Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
11-12-2024 02:49
General
-
Target
df98c718f63951ac480edce6bc4b6543_JaffaCakes118.html
-
Size
158KB
-
MD5
df98c718f63951ac480edce6bc4b6543
-
SHA1
68624e7ad30ce094b2bfdbdda661d1ed4db03538
-
SHA256
540fd71bac468ebd059e37638d80ea0064188c28e5df6e5bbeeeb9bb2ba3695f
-
SHA512
52ccfec88b361c86adab33692e4623e4ecdeb6c86a0d57b7a8c159a8a591ddf95033ab943019184f26ee40aeccbf11d668cfa56e484823f8d76dc02f8b1f0fcb
-
SSDEEP
1536:iyRTx11TWbYVnvmATyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:iAkUnvzTyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\df98c718f63951ac480edce6bc4b6543_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:472080 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD54a3977948a26327cda4b0947da1e35f5
SHA16d439ea158bbbb53b1d1d3f0d26f0dfe44fbff42
SHA256f15a9e2be8e64d6b1c98a684c4c76a7d5ec0bd5665885220a1c04a2ee7e0a18e
SHA512e80f2e09bad18cd115354494bb039129405a8d77e93448357e3762f67f6ab01ffd648d6d21dd55e7b26d7e49137c8d7f1b4236f63a5e8f2a264661bebc397abe
-
Filesize
342B
MD53ee8b1f0fc3e3d29712b312dfc2f03eb
SHA11fb5660e0b467dd5115db8e7eb06bef0f8ae3d62
SHA25687a5be4ef9fa0b15171c562fc93e4cee5c3b185cfc8ffdd605757c86811014c5
SHA5128bc061a8585b7fef11ef72181149df44394146be5e4b779ce1d7fb5ba2b3efe5703f94671ed2cd665c50bfc33c3c72e28345e595e2f225de50f500d5ed9acbc7
-
Filesize
342B
MD5fcb3ecd2a4d034c3640000c8d1e6d744
SHA1932030c0f57dee39a95dccab357aaff88e5cd55f
SHA256cc372931b5057f522418ccfecdae4d145875d32be8ebf2b88e8c54905f1885f4
SHA512eb198955d1554fcf520ed9073ddb61677325431a061c4024891117fe92de0c843fcbf76e7d238a6233baf4f4f38d6d9dc30c2e5b39212df2f1aa4883470670af
-
Filesize
342B
MD56f5ed9ea22d5f6cc7c1398bfda6660d3
SHA1de18627c1b8c6d3d66f4403fa24e091720614927
SHA256f93a8b706c1de74c62be6e5b4171d90b5d5f94fafce6dbafccb382c399f91d52
SHA512ed7ebb8c41dab338d6f7325eabd4b482023948462baa9b3fe2e4acd6e82d4575a8869edc6e0a1334f6faf381af2982ef5627fb570f6c8ec0b64deb30db5d4541
-
Filesize
342B
MD51f6433fb1650dec9f19527fd17a80da9
SHA1e74bf969d5fa732525e7b4343d22496821bf8c1c
SHA256bd7f82d85bf158a97b146a93f3e43ce9b33dc800ef1fb33bec50ddee150ef9e8
SHA5126b052e60fe5ee769c6eb70c91ef3dee06763c3ebb8b2259d517ded7d460614970c9a3ad1c195332dc4b515fd0318a7063c0539808ed66d84324d68de63347bcd
-
Filesize
342B
MD518b2a585ffe88e6fb1577330407b96ac
SHA1bd116f4760385219d0ea1b09ab9e29a0997172b5
SHA2562265997ec28177280c9696d4691ebd700ed090d9e8ee3a64d5fac3755183e50a
SHA512ecc259ce7b7f6ff78435b79cfab91fe5a8caf3f08cab1e3b04ae356619a3ce29aed1e9778cf6c162153495f5e6f66a2d126c727c5af3c0a8b65de9ddd5f3a50c
-
Filesize
342B
MD5e2b485e3ae8ef639eb946721a3b78670
SHA1d882abb9990d8a6a39e17b12f65366879cea1da6
SHA256ba7944bea230aa43eea6e3e11e9562522556598b916a0ff9494afe5f0abc8f79
SHA512c131cd3e243234a840867b88056fa83936e6d3db1eb6901a561d8b2ad914bee0e8983a0dbbae67a743a688a2b636651024e7d071c30e7ede1d451fac1ed1343b
-
Filesize
342B
MD5f601cf34e5bdf4b006763f10592f689b
SHA1d5f3ec63195bcb06b764de87e4aa341c1867eec3
SHA256bbf9b767d02f1c33874c68fd82b1ee47d5ea81217cb55f5b5c18f71204816af1
SHA512aad571f40e69b070919a25400adeedff409212e5d74fa93cfe5daef79b64f4795d2b33c72ae3e64c9a0b5ba35ef30d8208beb305cabe72049a776e06c319b3e3
-
Filesize
342B
MD56362450297ac8688d1043be7305da8e9
SHA1899b8f2bcad32c9d396f1f2212fe87e1f495db49
SHA2563892281332ea4479ccaff8278b8aea40371f12c80c2fbf3bf7481cd55b81ff6f
SHA51239ff52c4696d7e1afc7dd25fd48cbcb353893b07dc4782caf779e979be75cb19cfb2ec11c547aa51dec3edbc316ca7cef02ee93448637eebdd4981a14100e156
-
Filesize
342B
MD5375b8f774a0f0c61a032196a63db4fb8
SHA1320f20df74304fdb79c1e40144c441078c0d6ece
SHA25608ba68a0a0ba3abf34660e8514172ed35b755aabb670dc992bcc36346858325b
SHA5127ef4c8a3ed914aec2973e40d40020859d3dd4c43d513d21e53b7942223e55700a41ff0d654ae52a2e0aa00ad0c22cc441568ae84e5cc55fd5e060840dc673437
-
Filesize
342B
MD55f9d5467b00b72ef23bea3b32c804c35
SHA18748b1959b08ec373188e20abf260014a84d02c8
SHA256bba3de9bd3c7c92d0feb94dfc89290a77aaa125819d0b9f944fb73b92e96e6d8
SHA5123ba89aa100a3aa5d3e44800efb431c39ab8a1e0da41e6d71de5a069c9eb7b41efebface3e5ac9f95e877f4d60bcaf80be1360e0a49cdee3f05a949a548b35587
-
Filesize
342B
MD55de3b32224f10e9baffa57155c20364c
SHA1ccd3d61c2abc286e5702b411990b0d2a650f7836
SHA2566d8f3c6531727eab5fc512d47bb24dbe58c5d02921c587958437e23086d4c597
SHA5121051edb48f540a04276ffe425aad1146c2789dada2a0bf9cf494100b5abbce8a6e11ec106fa809f1e6a8fd5fb51e6ba4bf5e87f07183aae95874a7a19c1d8021
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
60KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB