Analysis

  • max time kernel
    133s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2024 22:27

General

  • Target

    f605572c65bc3e7d2d25de3fd8763659_JaffaCakes118.html

  • Size

    159KB

  • MD5

    f605572c65bc3e7d2d25de3fd8763659

  • SHA1

    fad2e301c67b2973ef9690b7c4c0e3d613d2933e

  • SHA256

    b5425c5d5bf810b53e9401ee176a6cd2b4d82db2a6af89ca824eda32050685a4

  • SHA512

    11d738c9084f699966a9151bd8910a21c76c3dc7f33791d16c4aa9ce657a803293bf94829734b881c2a529d0f57672b7e1bdb78b75f4e4d426efa07e9a080832

  • SSDEEP

    3072:iD+6emAOuIX7vyfkMY+BES09JXAnyrZalI+YQ:ilNdX76sMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f605572c65bc3e7d2d25de3fd8763659_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2248
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:380
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:872
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:472069 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1688

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e24a0171aedae2a529429c652c751005

      SHA1

      47903b092aff56d31302907f84e8d4280afa4d40

      SHA256

      594e8256fce078f7762ee13e4e90a71d231b26295c764a2a0eec15c52cce666a

      SHA512

      faa1f32b403b19dcd4758935d4d0c570c224b84be8cc1f61e5f991d20ecf7fa682a7d9d1b6a3f0d79366622fb3c34eec237193183c2374c43329f18c0b0f8de4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      41d79a8c48006e3c927effad765ad3f9

      SHA1

      73cea55c7868c9fea15c84c444a8124a06a0f867

      SHA256

      706aa0b8a2b8c38514a29201f9af24bc829039dcda111adb1e63ea4ee4cfa4e4

      SHA512

      d3ed936c5e7d58e02383ac4ba4cf573399667d96c993dd7e72f2c94e8bc300aaac12b7438b1a53e681958fce395e50c4252e542173d3baad60ea36d9a92e616c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4436901d020e909d8b06dd62345997c7

      SHA1

      3457b4eaf014fdec96b672bfbf0a1be233ab2d07

      SHA256

      1d77ffd328d6dd275a4583cc49d71b8326b5758d41d023219cc1aaf59772c41c

      SHA512

      825be1ead0f14226bc95f91b87fbcee80b27f39e1a9185817bd98be2f67bb02a565def85aaa50c8efad2b39f05b116bf2b0280cf680650b07b920f92ac9b609b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      651e7e8fa6f08718e4e9d0cfbdbef0d3

      SHA1

      6ff55462a3c754af8156fee21fbc1933fda85e40

      SHA256

      e2e326bfab45dfb4a58106ca2f6608de0d70e5e5a470d70b303db24c5c8135cf

      SHA512

      42068546b5f2d5abffdd2e6fe2c88771ea3c514c5fb5be9b91c9f05e710dbb68c61e822ee37335322cb3788f1a6775e7f91a7ce281393d0c0d3ab1193d14b455

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      17509f614183943dec8261030e614717

      SHA1

      11d66d2d987ed7be01a7e060a046dd8272978a07

      SHA256

      34986cb90aca702305c39745b343a5cdb8ce83de2c15e06c4c2ec10dfbdbce44

      SHA512

      004c60c0ca6c4474a99edededbc44547f204dbc166ebdeb0a60e9d818c49f0e91bc698603db950f996254f2e20c83134e42501ee9a5284bd61e7231de71fda83

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f0c34e0cc7612a48fa8f3aa0e65391e9

      SHA1

      29237419370b77b2d5da4c46f0e899554d3bab40

      SHA256

      97acd11adec0264211cdec40944c37ba0d497eae6b994527a10dbd13db8481e3

      SHA512

      23a65bd2f14788fbab3d6ea5c39cbe3e97ce428a5a3fc7d58610e67e54b13d92bea22d469cb0b547fc1a587e77622d422bc73538b0da54cdf171f8cd4c6218d3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      35eb131010d8f21e31f6b42a85b4042f

      SHA1

      62b5343ba48f7449090691c5f404d65c41a0dfd0

      SHA256

      76ea081b4b4474c8d0cf60e920b8fbbdc78d7a06d1181ec1e5c941b4f0fdb0ad

      SHA512

      4a077b0268cbbad3779d4ca62dde7a9160efe676b6a8c813ceaad4ee7cda044a6c5f9df8dd622fb8be316b702c47733cf1be31110c11680c5532fd5c973c84ad

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f4610975db199724b42ad1c77a5b5415

      SHA1

      b01c25855af4dab5c5268a91664e38536094efbb

      SHA256

      ee4615e82cde17988047dc49c3ba48439253ed03bfefc9f8a225f99ae62d5401

      SHA512

      bfeef99c8702367d0db461940d24d724e09da0799737a0c22f09b74d8d615a726f710a151803a68224417bb81d023ae6713254dae58eaaeb145cde1a177a8eba

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4d890412dd4e4f533924d63bfa3fbbcc

