Analysis

  • max time kernel
    131s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2024 22:37

General

  • Target

    ed0a1d5ab1c83afef4144ddacb316de3_JaffaCakes118.html

  • Size

    158KB

  • MD5

    ed0a1d5ab1c83afef4144ddacb316de3

  • SHA1

    7b9b8fe43e8aaaaefade490fe4a56ef9cba1e8e5

  • SHA256

    ed1b2e6f2962309c111816f9a84d250d374300d38c7263d815020d4ae833f06f

  • SHA512

    041fb631e4d934827b34ae0b67afe9412c7d54da55772b06029ed0b5a91f6211b759a58b3da383cf1b8bf89e08bb3aa795f1be3a2f210fc9859307065e0a149d

  • SSDEEP

    1536:ikRTHBEUfByLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:iWDfByfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ed0a1d5ab1c83afef4144ddacb316de3_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1152
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1184
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1512
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:406544 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3f5a535988b1e8eca85a182cb20537ff

      SHA1

      e72a8f2c94ba5d2689d823c0ea193684c70539a0

      SHA256

      c7445011a7f92c985083aa736785e54a5e7d972e3368e98d299010fd0392c37b

      SHA512

      242328a7f4372494646c80ef7199bd1a5e0e0009c3ccca2a120c5b0a5d190687848c31fc4e55d6c5d54ca5bccb056f1245ccafe86aafad49f2de795ebb44f5c1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0dfaeb56005ef3c602c537b2d8e66b58

      SHA1

      d1a8cebed124344c1e252b31d6a68ad2762d89a4

      SHA256

      3c2bb14d6bca14791790b25fc1333c337e2dcc6ff7e27c4a69a8489dfc633b05

      SHA512

      e2ed85925c5cd81b26944f02582a08c8db846a1923d5e55f4e3c9915c7d00c1f34fcc43ff8549faa39c3686b27a7736cdb62a42ae1eaf7d60807b7865b2b6736

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f6da89b15a6f31f892e81ff5db09aac2

      SHA1

      cf8fccce86b513ca74b5477b6f18ef634edf3923

      SHA256

      09dab2354f1685e653ee44b900eaa37625f2d9e2998bfd30f30a49f6fa93abf2

      SHA512

      4c491a8b46c26dcec1815571485f794afa8b00be0b63ca638f487ef2fe1f547006ca30c2053046eb8742bb287e612fbe958d2ad46b72c73f37236f2c87cded77

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5fae3888cad31415fc39458e1308ab99

      SHA1

      aa864f78abd5e999d847f61493a0e0ff567a918c

      SHA256

      20f16f0287f0781084bd482e6181cb6812bccfad69148b65132262d357dee4fa

      SHA512

      c8cbdc4e0de237cd5e8efcdb57338bcb5649982a796f0a9220c4337b257335c7e4bc4f7f1a5a139de151643f38553d1747563bca958858cb85c42698b2bb2a59

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4f2a5516b05e7a517dc94eb06ec05b70

      SHA1

      0f726dd9143e75f4d63fe38dbb88ba52935d02f5

      SHA256

      a67e75ca65df012212593a55a9dfe75605b5dd4fbc28df84ea029e88b50469a2

      SHA512

      4957d1d51d889c884b6f744761c5d786a5bc56d8a41c72d3c66907b7572aa31a6bb4f2335a24c0b44cf205f66c54fb5561d50b2719be0a6abe7b6c1a8ea47571

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      749a1a1aab414caccef542ab1a60a346

      SHA1

      6c693caddc417288123c5624540fafa1cc42d796

      SHA256

      df38b1f5924ea7c9b595a1d5353b428924a9b28bb23069ed76e960c36263998e

      SHA512

      7a162bb12816a01c938c5838ad3e0fe3331c793a6b2c40e828abee0a336c4198e6a1d79073f2b170b1cc6f24e78604c667ac6e841edfe6c495f095d08311cbaf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9026e03cd8d8e832cae79797ef84ad69

      SHA1

      72cf3751984154962244e05681c5e6e099e0d84b

      SHA256

      73ba96474fcc6bbcbaab9291977e71aeb8a66adc2eb53e289deb4dab10836006

      SHA512

      1f7ac0628c5adf82ee711311ae89e366ff53aeace9459445faa5d97d984bd81362036e29612f7990cdfdcf75c65f9017e3824f0f60776b0687b9715fefbb0ad6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0844ec5f28bfe1e5ce3a698552d885ad

      SHA1

      d5edac197eb4ed0ab3058f7d3f156f093bc1edf1

      SHA256

      24a3a5a7591e10e6e306be168270085e773d49bd48a410e8db33207d3b1563f5

      SHA512

      52b501a2705cc0fe75f032b60e296ff875299a499447741eeea8d59f3b639e134ff9f4c788762a9c75819c0a86d79ae33cfe5a921e9cd48be535daffe2a3f4c3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a5ad274e14b33eac04a35910973c5563

      SHA1

      1caab4775c1f4dfdbe97758b23fe6d8646d93458

      SHA256

      6d52de27b29e8c26e9f3e490ce2f62e49f8830e1f41f012608eeb714c0612305

      SHA512

      f06ad1da37e193d8ec3d3a8222288138ead50d6c05b343c7bfa67bdfeee2e0f8868e786b994f0912c21f799bec2c8f54ee1d9109910e846e5a0ad1da5a6a1bd2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4548ad7d67e89fa71bdd5e0f6133b4f3

      SHA1

      43090a47bc0846d0d79d5945f3e99a091af8bd5c

      SHA256

      0cae9aacacdfad5d44b43d67b17644188250ed5ecbb76a92cae659d13ee5c9f1

      SHA512

      aed11ea12a04a01fe8d098c1ef7bb613a8a1494f3e2ccbef49fe0ecebe6fa05460bbd71b1796df4ee8eb12a2376bb62f14a8c48ed80d9fe3d6e8718d2c9b6b67

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      61899ee25e71e5aed3c3c7ca1cbc85c1

      SHA1

      6832a143a63fc77b1cd6397b43e82d9c3f4a57f1

      SHA256

      5a2b7c7fec3639d88f1779a1bd80935344faa90b6c4a2b818c1666d012cd86c0

      SHA512

      a27c5135f01db6609d0defbe73ed4c645c0c3afb616affc04b42dbab4dab1f32bd509ab6f9213b87830bd2445199317888570a7f43d0840fea90b7e676ccc5f1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      600da3f615a4485ca5fb63f268b819d3

      SHA1

      f3f8c4a2689e13a050808ca38092a52eefdd93e3

      SHA256

      1aa2738357d8192cf8e73391fcf00e37670656a77ee42cc59829032fb326d93e

      SHA512

      6449d2b8e6a67337ee2d837a666bf62e305f425e9e435447cedda1eecd83d6805bcd473606d92ae592f29f48b993edda308f9ea06aaf754644b019ceea51ac0d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      742e3f37f9916c07190807f29b11d308

      SHA1

      aacbcf7c97dd417733306feb064210a03f49cd75

      SHA256

      129f5941cec23a445ee22de0b54fd7909b61fd45174334fcc1f7da8546f43338

      SHA512

      0b753992b6680c9e7a279f8f7ba9b0ea252c339658b1eda6bcc2ce7be90b35486276d24c6bccb5659a4866cbee873f3a54373248667f23f02e365c37404772ee

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      72d9e2d333faf056480d84aae7ca5167

      SHA1

      ec609fe7f91a470c40398cff3c1037eb86fb3e38

      SHA256

      bd9416e1dfb2e656d2fc2fa9a6b8fc8e084f1c66918c1bdae20c0d4d13b17251

      SHA512

      b01b916bd28cd976ef80f1c79553f8bd3306630f6db3cf7a8b23a3b33da0453e4e9e9140cc86272de55791d589cb22fdf5a6edccd0ba4bbae141ddbd0e6547ee

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      28550066e706c31c64978ba00671cae6

      SHA1

      c50b68436740dbb2a7ddfa5f766d8c16000dfcad

      SHA256

      1ee054abc7f77d5d49210d270093fef465c570cea265464db2a8b25bfa7141ee

      SHA512

      5ee4c5b5b61362c5bb866a244afdfa2ca2343c56a051f9377528f1871b79bbb588bcfeb8fbc2016a6f137a445f2e2db17ecb58385a6c5163fbd033575f284e5e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      39e1232589384fa982c037a2ed4b52da

      SHA1

      c2f41f86666d8ed509b19a5db7ce2e54a9a04747

      SHA256

      b0e1cacc00b1011a7aa86bece5b9868e2b2bffc80c023c363eaecf36cd133867

      SHA512

      66132db6fe67e3d84de2d354cb0fa4777714431a4f03f3eb209fe24f1752283960bda558a737989f35813213f5a138b3365da9613b364a4bc88bd9bae3fb42f4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1ee9429c0786585e8fd44be62b556d5a

      SHA1

      eac5de8791a7ea4dd0817666b49b2cd395553f45

      SHA256

      637fbf6a0a1aa453668931ba5212bbf5b598e4ee48fa321b6faa1375178ae50b

      SHA512

      4039bdfa418233f68729796b51bfbed2e6160c5fcf1c3af7417a03665be2787ad2f7451c2505245e85a901a1e2726f0c2dbca6a4c450df8964303bd57088fa27

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7f8200ebcd9b6fcf8a8b41106131b083

      SHA1

      31d37474fd10447047ad6d4ae25d9d2864e08e5d

      SHA256

      3e6e0768dbf661675f5bba1ae73b0751423c12b1a87a1e060b55df51f4077b4a

      SHA512

      75e6c5ba0ae084eb07b8b1d26fa82480061b51cabea37f5eecd38c24f311e77eab81a233f890e551f073753b96e7c674914f67930c818c0102eda719f1191d35

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      44b645bef7ca06f1d0f69c0ed13c2900

      SHA1

      3ed8589da4e8c498f92c3c5c9a2b02c1c6493411

      SHA256

      ba53001bf67589e743e80e45e3ca2356e804a38c8bf3dc821f87291a4684fb9e

      SHA512

      136df683839a26b4bba37215f91518fc5be4e712420e0eab5547e4fa0137c67890e39eb2c6df0f099ef143c3918e1fb946d60a218316035e38939ea9c78f193f

    • C:\Users\Admin\AppData\Local\Temp\CabA517.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarA5C7.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1152-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/1152-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1152-441-0x00000000005C0000-0x00000000005EE000-memory.dmp

      Filesize

      184KB

    • memory/1152-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1184-448-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1184-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1184-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1184-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB