e927c0bcd53

    SHA256

    677c79babab83d8e6966d4dc14cf59e39241ee77bdb61e64281df6d2a422a151

    SHA512

    84a5d0ab0c430860e9b37b67bd184e3c5990c69e3114510329541405f6cce118c748b5eb43def07844b315a5a779120f6bf0e8cc5a363b439635ebfdef588ae0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7b0326ba1506144b345fcb8aad7f01a8

    SHA1

    d47bbf85848f7f7e6639732fbe28c09526e58fc1

    SHA256

    8b27db0c604a8fc0668ecc28b6085f6ae0f41eec0048fb83e445ef2be745c7ef

    SHA512

    3101bb1727917a6bc9badf2dd62ab65eca61d41d6c729f51219c7310d433c0bbf2205e4f8c6434ba0ad74ce72040342869e4bde042ee42fb3189711ef8316824

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b3d49c2f6a7b0e742dbebd17fa0cc631

    SHA1

    946fce6a8b8ef2016b61da65a94918e81fc38867

    SHA256

    cabb9808ce4589cdfbdb4ec8ff7d7415d7e60208735f613310af49e84945c86e

    SHA512

    e144ad3758a1c23f8ca48b0f56fa292c7526d7cea74393a68e3d755b9f9a57928f047358305086d941301d5069ea1ba4959842279be79fdc70ee37dd2b7c7283

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    28d29a7319f4d151e81c9629432fda06

    SHA1

    096d9016033a3bedad74924cc05e3f56497d670b

    SHA256

    cc9e73fad974924fdc405bf4da510db59fd51074c307eadb1853853f5f48fbd5

    SHA512

    6e920a8590fc85cdd82e7455348e373826aa6dda3c30fa4ce2e093c37151f74ca59aef467f5cff7bd3d00f4645640c0655757d4fd3d8691827f5c08b07f4c41f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6821d9396303302b88724ec8bffa10e4

    SHA1

    b98563b5cc794f42d967900679f0eaf03f81424b

    SHA256

    eae7a14e461ff5b1dde816aa4df70478d03d00b12d986b54b23339ba17feca39

    SHA512

    85016a667ec5288237f931647773b1e9e348e2552404aaa4e6de930efc7483076aa97cca929af16aaed4dc278de0e4ed84b393e7dd1c48dfb9f4d8ab9737a301

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ae69b64a8fc6e191e5ee9cf303683473

    SHA1

    ee1e7ceb4fdd3f757b425fde151816824d48a36a

    SHA256

    edd808a1e147963e54f9ab9029ebb342efb17fa031efe261befb8717da60bd90

    SHA512

    543ac5444d415fc71f300c832128d824837f464a8e6f4c914528893ff3953b5a7bb4cd3a5298b49cc11106fca0aa864e3681f6dfdf17508444a9e88df2ee56eb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    50990c446d8df6103b2bb39e5b77cf58

    SHA1

    c5620238f03391d7dbed52678013fe26e4ecd435

    SHA256

    cb303164cadd59c4a2dac709eb64c18d7a321d2a487da63a68fd8f9cf044f5da

    SHA512

    84c88396ec6f948cd758d58bb302b18a9b90a45789719bcc2b4b322558e3185dfd5bfa62727dacdd032d8f74bb0d6a368015b89ff67868b4fce7ff4ef56036db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aaaf9c874d44dcb0ad1197f30d97a06e

    SHA1

    788d56e22efdc09bd44863352a3c377625523634

    SHA256

    2604cd14966e88305d5b0baca8ac063ae09e652c3eb9b4b2d4abd3c71bee58bc

    SHA512

    9baba9b74cb413f36acc23449e127df003cb48b7a7f8c44c9b43642ef2468144bce3ce6da910fcce94951f2e6b62ab801d659505d685c9244158e2fa47f51cd9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    98db437be8541a4f736df6434e47b488

    SHA1

    65f921545de24a3f6b7a5d391848cd5985841aaa

    SHA256

    119ccaaa20a32f0640c51f848a39f44fcf6ca68e3d7ae4fed3dc00ca2f64ac70

    SHA512

    1e10dd5ac9a9a3ace4c4a1572215a1a7eb8ed3745bef8f3ff39d22a5d82b06c69002c5a14e54699a03038f5598806485415272849b168cb83c91b696140a7127

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aa24b8012da0de1883bd80e77ed1eaf8