      SHA1

      e0079204f448e800dc5a39b0a89d83dd9dcf3c7a

      SHA256

      157b8fd6707430e9577f795b567ddeb4a3e1c4c3f1a1ba5fe8fb48c2710fa638

      SHA512

      dad8ba71fce26a9ba654f547806903020ba89ca1d694de374c60d8e9954572fec5472c49b0b73da4d5d2525feb3e65be78c1ffb224f0048f564535de5a58fc0b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      32b3ead35476d12f1b9378710b33f036

      SHA1

      0f8cee298c4a49580dcad073d1c18cf2c33c7414

      SHA256

      7122fccb487130156f3e968228a26fe519853445bd2de257fcdb11a5a9117c79

      SHA512

      0bb625b5506c7be42883b1d389db96bc136f6258dcd9484a81dfc68076225b4412652a9756629f45c620edfab34e062fc9ee3a5fcdb133965828ecbf86df8a7a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      720882ac060b8d41d86a2a02458ec56c

      SHA1

      3806db53e9d7e0f34cff6c414320d774430f4a79

      SHA256

      92d8aea60ba288584205625984333e7989254dab89cdbd15f2ede33783d03e2f

      SHA512

      f0c8abedba161ae9db4aaeb492769ae854706c7d212dc686572650aee81de25ad4c7e92293db314c62151d0f7ea951daee94def8565163248a8d2e4260a6385e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e29e59457b89234dc5455f6f002341ec

      SHA1

      a9aa00482c84b95bea1fe0bcd12f8e0c928dcb0c

      SHA256

      810ff825e9a42b013d2f80a51b5bc01c1472cf0774e2f401c522c4c0380ffe73

      SHA512

      e550d611a71834a4b2502ba27732a4b5e8a8baa42f4a54b40e3d1968c870c2283e489e3f6bd4350e6e46b89af872e439bcdabf64df5be1452b384b8ff3a2f554

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d79b8760411327d1bcf9b10c873715c2

      SHA1

      ca3ef36b81c01d1dba40273aea0bca2c56ed6a1f

      SHA256

      b145790e285d772a5d8d6549bcda59d93e5fcd29ec47f71bf09e10ba51bf1c43

      SHA512

      849d3d4951361f874be162fe46b264ce08b7a00098cf1e96c128dc0a322e4bd06e656550cf92701db9e55f72d55b297f7b4559c67a720d9a5d2521d22e2fc353

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b352aa4e196714442068340b2641150e

      SHA1

      59d7e9b20a1f1881b8ea41c32840d045a6d7365a

      SHA256

      a88935a046877ee304935c2f18c06ee22fa3522f91f7dd1c38b16d485bc941f5

      SHA512

      ebb94706fdfeed6f09e09106b673a46e3fda52e748fe386c9522ffe228b8d8a80d0efec54a126ef910d3858131e4f5236ec1d6a9850fdde7fa44abd9d4fcf604

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bbfe035ce9ed883b091e417b3da58eb8

      SHA1

      bea2321689052f92b774525a816631a42bb9cebd

      SHA256

      0a9c23a4a4e9787dc551b33ca2ecb3885b690b7dc8aa42a0672afe0f32bbe801

      SHA512

      0232168a652309f8430445f3dc1ab4a135c025937ed2367b0647e4c0c4559a2e75c5eb6e9ccca52cf5f6c029783aa4fd7344181bc97252cc6c40d9d75a3de23c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0e47eb64ad383fed321ce033d376af13

      SHA1

      b6d24ff175004cb3253b5ec12b4eb14708d712a4

      SHA256

      8b82e96eb428f4803be6e17ce1de4f44a6fd829575406ef568a17c873c6c30ed

      SHA512

      fd7ab922068c320abd546b4d7f8948edeaf3aa1d0b5e99ece0a19533d6a4476faa76072144ee7ebc7c84064e0b01bb101b8da59ee57dcc24ebc88741f77ceae9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a679f87a92b1ceaffe758147db2ffe1a

      SHA1

      c33404f7cc0dc2341ca57912293894f8993eb2f9

      SHA256

      71dbfee64d26ffdd4d49f34b770334b815990a81cbaef3e6a46572178e7949ce

      SHA512

      22abd08cc86ee9a857ec9539ead440b88f2cd5dc8c122b1eeb5b345dba1161266c430cb7c32a949e5248125cf1441c8229c0bba156fa09396b51a57ae054d0af

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5bef86019500b1470ab82394dd59ecc2

      SHA1

      005120ba54440691e1b617fb53ad7ca133514264

      SHA256

      eba731d2cfb5caf8fcf57a34514d43aa464f705483f85acc7e3b60932cc33222

      SHA512

      d6c0ec70968b14829c966cc4323a53313a051a9a9ab0550470a7111b043c05c91068f0797617d208e63937803842c31fbb423989146e4fcb5ba5eee3902e9fd5

    • C:\Users\Admin\AppData\Local\Temp\CabDC5D.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarDCDD.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/380-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/380-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/380-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/872-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/872-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/872-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/872-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB