Analysis

  • max time kernel
    130s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2024 13:35

General

  • Target

    ebc045285a876542be8e49ce4771a42e_JaffaCakes118.html

  • Size

    159KB

  • MD5

    ebc045285a876542be8e49ce4771a42e

  • SHA1

    926c3cfff104dedc1417b8aa6546ab224e35f4d6

  • SHA256

    9602d25cf165561b8c6781829d4623a654c9fda26c78be57f25de3a505db6a14

  • SHA512

    b2afbb79728d1db684ab373ceb031a990bbd765156a0c726c6608229574db32ceb08d276bb49181ccbe47155b08437cbb3e4540705fb92f18ae019709d244870

  • SSDEEP

    3072:ip5JjxU/syfkMY+BES09JXAnyrZalI+YQ:iFxU/RsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ebc045285a876542be8e49ce4771a42e_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2904
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1948
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1964
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1364
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:4142090 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:264

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      71d889a7663ae4c9f6853a9a537c157f

      SHA1

      7225fcb92b5494718934871a2344b253a1c86495

      SHA256

      368a585d2eacb7feb5c5d8255129d1fa0f74308c636985e740b6674fdf395269

      SHA512

      35ea80f3f66ae12d4f1abae96654143306c8bd6a38a7e231d35903c5da8cbd5528b15847cbc693031e094a0f05bddd93a7469b82a297b7f857ecff29808be448

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9c21d793561ec848a3ea6f9e5e05e81c

      SHA1

      d552adf03a083137db9e5937a23a6b3503379e90

      SHA256

      d486ade4a43bd42a4a1ffb144e68e100d52483651c4f8cf92509391385745a74

      SHA512

      d6731cab33a227b3c7813c52d654e50d4d190479d142e322dc1f94e35f2397bdd9b0af875fd17ce3687f1eedb65b2f59a5aa6e5e70ec6145162e837af0f5c2f9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a0dab7729c0544974c8b2c4ccf7098c4

      SHA1

      55529ce14c80599c2f20f988c7cd9e6b5dd1db36

      SHA256

      d2b4750a334eddd4e065344f5c098f7c32482c0fafaf1f38299a6ef833888bfa

      SHA512

      c97d3a7dde9b2e5fca81defb611076f546550b1e57bf60e091b46591928744e6c0ac57a3f1fdffeaa25423beb1e0044c6296098eaea2d4c3d7f403b81020d8ac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dc40978831989d6eaba598720a3071b4

      SHA1

      eda623185fca1af216d845c3517f8ed856929a51

      SHA256

      7a5f85161a0e99658076a94193405fa8a251ef362ee39f4918d809b333b0ba59

      SHA512

      924fe76b4b16000b8a1f9556a7c84f21068d4fe924efe8811e5cf34f9cec26b31963f092e62eb6c8418a5bdac18a8f594c8e14db3c02afbf0900445619e980fb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8747659514ac823f3d58f4b9c17698dc

      SHA1

      4796d9993279b4737a92731146ff0e2b03b9426c

      SHA256

      673589cb76c7aa994a11f3296d5e5974f5d3f5a31d5b8cd6657ec75b3e139b8d

      SHA512

      446b476d14c1bdff2becb2a1699243344d076a8473062e95a98a261a2c493fb75057857a2c9063c5475970aee6ee5a4da31d1dc744d62e5ef14e899797c2f943

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      71a4ef7796589d379d5ba5bed01a3bb9

      SHA1

      51af992176f2d26e7d884f8310827eed6c567f70

      SHA256

      1d86d3ad60bba5d3c642a7d21605c8c097479a9eab270b1ed12ab518737510b2

      SHA512

      79362c7ce851189c10998cbcbfb2652261fb5d65e0d6159581dd984afa814fb5b1f3057f17cc9d4d14a22a83414ff24a1a5bcc14b580e21374946246050b9697

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b4e0a99957f2863eed1f924487fe9871

      SHA1

      5deab1b61487a5d604a66375152eae2e68f419cc

      SHA256

      919326e27827930c61b38240eae969ce8108ac9ea435a887cb44de0d4dd10d8f

      SHA512

      f5e19459631271e384c1701d93e707efeaa89b6cdd4cbb49b913e881b23977b64536b0c140b9dfd0c0d93852832a173735ff1cfd9c1cbc574bf546b7b248b6fd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      18dd60c7a927399c2487756dc555db6b

      SHA1

      d77a5901b71f4195e4c8195fa19d3a42edebb12b

      SHA256

      aad2e6772d5ae9da929bcd5107a2bb80426ee93d946dc5e7b6cf6e717843c914

      SHA512

      28f9418925a0d2ef79d2c442060d0389d2991fa09c427f9b59ec007144e2816081fd1df49fe33755e375f324e803c30aafc0d12475c9c57d60cc53ad5e02d500

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      89e406cc6d605a1a147d0cf130a74f08

      SHA1

      27d7fae8f8b757baac5db0f5cb9174cb6e4e27ce

      SHA256

      bb696e28adf39a95d4bbb43fc7d95b445988cc99cccdc3af84b131c963c0a909

      SHA512

      e80d07ac5876a70c1b412c1fb7f2ca575d131980678cca068d7b4bd17f0585b76d14c752586cf93903dfb314536b98f31965d4587f4ed7dcad0335be7718f27b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      befaca0094e66f9a075dd61ec09ada1c

      SHA1

      ada90cb405fc22c2ae20dd0b6c69789289ae2540

      SHA256

      82248a14a5942bee12d4fa3fdadb1ba75140a8e9582c82af479083ee11884bcf

      SHA512

      9c00325deecb16881300fa0808dd3792a05b88a5104a05874fd2ee2f471d0e859013f43a3c1b8897519d6ecba6556cb4d6631c09cc7e70510e573aceafa395ba

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4fcf6d4692b8a739b1443f2d7ec19573

      SHA1

      130a0ae327ea66006bc38aae769f7d71af5efd48

      SHA256

      ef5dd707f39135bad402aaeaab73d41234fbab36f989bd05369c68162775aec3

      SHA512

      d5a7fe5b5558dc4212d8a690be59b50e9b1561e61b4b55d15e1e07c97321ecdf7b66e680a68aac0e2b7f9d08b3a5f486fc1d82f3713b9d0e5520b95c1401ef82

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ab55e62146afc666b477e263b321fb31

      SHA1

      27c7523fd8cc4a6a34e9c9ec6277539a1eaf80ce

      SHA256

      08d3665b9834ed3332402ec5d7190f9549d2b4af6cd089f6fdee972bc69c096f

      SHA512

      2a281b3e81f2efd0af3b6d8fe8be9feaf62a626dbf970260cf1f04d7ecc0c7fda85f0b51df6f5eb6541818f273362dca250b01ed9da03447df6ee0df1b815623

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      44814ab9ea741efe16a23effe0389673

      SHA1

      a484c5ba134c4b4aec8ee458fa9411d07f489c1b

      SHA256

      504921f90f8476ee4edce9ce2e04dbae210eabb62b31f61786cec36576b0b8fc

      SHA512

      2c4fbd7f95e26201509bce7b50ccc7d60188c00a610299dba5fb42bb41f41d104472dc27da3e619b847143da31bd4b4a06d82df5341d0c47f3b8620462e437ab

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9f9e9bbf34c67659c5a7b672446b5c01

      SHA1

      c6a6cfa37f2b8ba069863f5c281adf1648637a3d

      SHA256

      36ad037aacbc14e8fb52d36e06bbc9b29e98dfd6a9d96636afb4f87645ac5b20

      SHA512

      b39df7d369d0cfc260724855acfe5c3448b68e6f19d3596a769d73619b085dfca78b1f118a96eecc9538e739340b9e609fee305c8612bfe1f25883c629274e45

