Overview

overview

10

Static

static

3

e58cc3af14...18.exe

windows7-x64

10

e58cc3af14...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12-12-2024 08:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e58cc3af1424cce4d65df675be9c1c63_JaffaCakes118.exe

  • Size

    132KB

  • MD5

    e58cc3af1424cce4d65df675be9c1c63

  • SHA1

    a892015167fcee657070cb9f35ee1dc692eaf71e

  • SHA256

    d68fb0f1f289620d4b31ba8454d86a92f51db8c0b49f5613cb28a63df5074c8a

  • SHA512

    c75663982d0e766596dcf99880c05d14e66572f6af2757eda23f87699523f86c4237262b26704d286d61bddf5f5b5e4228d0c1dadf4506505209c4ee6f3182e6

  • SSDEEP

    1536:1beHXWo7JJ38RopAuAw/JCK4dgBdETI5R4yWWRHcgKq5cwNAsj7x+xjptlWxH9b:1Ar38sOggTI5myWnqeUAsIjptlE

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e58cc3af1424cce4d65df675be9c1c63_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e58cc3af1424cce4d65df675be9c1c63_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Users\Admin\AppData\Local\Temp\e58cc3af1424cce4d65df675be9c1c63_JaffaCakes118Srv.exe
      C:\Users\Admin\AppData\Local\Temp\e58cc3af1424cce4d65df675be9c1c63_JaffaCakes118Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3032
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2816
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2828
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d96bb78c95f767755619b4ace455592a

    SHA1

    fdbea93ef6c2fc426580ce0ca418027fee3a58c6

    SHA256

    f8e9a455a92833bac5f3d52ccfe454bc73e5facae1f9d077d29f059d9b8f7cc2

    SHA512

    05e1d802352b428a6daf4f643fe6ef0e1cd6c40791e8788505d8664fa1b85c2d1c14e58699d7604992719f16392b490b9233ceb830bd3c6797d3da20e61bf40c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    786e8888376fea82ef05388d342ca53f

    SHA1

    6a207ed3d1367bd6e0489a4d4b6437da8bf3cc11

    SHA256

    9598d48cf1ee769bed3ac1eb56392849f4630cca44fae3a2ae2686129cd07dc1

    SHA512

    03183da0e3b940e9691c54ce3b2637dcca13e4c86d169d77c474d43412acc723252d00de9e9e56a8fc43e6cc0e390da973870a094110de8190ce16e358a02f24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee11479e89dc8ddbbd98e547c9ab687d

    SHA1

    7db02780843b7e017bac74921799afa0dc97215e

    SHA256

    71736fba734656e2c1bbcd40a694bf5f37691f489f41f4b6471414342221e36c

    SHA512

    7b8e375804a9fb8aa904a0a42842116226fce4022f07cce1d15db9e16525f14fc7c0c943130cc1c73f01f406bb199c13901e9274047793bbeb9a90ffc728e72c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39f7efcc6ebdb26156e07e498657e689

    SHA1

    ee349ab2e592666d8c49f7a07365b17e5a2b785b

    SHA256

    05f42575c817b23771a6ffd53462c3ae30eb882d9298673536d6cfac94207e39

    SHA512

    39d4a8340ddd06509ef3e7311dac6ceec3d382f9969a2194d6723c78c2822999d83bdd600bd9d9b24dba7baa91ca354d140e6c55e0b0e0547087f18c1a767ae0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49fa95ba62731b9518a68cc368c3f2cb

    SHA1

    216e08306f35ca6fc3c8ed8d582ec4efdf098487

    SHA256

    9f4128229d4d14b5c5476188cb40f49cd6e5fe13f4ef1b2f0a42d490eb531fcc

    SHA512

    5bd19873d968d76f40b503362b4313c87de810d94f4becf9b5fe724b88def83aa9a0db1fc6bb089b0e371a98e743079041e82b8aefc4619e3cfc5c03af45e0f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b625c722830987e78d485cb7489df89

    SHA1

    a0678dbb3af8affa2b7d806e62a21bb68178f9c8

    SHA256

    0a83f4d1a3650c53efb4d5ac6473c9604e7da02d63cebcf2ac31dfa2109b6db2

    SHA512

    60b8ab2bea34b32f4e9c75f45d2b5b5fedcc3439a07c91d6a4b834d6210e9837acbf544829084567967334809107c4cc74923a033885f4ed0cc35b923ed46001

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1e5eb808a197d726687731b019b9c48

