Overview

overview

10

Static

static

3

f251b6be2f...18.dll

windows7-x64

10

f251b6be2f...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2024 04:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f251b6be2f39e1c6bba1e8d71c164950_JaffaCakes118.dll

  • Size

    132KB

  • MD5

    f251b6be2f39e1c6bba1e8d71c164950

  • SHA1

    0cc420fcd31ba3c5025b84201d2b1d2b95888cff

  • SHA256

    40652d1a579c2ac1b532f3db9bcc148d63ccf61eb50b7a879241cc6506d742b6

  • SHA512

    88234a0640823a08bec4c1b394f6b6c277cda5b2a82bcb672ea5c52ee06f1215bd535895fd2879f3f1458b1d23d66c4797a0c82df27dd9a74bcc8d3c42c4997f

  • SSDEEP

    3072:an4cV8gf2u41Z5tKlm96oXewSNPJ/lVkLPy4:g4y8gOl2ILXejkt

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f251b6be2f39e1c6bba1e8d71c164950_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f251b6be2f39e1c6bba1e8d71c164950_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2184
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1896
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2716
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69b5eb3e96589ab19b64d8c47c0bda1f

    SHA1

    03bb8583873379336b02635eb410603951f4ea22

    SHA256

    53a4da61af06a52a51243b99142a6fb738e5367bdcddc4f300304e869e685a7d

    SHA512

    0fc4d108377667028b26b6cc59332957a96f45c85ab154c0eea0286718fde6762f0eade5d4e4da5b7542bc65b7c1ce8c03a9e2bf3c7ad206ece12c0eb4bed24a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1c6fdd9450c85771679423747c95266

    SHA1

    6a41db4578281f8420ed00374e8482cd204d6664

    SHA256

    34502cf9ff157a3852f40042a4fea36f7f67ad4fe5e2a5cf9e8707907997bb3d

    SHA512

    fc9b65227639fe7bd99bced7283551e7eb8dd5b5cdfcfeece85c404028d55063bbce43f75b66806be50efedb07574af9d87d96fb52a0b0a432d0b99de6b54b4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b2c23f829418dc141a91e0fb3d17a56

    SHA1

    c15c338e80fd8a1b6ceb0c9b2f644fbe93898c24

    SHA256

    ff75c814d8e9989f1aa2443cf63b4d75fa91c5f9d8177f8ead5673ce7a90629f

    SHA512

    679c8f18fb9afff79e78dcd75114d57a2d8d35f8a21d33af1b4d36a7595926921d8813e90cd59a6e68cfa70f4f5dbb732fb5d510c2a0c6ca4529a518182cb0d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2aa723f242f1a28c3bfa5c14989d3109

    SHA1

    617e25be49a451b223c1f47312dd89ec9607b007

    SHA256

    27df404ed7d4f8bf9960f5e34055f0b90a20aa348a71e20d97cd2001e2b8efac

    SHA512

    b826d08c283953d6d1f787933363b323227fe4cae3ea4fdacbca3093d901525e2fa5f226c4366ad549ecef733dcdb0b06a35beaee180f92fa665accca8a8ad10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cfc437c88b87bfc4aed54ae5936d12e

    SHA1

    6c67d7977f9d29117b57e7dffb52f780ec7e2808

    SHA256

    7ac3dac88d93ee90feda53616d7cc193f8e8a0db231c2044f34ab47a7615265b

    SHA512

    2c20360f31d6fac3e967922b16973098da5e9f394ec23ca3892e228781c7d725b8f83735ffd605d8f547b2e474de860073ed2b860465cff4fa300fd0ec15d1ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4653f3d75ed14f4600e6754dace93621

    SHA1

    10d12318ba43e729056335066bdc560605079442

    SHA256

    8f860661f4e419ad8feb8d7c8d12e86d76d9b6909fb3f15be4ba409c3c4ef778

    SHA512

    08994bad5f3d24c69c106c3a969952d3e3da461a845792d6859171ec2344f0afe984deaa10cdf25a3712744d5bba6c3655cf08f3ecdf7ec26527d8ca289e9820

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    333f8ced4e5eaef162a1eed7df173f3b

    SHA1

    c4cc3ff741cd220a1e35a41c192f45edd87f93da

    SHA256

    9431e20ef913b0f43f05715c9fa5eec9affb2ac2139c18b184dd7876cf495d4a

    SHA512

    e2dbff7f6aa96154cca534d58f86d1bbd2e7d09f57b7c4b1bf3a048efb416ff93e3c0a0a0a3dc3d57630aacac9c7f3233b34938c25bfcec6e22e1d1e3a4f3b27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4929c83f7cc2b7f7bf28f5de530b599

    SHA1

    5aee0670c9129b2137790e61f123ccd938f98cc2

    SHA256

    ee10840fcf975cbfabc714d9a228afb19f00fdce0820168598045024a786b208

    SHA512

    2018d5995d02cb72ca242fd0c5e4f894fc1a579d81869579abfb3dde55650321dc1853076bbeef1a3fab7757b88bba5bda7a2f73f5eaa313d0d4926c4ad52c21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    426add26cd5de2a948d7a8dd870e4440

    SHA1

    81196277da7d57774fd93f7c3f9e3d1a767193db

    SHA256

    bab8c0c01f97678f11770012e8210ac60b546ac47be1ee9bcc94d67c83ae5461

    SHA512

    86d3035bcdda1041d249b4d0e0c0f0bb970ad995daddd458d4daed388c2d892c458cda87bba1dc35a8f20e3c4d470629a08a7f1d993a3039a4407069981c5fdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ab55b911ea5be00eb67b29e3f5481b3

    SHA1

    48ceb31029a1883abf33e6c15ed9b5492444d084

    SHA256

    dc34b04399a49bcd3ef9ab0b7d14bb74865a05e572e844c7c5b9ad488bc4ed4f

    SHA512

    4b9b36004edec9968d7c921d1d38cd8b0785338227661bec8c0b18a43679fc8ef7eec19d6e4d959c812ed3306a8efe915438bf5654617f078a7db1a00cf7fd4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91660418d6dd3ecbc163757258f58ee4

    SHA1

    dcc59bb7312dd853f2534165173ff13d87323e88

    SHA256

    cad45ad9c548be3ae654437e1db8c10c51e6be0640dd826d9ad7499677d300be

    SHA512

    cd82cbeca8952956111b94d4ad0a7056111a3bb1ae909de0a683244fe2fc2bc8eb02f833784c3a6a7fdf66a39d2cfc86bb1ca6b232f28f876a4db0dc6ce3b1c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dcd076990e98ff80c158c5d75fd977af

    SHA1

    d1b15fc1b34458ec798ce4349d7dcb5b1e24ca4a

    SHA256

    e0c54753fa952b016d29f149b2a45d654e914cc9b6835d066f38c8f09e040975

    SHA512

    f721ec3b1a3ec7478d83c15eeea3cb8cada56513c730997efaf11ecc3e8b897c42d0daa517a00e11d148c973004730236656bd112bed22d59844ab869a089d12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    579a9a9bb498ffc40b50d9ebb5afaaac

    SHA1

    89bfc2fd7b5bf609a46e9f38fc0bdc2e081b2f2f

    SHA256

    c8c55a18e75bcaa6f015c0a59c978b625dd745e4c88de4703c29d4a15d39c794

    SHA512

    b6c4f3fd11cb8ed04b27781c775742007d05b00575c347c7995b40a6c49a0da53cd4395299fe5a338f05bd6e88cb654196f9332252004d56b72d42170e8c471f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc7080de1bc8f00e8f6c26ffa5e7a4a2

    SHA1

    562a01423b501d058fa13649bf09c97508a9815c

    SHA256

    febc48b15f24b43b764790e6939f56d2f84bcde1f3335c075d2a62bcef61b6d1

    SHA512

    34ddc79ab3601dc7872b9de87850e104b1b7a9a3730bf0b48e561a350218352d0ee95fad30315ad629bb22b47f2e8db3892e4173dca4fe41510e7be92fdc5fb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d830eb9547f3805c19c1c0ac4910072

    SHA1

    65a5ed6c5f5c9d7d3694b9c88c46003bacb87fb3

    SHA256

    ad2dd7f4a890322d9a708db4fdc42f76d6aff6fcbcf726eebe758c97d20960df

    SHA512

    fba11fdd0f4a41aef4023a26ced37bd5574e63c8285a971a60676e997b0148b154a028108e7debef002fb934873faad497596f1ef369a25209f38c4d5d3ba8ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b762aa96fcf7c3f47b705a69b96387e9

    SHA1

    19adec64028217792a2c63090e872729b7970942

    SHA256

    095c2c0bf4592385f9ad9c6c31912f197b096c331004bb0411f63dc90a61e57a

    SHA512

    f4222bf2519006d1894d30d0c31da4d8db363ae2b750abc253620faac4280c1cff17fbb2f59662180455049886f6d03d6e723e9f43076857aadc09cf69e570ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc64da5b79f3bfca7de557c95f674d3f

    SHA1

    75afb8d1a40a6b20a6ccc06b5914aac1a1a46d59

    SHA256

    e60eab1cecdce0d892b77839858028683a95482acd692f56d4e6d050520763b4

    SHA512

    3fcfd355414d85672d32b2ea1fe80c2daddc035d738135ec41bbe162979b8b5468fbf2ffcad34faf7e7eab1ab377507564cb31afd1e9f98e5c670095d839f87e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF135.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF1B5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    39KB

    MD5

    7b9c72733b615919a28f1011958b818f

    SHA1

    de615eab8b5e75719cb4054c61fe32413a1d33b9

    SHA256

    c8112bf0a8b70ffae2ef6061c06422d897022e353949dbf6ba071e6167c9298b

    SHA512

    ed6dd3a5173a8e479ef68dda1b33e8b386efc0a5fe193be3b7f0ddbd984ab741dc9efa2b1e5149e0ed7d94bd99e7ea47e6f988da9314515f1c41589ee146437f

    Download Submit

  • memory/1896-24-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1896-22-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1896-23-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1896-26-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2184-10-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2184-20-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2688-8-0x0000000010000000-0x0000000010022000-memory.dmp

    Filesize

    136KB

    Download