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fc246af7d2c55b7c5583bab122a47c62

      SHA1

      6af2d7bffeae65488a0015482207456f7a50f489

      SHA256

      c018eb9a16d3570a367cd6d73333704b15f07107f63b24c0d8ec971c7d2b1281

      SHA512

      ceb79b7d4c94d05f38f6ef4edb1eb4286b6dead9b2c21462462e89efd2383cba57226d18e5541f96c7964bc530cd4fd4fc96a7d1bb445e31eedb4a2787040754

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b953dce3e9113610e10ab285f99fce30

      SHA1

      5cbbd0bcb197b7252d5cd4da3f9edd7a03dff5cf

      SHA256

      2b86755deb6c91846462585525d66164b51d9da1c38c99ee16ab3d32dc1dd95c

      SHA512

      0ac3b702c5990c8bc67cba3eeefb57f6f5963d66fcab061b5e6ec0c5d129dfb7a952d3ec9a477b8417ef90972d269d03c837e353f8ef8ad981f11ffeeb835fda

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3645bc2017ebb9b4d9a163459418d2ae

      SHA1

      54eceed39233069ea5d5799d76b0f4735d4ab84e

      SHA256

      f032eaf0a089de38d73068a82e0413c47021ddaa8b2cd52675f353fb810a540f

      SHA512

      fc2e999781ff055b11fef3bf486e14492fc7619f436ad7cf9202dea497ba7f760d29dd743280992b16706b5d12a2dd4b5e61525e7f5bbfbbf47af13913087524

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b8bc5e6cd303381d8b1cbf36015ecbad

      SHA1

      480800adefcf9018f7d9c199aafe9ae61c51e8d0

      SHA256

      e877619751df9c4db7423c75e6945cf522af0bb4bda530e246d7a6d07eef2dec

      SHA512

      1b978f9ab0094a56604ba70b436c8202f590bbc8768c9938d60cbbf3d5922e05abb3afb25f2e30b7912632a29251178227106a8e4a7275bd3e88c0e0fe7f4958

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e1d6bea5153be786e5161a4f831c7836

      SHA1

      0baac1108243bca1e3d9bcf103f949eb88b32199

      SHA256

      601bd451491128db96b73ca3a5cc99390a5da1d9bec79255447757ab27530e7c

      SHA512

      3c8b6d3a4c3a99a74450e9a7f29ece374a0a20003fe0073c1c6159d0eec9dd11076e104a8cc6af0d34db040f59f860b31af705684b31eb191a0df6040cc85d98

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2e7b3256399b40e4e7607cfb495f2ba5

      SHA1

      6edd05a2eba12633ceba392592cebd7181d00296

      SHA256

      46d8ba07c45fce50c356996cee0df188c2b053b7d810e0910088c470c0a9dd48

      SHA512

      4c33aa4523042d2fd9d14c500b1c96b98ef1afe54d4e80b6f4380d297d4117021055d541a684d0fc242a2f8106141374bd88d9ddb967919db4fd1ff1ca535ce2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      58846a9bfe1da7b3762a6cfe2a427be5

      SHA1

      1422dfe7163f7fec4fdf862ce899274b659ca787

      SHA256

      66cb61bcb427046a4ee05c02afc1a2353556fa3c012612a523e1d4ea22bdd40b

      SHA512

      838c0bcf2aaed4306ce31ddb5ff467885341e193e2aab063f62076cbdffa051f8d274ccf3361e8267d3d6f98cb0c968b70881c01d8e0599823df2ea9b22f0e79

    • C:\Users\Admin\AppData\Local\Temp\Cab6D83.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar6E52.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1948-435-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1948-444-0x00000000001D0000-0x00000000001FE000-memory.dmp

      Filesize

      184KB

    • memory/1948-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/1948-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1964-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1964-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1964-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1964-449-0x00000000003D0000-0x00000000003D1000-memory.dmp

      Filesize

      4KB

    • memory/1964-450-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB