Analysis

  • max time kernel
    132s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-12-2024 21:05

General

  • Target

    e844ee72c9e03d63c1b55e009052342f_JaffaCakes118.html

  • Size

    159KB

  • MD5

    e844ee72c9e03d63c1b55e009052342f

  • SHA1

    f55ef3616baf951afd7d7cb5b15ddd5de375c757

  • SHA256

    eab525d70a4b8ea576520aee90b736b14273fc3a69a47772520c501c4eae8825

  • SHA512

    cb3e035d3266e837bf271c3ecb38d9e88e67e3da227abb19324a10d2ca18a42f7f4d1c0aef54fa65fec725dcb216b01edbec59dccd4fe71043b60d93e234868a

  • SSDEEP

    3072:i4wJZbhGhyfkMY+BES09JXAnyrZalI+YQ:itZbhGksMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e844ee72c9e03d63c1b55e009052342f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:580
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:580 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1872
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1944
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1680
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1948
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:580 CREDAT:2503695 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:876

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5f77ae9d982bfe3eacb18f953f94b27d

      SHA1

      99539bd815f3708f6cb911804363d39ba80c9eb3

      SHA256

      a2d3e10ce08db32976556e59eb71855bd71e676e315a640193f6f4ec0b6cfb1d

      SHA512

      041fc07e11b8ff101343da05c1d06a1941e32e8531d60c7e509a0a9aff94f1e82c4a4ba00f823431bdd4ce12ee46b18b869a48f3797b75f30e7e048978f0a9fb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3c5fc4f76377f2231fdb62f69d90b526

      SHA1

      8f2492fca5b840ecd93440eb36f2d065276688c7

      SHA256

      39b769b1fc70e06e7f85732d03d1e4eb0352f59a5b8ca8713b4c79077314ce91

      SHA512

      0fd5d83c618589f8f8e253f2f2b49cd2b8546c6109d3ccaccab84352b28ba9773f1c11f586f131f081731422c3c9398482c54ea17c4b6925affa3bebaaf023fa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ea31001dd59fe0c9100c3d547218229f

      SHA1

      f61464be97110147cdbda3f0fbc84ddee9bb3abf

      SHA256

      36c35b6f52baac45617ad8b3360f98f98df5f019b5bf82abb0d44116dfbb8a85

      SHA512

      d31591e1ef4d0d7065d897947f35e083aec377c9d413c0d833d49e00b4e88f55d62f525e54ae2085f8a8ee3fa6148439a33138f821532440d4db6a5dd0e0ab64

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4c3ae46ba4158edf75e88e7047c50e64

      SHA1

      cc7f8b159dfcc1b239db307c23b18278c6cbdd21

      SHA256

      b2411af7b3707f8d0089a661a2739b55d98f30c66d05bd1476ae32b4771dd2c6

      SHA512

      cb1b2a692f589e41f83343acb3de2bbab212760d6628d31c332d70734cc8ef9fcbc7f262cbf07c9eb9a8ed7947953aeb7bd555c40c6c0496e3088ff80089b155

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1dd797e22ff1f56f94e7cf615472f636

      SHA1

      e68236cdaa428d5161e3a6615d2962c9ea2492b0

      SHA256

      649568bb989154c5254a6bcce6c2a669b32523895f4549392df8782fcd7fdf0a

      SHA512

      3de09da257ad7e2e8fd71ab227ff0a939c14202a21c64e694d21d9cce96fbfce5cf219df931f4aca615204b857534f34900af62ae39f16cfeb31f3b105e4702f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      52ed83bf42d2a7b46444d266ca37841e

      SHA1

      69e6a6157f4f2e0d51d77bd476aa15624e619a3b

      SHA256

      e8e944e609c22b9e9bd8972fd0fcd06be400b0094ad423983888af18ef1a46a7

      SHA512

      6064908832a7d45885467d0c84a5ae3cdcc5b0a97bbb98783cac675d9016a716be5eb1210f2707bd9678b7171432db9f3606805c73b1165a1c647d15528adae0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bc7b77ac395322ff46df03a6968fe98d

      SHA1

      bfbd801ad40bb3bc54d0726e1615a8fce0708ead

      SHA256

      451e320f75eff74f46afd0b833e7570cf00211bd5688f97df3bd77cdc8dfa1a5

      SHA512

      74f0b43a9e3056e4b5d76e51def547343b8657974ad7151ba10aa3fa6687117c883daabbb003b493c284a01500f88642ca59182603cebd3cf3089b70bf5f7793

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      583fbf8d2716c3c16e4f56406cc32620

      SHA1

      a7ec820c0a3cbee172a6f3a43790523f133e9d84

      SHA256

      3a95c769a55b3ab7d7b78d17e678fffed7c5184246dc1dc909966652a7e53184

      SHA512

      f1df2c7ef183911d729a4e9fe5e5f0ae1da975e87b59cc0f2c6c2b1000e556b20dc5cb678bca408265d19b44c3a60c26385b344e6c4aa21d4a39fde62ca9d9fa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0c3ae8b5b99454a273eedc7aab8cb548

      SHA1

      0ffe2970d63fc58f6a6baf1d86ef79feeedb1f34

      SHA256

      6532f0bca33ea88e478b3950b16258ec4a13fc8d5bb5960613905d4aa1b1945c

      SHA512

      c770ea1b6998d854bda6fc229042ca5a66208a36853fbe5053740cf44b733eca5b97942cc621584f86eda1a95cd51d23409b34c752c4907adab4f84e725f8f4f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1902ba53e1819e2066ac1b80ee8f773d