    SHA1

    39f1105b1ced72a5b9382a6f131fc68c8b7799fd

    SHA256

    f6421a999ee740ffa79a202e83308774a7304dfd636c422ca18c98cb152fc9e8

    SHA512

    f02e9af9dc4f0a2dbd2758c783db24f21c4852e23455346096d7fef349f25e48071f80459e6e1faf5fce4314e048a22375d91700bd2e02e3d9c81d082e4a623f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d547c4825a2a0b03fa237f4d53d9e722

    SHA1

    5e7ec522d6591394886b51640262f6e564651724

    SHA256

    d2b35168ee95edb4b7eca58da6834b70f868e54254871ff5814ab61404f7d569

    SHA512

    8bc998b3b9af02effe5c650ed58ff1649df2a7c5a602879aea23580fbc098b6f729e932434de0dc4c285ac37b59a743672f008fc7a9189f9bae78ca44644b3c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbe655dd447b1713fd5b6fdd4920bbf1

    SHA1

    233e225d0c2a53359a56e7b1cbe4f91261cd6793

    SHA256

    d434ad04d12db6f93599aa7a464030133e1e064a006e3ab605d50b1441580856

    SHA512

    2eb538398b9efc9316a8077fd6b2c0247542c6fd429663faac47f635a9799f74abb277bb58817472d1a9788a3819491a01c4f49079ba7550a5af9f075e7a76d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34fb81ab71a7452ce476aab376c7fa2a

    SHA1

    af224ddf904e731c0c0c3831934f7102ef4c99d7

    SHA256

    6826392fbdec04246d384687b33838e7f571f2a629055881b2c34a1f8a262557

    SHA512

    908d8decccffa8c326522dd126b8e9179fc64f146b04c74ae135ae2bca6aa16c5bb66b6de9a1d4273831f855faaef4f3ae0327914e146206af08fdeddfb88834

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0be7ceb45790da6011580df04b87d599

    SHA1

    3ec45995de6e643dfe64f10330cd8dc6a0b612eb

    SHA256

    6ce0738436b483f8e46085891b1c5dcc4370016bc193c7bd40d8635d886fb8c4

    SHA512

    7c09b03a8dd6a5e55383cb558b8976bfa8435ea5cbbce53b57c8a392389807fed60cce4464d6f73e42288db9bb51b2978924f9c16a180d02135b2b73b66d0d1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7815af3d1c2591d3cb189ed4e824b5e0

    SHA1

    67344187b77cb73298c23fe7e71bc4d1143895da

    SHA256

    0aa9a13e4c14e68792e781d246cce8725d1fa0dd7649414b2822f4c98abce92b

    SHA512

    ff537e8b4f924eb6372c7097cba217bde1f99f138b166048e8f83d72942f93861f52f4f1e47195d8376cde92ee90617c68bd598a690c770d55e63e08939f06ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03e42d87dd864e55d6a355e12bc7d4ee

    SHA1

    2cb17558e4b655e95bbb3a170ecb8c7895d406a7

    SHA256

    257871ba681ee508b7e731ac4af1709e5dfc891df0ee3c1c42721439c4589479

    SHA512

    9b597643fc0d96df12d773064983038150209ef76922a7055d9143402bdd1c94c28c258d2a326cfd74ddc01630dfce380ec68f000bb47d9264095aa8d1774236

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b63767f849ef1ad8007a7f229df700bb

    SHA1

    9eb799c55a3c5278f16e99c1707d251a914e09ac

    SHA256

    a66b2375cf2dea73c645d9b81296feb5cd1922c54cc46409c3520065240730b1

    SHA512

    6ed34e2a26c997eb183843764682266350a82a1320c31b5a480c97e01010028cdbb24f43a7c92ca8f0988056198d00bb6257da7894e8bb79ba82ea6a83ac28b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab49FD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4C33.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\e58cc3af1424cce4d65df675be9c1c63_JaffaCakes118Srv.exe
    Filesize

    48KB

    MD5

    c7b9f980a821ccb3ef9f5df56bc3cf1b

    SHA1

    5ecb633a94d5350d461b91746df238129392f790

    SHA256

    9b88fef82ad4c6320c7672f3174de3f39b792e377787e1ce9157b29e23b14e16

    SHA512

    a929c7ccd60cd924589ae698602eaf26369bde1a74f809c38084bbdb772ae2431a72fc6c323935abd1b8975113724cc1c55c6f113b404f4ae842a340c295626d

    Download Submit

  • memory/2784-8-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2784-0-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2816-26-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2816-23-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-24-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3032-12-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3032-11-0x0000000000220000-0x0000000000233000-memory.dmp

    Filesize

    76KB

    Download