    SHA1

    4c1972d071754d49678d37ad0699e1ffbb61c475

    SHA256

    75e6cdce89295d53223f4de4fd6e8a7f07de01a3a3610dd3d59e7f46ddea16ea

    SHA512

    70ed5c3bb5e6cc3073bc0c2f71ed0fe85fef3727356a20307c5ed7fcdfe60ec66786a8e2dcd81d87e5ef786519eb0338e392ec15a5434ca63a219ffa1208dee7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    57c67cda4c2f717b9387bbd3e274e46f

    SHA1

    58397b717f1791700fc0c9180d20f87069a831e4

    SHA256

    ba639d82e53d24c13b23a6b56dd9d0ab82bc4bb2feeeeeced662a7251fca61c1

    SHA512

    93fc9d4246f10648e24f045a5468d0d50426c1734dc400fa36a229b446a8d35528e052a976c85ca8088860d74fdc637b58d9a3028dfaac7828b1474c1072e5d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0fd90c32972dc083b7d35acc715ab230

    SHA1

    99c3c1be3ae9b9ce00c7fd73be64a6bca8294a2d

    SHA256

    b9887223f428db0d590e2039c96f1d5c669e600fe4982cfef2f5c5be546247e4

    SHA512

    e96e7a789fa6ef7ef83e268ed871d2c5e9df1643b1e3b108f33f595df276b6b6f32f1b5a781e8560f93847924f0b9188df7df312f3c1c63bf950a97b0fd4c129

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cf2bf33a6c53648a0565e06946e197aa

    SHA1

    5607d9098be6c56b5166d4ca0262cfa9b5e50d6f

    SHA256

    e4f5b33cb2a2f1d25df70ddd7d20a51599f29cbbb0517ef5f51c5d77557dd3d6

    SHA512

    42dc8e5671b4171f588888d9990b8c5c9697b1970a16800532ae3bb32fc01073f3f81be8248fa3951adc4fe4dad92ca60cf74fb8a8a1c604f1c67ff434c10c60

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b2715a5a6fd1a7a9c1e0a063c61db9bf

    SHA1

    69a6445f41455cbe71ba66d011a85eeabee8351f

    SHA256

    71ac299996615e580c8d6de6eecb7567bf64ab8c7de61554e02492fa1672e309

    SHA512

    b9ff378eb74d0cbf9361c677b7dcf039780a96481b6f1a9d41a7f130c120eda0e761ef2540f693f1b64f9a21b128f9fdfad8310a968505522be434cf39470fc1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    45190bdb8ae0b20ac6dd70210f44d569

    SHA1

    21a4442402cbb5c7ca34d511b8974fe8402051aa

    SHA256

    195cfdac94d663ad3b7b5d5d07d3bf7a7d2e6e83c11520b1d729cc65c5ec8333

    SHA512

    2037a3f3c6687356f0e1f965386ae7c5a80da25509bbe5f654efd2ecb19fa6ccb067873fbc77fd71b97ceef6c6f27fe5c490482865b4401e320fa96a25c1692e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3b10c3e9d72ca3a32558d524baf9c5ce

    SHA1

    af2e6e78cf6dc9d5518e7a6f49c56f2d661fe3f1

    SHA256

    dfc6a92e3e1f64ee56d8173ae8e6b70f39fef4d49a9c6fb1d7086be37253d13f

    SHA512

    9a12feb70200fbcc65cb27e6f05a76ec501e83011ee786a6b9225830bb0c43cb311e4960d442dd3ac0e3d0be6a7644e1f840a5ca7155a4938f73c95e8102e8f5

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5BCBA221-9729-11EF-BFDF-52AA2C275983}.dat

    Filesize

    5KB

    MD5

    ce33485dc0325520fefe40ff6cd760b7

    SHA1

    5fc27996df95c089b06242396442ca971ed70691

    SHA256

    08128d24c831064c8f1d9581161be110db08a8efb3e4a5485ced45ef52fbe450

    SHA512

    fa90a126168cfae2821f9f52fddcd648bd0eda349984d5f2fbeae7945bb745c886905c0403aadabcdc3fc6059443a9b9308488a0aad056354aa0c27fabfbee41

  • C:\Users\Admin\AppData\Local\Temp\Cab64DD.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar65AC.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2728-2-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

  • memory/2728-0-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/2728-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/2728-3-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/2728-4-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/2728-5-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

  • memory/2728-6-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/2728-9-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB