Analysis
-
max time kernel
139s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
13-12-2024 13:24
General
-
Target
ebb59f22b1ecc8de521483ad53eae27f_JaffaCakes118.html
-
Size
1.0MB
-
MD5
ebb59f22b1ecc8de521483ad53eae27f
-
SHA1
f01cc7c03f0b4c658287cc35c643be21609759fc
-
SHA256
e9e9088de53a528bc1a1c74c97b7ca2ae1f335d3cb18fc5d005a20c5bb180315
-
SHA512
f1294da2ba0bb48d35c6666ea8cb0bfb6e2f3ee7402543da829cf5cc9763a13aba665b21a436f288accd72cc96be256c11e6397fa2afffbb0569b30a40004391
-
SSDEEP
12288:im5d+X3zjVw5d+X3zjV25d+X3zjVh5d+X3zjVw5d+X3zjVV5d+X3zjVP:iE+TjE+Tj6+Tjv+Tj0+TjX+TjZ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 5 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: MapViewOfSection 50 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ebb59f22b1ecc8de521483ad53eae27f_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1596 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1596 CREDAT:340994 /prefetch:23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1596 CREDAT:275464 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5fdaa3190471962e24d4afe1291312229
SHA10d931b6a562e745ed71d8a4dfd64452bfb32563f
SHA2563d78f07b2a94fda15aa1d12c4ac9cb05f9e0a57c389c01e929afa1b1b382c95b
SHA512817a83362c6a09bc044bd7181a3c3dc1979c60a7d9c2f72e03fb54e7fdc383c1ab1b4829967ebcb790eb62f523f2fb9664a983c05e3f659f69a01872225c52e8
-
Filesize
342B
MD5344502a6220aabf33e2ab190529595ab
SHA1a27848e84e4f5b29a8ac4929af0ebe0350b0a1fb
SHA256e8c0db044b759e9b54bd7c4a317858de1c4d9ffc7d1b3dd681b9b71e61e221bf
SHA512fd6eef7c3df4d35117848b9ca100dd4b772a00a626b6be0c815f68e76ab20753048f6cb63ffe15c1d980f2e8a0df3d005eea1f368bb9e165e598af1537335f19
-
Filesize
342B
MD50a312133e4312e18e5ad1ec9f087c420
SHA1b4f15b76ac7bbeb8e5a37558ba55655c73a29c2d
SHA2561ac295b3678da6e651803564f97671e71fdeb9596e21da7f22df27add788088a
SHA512b813b97e41789829a5493c6da8a4a29b160137619eabdfe7e27972759cb9c5fdb47fee281650e224d3eb695112b97bdbe7fd2714145e7e0f58593254b42398d7
-
Filesize
342B
MD56500d564d9db3a76461b913266ef29b5
SHA12f061cfece1525b3a2e86d3c732c0c74adda8c28
SHA256d30f35c0b6a291faf8e5acd2f111f54a1dfca18d0da6848ed6c73eed982b30b7
SHA512b7dce75aa1540faad67b2176279e4ccbb7babfc816b09a5c4f50d5f731b3496da000fa275336af257b6110a64f124a517cc48b017ebcbf8ac26ce24986bf56e8
-
Filesize
342B
MD5c8f7c1521c99f48314d8d28673e8c415
SHA16c850c19650f545b1f23ccd2b9371b5b160bb9b0
SHA256a280f6daf28188dfaeae6abafdc46782c4fc6c197bef3163d480c4dae8113b73
SHA51278fecd47475f48132b488244749f728e19b60711022adc7c7a4a7c470ed9e664f616e925d36162120b8ff5577958d8176bf2dc5f8ecd4e10e5df1b0c2945e801
-
Filesize
342B
MD59e251ebadd64f473a58ba2e91a6d55fa
SHA17e97048bd3df95a1c34ecae2e097a4240c3e3f0e
SHA256fe2488a6ffbb0516122211c674a3fafbbab5e1680c7e89421b3a79455176234d
SHA5122e045c046e48d04452529002513d2b95db7c721fa565ad0fe3907de814bf3f0c80b4a450be8c001b5628093e009bd70614de4dbed23dc93c87b6964cf86621b1
-
Filesize
342B
MD51e12c6bc42f79a4091666483476500c1
SHA1739fd14d4df89d04cd322d019ddabf3604e736fc
SHA256a376df041b500b0b290476b76835d1505772b2748d15425450b8e77df92f10cf
SHA5127494f30331b0820299d614f57737ad3e09d1b43a2da6bf80ec2a3d58e06e6eead87563ffef23740f479d0bba1da37b13932bf7de6de1656bcc99457ddd3208de
-
Filesize
342B
MD595c91d89ee99b6199e771d4bc70edcf0
SHA1c1418f7d2993f1f5326c8e1096d5b3a74b2af774
SHA256e119655cb9dec2abb56c4b19c466b3ca110dec6c99a1f7b4c88566114604ead2
SHA512b95a928cefef66c528bdfbf0b630e474729f09153535a2ccf459cbe4cd3e41ce74b1690defe7b1dbe37cca37ce1075b2bda7117242196d47dcee4dda358819d2
-
Filesize
342B
MD5a6b096fe454e3eaf341de7773a473005
SHA112be68e646c68082de0267063e4da47c0089b882
SHA2565259b0f776db5715394cbb4ff5eaaeda1db3c9e7d5833e8f74efc2a7fbd68917
SHA512de629465cd784f8f063cf7cea606c0714c576442ebefd868f492ca3bebca1891755b5d153ba656aedb6ba8d3134a64b203988fe29b9e77c0112597bdfa4fe86d
-
Filesize
342B
MD50f95e9bacfc9e1c4150a46abd5dc57c4
SHA1cb8a5a8e697b4ead29c04f53df051a3a01fd6d83
SHA2567b0b067b898f809592e8c3e7c5b5160dc39512c230b4fd3c2a51d23476e76fae
SHA5126ed6c8aeb1f642dce16c7e1dc8854271ca015cc00f6d84ebed3a62c7ca3dff7d5ae2a09c95abc02ee699de29b2fdcc89f8472f1a31f9819a09bac544b371cb64
-
Filesize
342B
MD50d2da7f7cbeb09e9abcb366d0b9a0de3
SHA1ff912d86109e51020e95d9c6bb7817dd417b7abb
SHA256e6b5ad396c16377065dc23e65abd8449dc3f6d7082fc6d52216f902bacc636e9
SHA512f9ca099b508d3ff197f29c61702e6b57ea5ac29088fadb34a71219808e99e098735151bd002b5f4a2e5eeef59accd0a11d05631b5c650046fda2d40fe41d0371
-
Filesize
342B
MD5429ff0bff0575267b076b91e9c5c7ee7
SHA1945b30c4bf454fcc5b846a480ce51e61e1790aed
SHA2568434111751b2d2b4c077c08178334f6469a9e10048e0fe9b0db4a7bb5782a5a5
SHA5129e42982900d2dd5e8755299838b022d31a94c1a4132f3485c725472c2e94298d033f59b1586182a1b176cba373df68025ed1ec1ab5945739f755085fb9357947
-
Filesize
342B
MD5323572549bb07d694720272204b42ed6
SHA1bcd71b2d20ee50639c45b58e40e9f2d2ca9db01f
SHA2567e0acdce424f2776ec7858b2dad3c4cadabea8c84c54f95eda7f268d5489204f
SHA5122c8da89107520db0605ffe3598852d94669bf7812ca199c695cada9b629de92193a4edf256ad5a33b24b6d283a9e03f11c440c45bcd9bdd7ea86d69b100a9b77
-
Filesize
342B
MD5119629709cb67a172f38c59449ee59fd
SHA1385e481e9f43a96f82843b39e8b2794e9ebac2b1
SHA256618a0addb8ce5ed2a37f3a55d230995b3ce3945c87a2911b59502cb8b829fa89
SHA512c1d43ea5f59d74cfb387d6d6f0bca5848304b82433c79deab647cf42c1200a7a8fa619905a54af5f5a5937c20d8783d6fe5da52133a6e259533341ef0504292b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
84KB
MD5666faefb80b2c2c4028875ce8cd6f3a0
SHA11673f5ea1664c67f539a7c31f7fe7cea5a7ae63b
SHA256da43233d34e8369e6802cea5dbfa9fa46b07b544bd85edd8f256692a5d34fbd4
SHA512c375ced9c64a0c33e2af498fcdb81c995cc6254e9f6d9f8d7fbd90571abe4ac00d3a1eae51eee4e45c88aa77ed765d86014c043950ff06c0367957ec6786b41b
-
Filesize
4KB
-
Filesize
212KB
-
Filesize
4KB
-
Filesize
212KB
-
Filesize
60KB