      SHA1

      c64d1d93d5646d6c8a1c9d669abdc83372fbb751

      SHA256

      8b1be70ac52822d933f58a089bc4d4ee21a56385f829926a985d5539092094a7

      SHA512

      f355caeda3f0c730e793718735cb9d4da86071e266b8e3fa6193bee0edadff10a7b9801dc348682130b00d39997cca867ee014ece059ee57c58cee1cf061a211

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fe9d0005b68414e4eb0446920d35abc9

      SHA1

      821322bc1f255f5a3d6f7b73647cd90f1fd6db6b

      SHA256

      d7d6b667778154d27dd198ef78e560bc074951a48ddfcb24d0cec7c0ffdb9cdf

      SHA512

      e0ef73b405556dc7e467e9ffb90e255bc479bb85764f1c19347ba64955b88072eb8d2cd267545f3638c2f96d21497b16337d78c82bfb340ec8eeaa19ece3f178

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8a393e2356d2338561aebfb6c230796d

      SHA1

      ad630f3e82be7618030ccf77e3c849fca0f09ad0

      SHA256

      f3e290bc36c96d2200b1a004ed7db609020127da3222d66cc68932e5402e18db

      SHA512

      bb9e20c0f7c18519bf3fa7232924244f7f1e295d2e3dbaa048f9f7c7acad7f6159bb31177669ad886d49fcfbc5f061e89f708b8d245133d98fda25e40b57de88

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fe87ddb6435ae266ad71f3d14b077699

      SHA1

      c0ce384693a9a1f80f4261bd9b39454f838606f3

      SHA256

      88364f9f3b696889dd07f1b389dcaaf96af5ad682a8b713098491204bcb43cfe

      SHA512

      35a39df685f64eec61e7c3d57084ec9a4d2ff111284d1ba67d16d6bd09910e368e71818d8e9436cbe2b927431d91a54a15bd2b37c02df81fc1994347970252c2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9855377e8ab6d0f5bb20e779b3cf711c

      SHA1

      6fc9c8c74f4bbffd1ea9603a9c3bd500eded86d8

      SHA256

      51d0a5813dd2a372207efb78f8850ca9a9da980d5e9da253cd1e63616e4914eb

      SHA512

      72d9c7215da1f6dcf6048f8add31ad2c30d863e33fe169ff2815645f25b7292876fae362462499adad64a5d70a3e658c6c297eea6b20782ff4ae83a5339a4c33

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b64008b3e00dd484469228e6f6724ea6

      SHA1

      53d9a2f8a5c7b096d7057ff6cc3265796f59be81

      SHA256

      02d4660c9a13e63e827f6a3ba3761debac7b5c2d5561f18f39fcdee3a55d0ebe

      SHA512

      a21f09d701fd38830e65805af18910cb791c28652fe09849889dec18c51767cca309ddfd3e6497cd8b80a704987fe0b49aa755b5cfa9fd5b35dc773a58b07316

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      31e641b64b88586a7eda1ef4bc48e59c

      SHA1

      a83b12e6e2e725bd167937aac155cb07a4772ed1

      SHA256

      6cc52603c457fc3a4c905ffcb008d474e4e6f12a19beaac2c866787b26df5001

      SHA512

      e8e7b1081cdd694e5d5463f942ee4edca36ad0d0c75e907bd6a4ff94fd4e5d5664885d8dc757d53048f0df12cc6eac1a7345c99cb9bd69a51b8be548ceb6a4e6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a99c6d96dfb0b3362864241d75838968

      SHA1

      9eb2ce776080d421602ed06ce2f70efa93a98af3

      SHA256

      c7788fff8e707919051b351e755941e4943fcfa0c5d2b9ae1502a197d2506091

      SHA512

      eb03ab8227add0456de0173e6c9ee5372209becc89ddcdf6f092427a8ce72317899e422dac544552f055bf5befbaa5c0b2561c92f0d809872a730e288555e211

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0f6b42fabbcf991c7bd2106b7bfbf3cc

      SHA1

      3a884cfddcb1ad952b3c60acbf06f1924e835d11

      SHA256

      98145a2fd3610f4dcdbc02d77b90c74ed4406775e0632e25ece83c2fae92a046

      SHA512

      26f1804c2a70966ad7f8e64c563eb78ed3dfe18925ea804eeb19b3941b074f5c7c1e9e7d2ac11e90f6c74d2999dc87d9312903f8b125def71fa535dc06c9fd33

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ba3aa6350e603de5515457d166015bf2

      SHA1

      1d612fb75b8372a4000a6ff4bf1635949256f214

      SHA256

      70d74ea77ee5a1a6899e31cb6e682c9233c43375a9a65cd6f9c7f877c1a5ef4e

      SHA512

      3c0a0a7f4beefd996f56f5a02ff24e2cc8d95e6f8c99b4ad0831574e0efc5543855fa8bfc56bdd42e7d294ba696ad119aa7555e0a244c2d4c654426088b6bdd9

    • C:\Users\Admin\AppData\Local\Temp\CabCFBF.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarD030.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1680-445-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1680-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1944-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/1944-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1944-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB