Analysis
-
max time kernel
130s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
12-12-2024 09:48
General
-
Target
e5cf8923d266aa817d467749b126bcda_JaffaCakes118.html
-
Size
158KB
-
MD5
e5cf8923d266aa817d467749b126bcda
-
SHA1
bb9e2b7376c45f208f88c91cae972f483edbfb07
-
SHA256
6baab6911846e0c62b92800df7a961a6400daabfb1933b03cb75fdaf08213be8
-
SHA512
b7beee2a7f2869fce1c6ace1d48164627287b69e89add7f3224e0b5ce82a6bb5b489f46087c48999bf49b75838042cc6ae7d956419196e8df90f4eb59aae5418
-
SSDEEP
1536:iXRT3Ltk7Zu/FFSNOHyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:i56tuEiyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 8 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e5cf8923d266aa817d467749b126bcda_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:537611 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD52f9d96e59b631827e39f87e3732feefa
SHA1a413204c33e22c97756f12b3705dff94fb558354
SHA256e8bc13a5a8f02e8d0efae8932dd279ae1a37a1d2fe563f329c96d44510ce6945
SHA512f1c24a5cf3c85228ec7e11448d370003a4b931d6c7577a42b9157a5aa6893cd90cd501528351cfefb1dda35e8b18d66a5394bc1ad177e674410c0b449fc107ea
-
Filesize
342B
MD50c3a21d609bf56abc898d84851b24707
SHA130aa519d1233977a9b6bb5dcd900b8492c018503
SHA25663affc25258b9c7924678063f8e0fabffd292d1b4c49f8c002372204794e43ae
SHA512b8cf276fe38bf66d6eea64c2c7b0253301fd8926019e289ca347591c1d636d18bc4be0761456a38a70e2cc39965f37b5f17f0a9bc69a2b26ef2fcb9852c0bdad
-
Filesize
342B
MD58948e8e9c7a00274089678b870b3dfb9
SHA13f8b1a3d7afbb3fb194610e81d7b50519f7db566
SHA25602309669cc372ee5990fa647882a6b44c43d4c0c4eb78184f596057df9a1cfe7
SHA512a08ac9235c6a027fc0bbfb3ea3ca735d8c9e7db2b76e41b3e9817cf317ff52c7c99eb09f120eb420a9f7b4980f5a1151e81996b68a9995c5fa2a5f3769e144c5
-
Filesize
342B
MD559671019e309186d6c828bd0f8dd943c
SHA1640ee62a89773e0363d99b1113d3321a7e77be75
SHA25684c155734dec033b9aa40b4d2e7654c42fc510f9513d473eba6af323c51ebdee
SHA512e124f4ab29bd92012eda182f06a69eea4b99299a3cb1692ec04f1dc3332aaf1527c972186192c6b814780042188278d2da7f264fb54ebc01150901e15a00f01f
-
Filesize
342B
MD52677135412bf6ed39030fdd6410b6fee
SHA17f0e0cdab5056f33dae2c05d628ab11072cab7c7
SHA2563b1442ec822f9bba743b2f519263759a17f5dd654cc9c4fdac8abe113b6346f5
SHA5129a7e79886351c4171d7da7c7f0b9be6134571685970e967409bdb5de6861ca87416a585755ce1cc598c1e34522658c2bcbcb08ad3b9f60b156a5ba9b1b6878cb
-
Filesize
342B
MD53f10c3a3ea0c8e5dc5092c9479fe2130
SHA1fe5b1d2d8a002586bcbeaef25c178732118b8d16
SHA256838898d86bf99599e6274feb21fda41bd0492e237d22e02a56f5203fb5f1a036
SHA512efdd10c83606f026a80fdc75cbf29b3fc7ec53d63b216332b0d5c1f167a125e68bb662200ad1a1e0434f9717de35926d124464538ea6233d09c08ab29fc54d9f
-
Filesize
342B
MD5e1c4139bf48c9e08ad7959d5519ce370
SHA14e8c2185db695bc62aee2bce432bcbeb9388b3df
SHA256f58e6b18ff7390f4e373ced7e7cac4fcfbb3eb6c390f280b1f3dec211e98fae0
SHA51236dc61f5176cb9008e9d6ec1f9dd561fa9ac086e52f86f6cf67ebcf21455cfae161a5d7ff80c1e3ff26197ef5f5c5ddf1f7db5bcc78848ce3ca9690b32c48021
-
Filesize
342B
MD5696a0dd4db033c23a211ab7572ebc6e9
SHA15aaf3c9336b9e0b67614955518990aed1ab4b664
SHA256a7b84d063ce71e39d81ac71e904492a3a1992ca03b6d51115b15dc0798ea3d90
SHA512920c412697713c7b4a865c988b69e7aacbda6a1403ca7eee6a188c29896c475b8bba48cffd403e2bbe97932c8f4664d39b394a1c00f1b6fca50572e9b0eb032c
-
Filesize
342B
MD5f8485590bca0da091e543e788e5aa00e
SHA1a1171551b3fd7aed4a5d217b892085fdc5f68d64
SHA25604616c1b836a99478bced0a0617644961334620122fb5145bc2bcf78650fb888
SHA5129d11ba85326af09ec1d3f8ba3c8f97e9810019154b602bfc9e474df15cd97efeee225170df682aef2a7dc89ec4d44e80a71be4229f443e8919397a8386230a61
-
Filesize
342B
MD5ff3a63beb65a56c82e3db32d2cd983dd
SHA188a0940761109fb70291bce0f630d89f94a7913e
SHA256ae50c2ca3f7a92274bf895870bd6b6192193deb64a76a75e606399c2451cd8f0
SHA51209b3e482cb5e9d6e10f2aa299661e1e035ff68cbb9833a767fc723e6ecf290828df7c60002fbb7ab5985d87a1a6be67aa5633784f4299e14f3b55a2a4c305842
-
Filesize
342B
MD5b615f4edcaab9b98272b6ba7b20c6de3
SHA18ced69f62f6a68f57c2ea3aac799c9af8dca691c
SHA2566cdbaea480ad31892df6189258d1c700842e6b7928f2dccf87ad42176a21d9ff
SHA51250166cf1b43dee4159c1030b1103014fe96b61e99296834a68f0e7ad1bebe4d389534f81a1c8955f9892a5500e2d54b44dc22df7772ac64526d0c38d01dd4b4d
-
Filesize
342B
MD50c52d81837343995f885966563d89c36
SHA1249c32d7345abc7f032ab4584e61ac97cb50806f
SHA256c94cfcaf3ca4aaf304b556709636ada909efde99c129921a591be591322d957f
SHA512d2f1f817fb47ff49baad9c9e3f8fc81071ca528376ab361544cae47319831ce2a2bc42d23e7418cc0b83d9538fdb43b3e936d526ce0be917cf5949100d53de27
-
Filesize
342B
MD539855a94e0ddd0dfa2e5f69e21d7e869
SHA11f2d05d8fcdb24a2327c4668225e4968e585501d
SHA256c4f4590ef27996403d266a8f4145332fad6290721442d7d913efe2391ac2b0a4
SHA5123f7a4ee2c434090ddec5f4cdccc1eca47570887a72eec4f669a5523e3bddf179ff4b758831f0a5ab0b1af0ff3af84e8a704e42fe4e6d03995211297428b56c2d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
60KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB