Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 01:51

General

  • Target

    f6bda4afa448ac0432e424e27e859fa0_JaffaCakes118.html

  • Size

    159KB

  • MD5

    f6bda4afa448ac0432e424e27e859fa0

  • SHA1

    92368010b57e199f4329634d364dd81c77d7d8e2

  • SHA256

    bf0f11c5578a390ccd84f4656ced23671c233a4b911d078fbc44b5eac0130248

  • SHA512

    191e2c485de38514e6d716c269a69e2cd7e54f7b066ddea7554720c956e231d90e4845fe4367c67aa84cde13b8ae58f59369e62aae51234435b98018ab945882

  • SSDEEP

    1536:iiRTY1eUjvRl9tNyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:iwCDNyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f6bda4afa448ac0432e424e27e859fa0_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2332
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:406539 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1644

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d621de6f090678fd25689243104ce313

      SHA1

      867980188324a8af82af0eb1260e0938231a0b86

      SHA256

      f75e118bea85f51d7aeba87066a7057947deeff72746b187aaa4512408d09012

      SHA512

      819dbbe304fff55f9a7a1a1d7a6f2df95b1bea26899e3b6abfc41987dac9bdcb2ab0c79bfa9f79c0938665c92c2cb5f425e8f1ab7340a112cb312aee98f5f402

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ba9c8307106405a19347c0260b8c7cd1

      SHA1

      ce787face280b5582cbde29c7e644c3ea4071abe

      SHA256

      ddd864bf8ae5350b920d3bcf21a1f9e4be0cbb432cecc36d32c3a41e9969f50f

      SHA512

      f6ce60774559a245447c889648a68190d31eab352fdf86f5af3dc061c94aa209c05561ff82d4f161688232707615b0138e570fd65b53904dad9df0bfc47ffe2c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d482a0b7fd9f820623796184f63d3aeb

      SHA1

      97535ea1452cbbbb267c9b27c78ce0aca443c49f

      SHA256

      47efd3c21900133f176b0679ba407b828721a45508d6887a7608fa76d799811f

      SHA512

      fe3704a8b372808e0384581137e2d563edc727995f4649b860a109c8b548fed7ecda1198ba7f8a844786c6d9563d04728875eccb4a9fb6c75d54696b2d3fe9b4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      065764016d84901dfc6bbd5b92adbfd3

      SHA1

      bb0b392ad79da412e0706b101e6e26e9e71a4c21

      SHA256

      439216b216d048d5b8a49942e7d992b6d62a3864d35757d95c70a9a3bda18c12

      SHA512

      aea7b28f76321377018979b9abff8585bfaa082b749f3788bcf10d89ad823a3b1e1cff2435e8c74d057c7ea3f84800ad0003704020116e65ff876414714d2bbb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      50a37bcbd5cb63508eae3c1b8fee280f

      SHA1

      264d8fe303b4ed5e80932ca4f6885cd229b09f2c

      SHA256

      d069283566688802163a22c0f16e38de4f418f8c9c6571f6573a0212168c9e76

      SHA512

      9a5e4e00a4f3bdb09e14108912757ba77bde300b94d8bb4093822e10f2fada3e68a7dae9293308541771226763a3f02a28aea38e440e6d4d7d030acf79291b59

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4a1b8577b778c1a5c4d866ca1b33633a

      SHA1

      807d736dccd070803ceb8f3c9bc9b8aac3ead1ec

      SHA256

      5fb7c6bbe97fa928ea5724b22ebbe30bf7bc3ca2cf8d0f8dd4b870416555acde

      SHA512

      5b1f4a763108ab8631407dbe4c8681cf36f6f17f7f0f029baaadad6c1f6e327bdcf5c914ed22af0d15823a8815be4cbcbda1e3406229e492e590905886358460

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c3343b28e3585adc51309278842c4d11

      SHA1

      00b7186a62b4ba50139103236cea8f5637b73668

      SHA256

      d4b3f2924a621a126de5e5dbb73478f26bfab7eec419a5412536c47e4ad6e446

      SHA512

      33e27277712334b55f294b88f4431dc8b2f43efe6c34fd259afefd1dde82490f41210814b4d9f8280e005c0d68a88b99bfb63b701b86c7cb8ef08fb83236114e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ea4a2dd29ce8d111aa6241b5b76fd87a

      SHA1

      1ee5f0fc420deb28faba3c41b8155af47a991b15

      SHA256

      ae384fd0109a29a42f946446c091a3e5e86d40b40816f6149f1a11fc1e1dd1e8

      SHA512

      dfc23b91fc000a384ff9d87369d62278deae0b93246befdaaf53ce63eca72616ac4f0fc8e16d4f6114e730f3625f5b5377d7309d6cd5f2e9bcf8301a89a40e93

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      55b4faadeddebc9bff163f3038278e99

      SHA1

      970db2b1e0a76a79ed4bcb334803c9b824ec00e1

      SHA256

      e50b12e5284bfdd0ea6736899fc65ef24e3bafe9f4bad0774920705878f9b176

      SHA512

      3bc9e610874f804e2b9202639c4bf04b5b23066c2fe845d5da2107e069244861daba098c886247c354c417c2882a000185aed8c5ab8604181ef37ee013dc1889

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      97da8a3c906813c1fb045190dfae512e

      SHA1

      34e67059e1e85d0c4e4bbf4f844fdec53eece772

      SHA256

      9d40fdb5ff8eaf381c5e1630380c58b2498d0ee3cf19c63dc9a314ef1ede4e63

      SHA512

      c38c8ff02eb53a79484f33e8ff7785b8d023630d34d119553e0b3c8fce6e6f6d1223f5d57980ed7d6bab70c035eb81fb9e96e11073c841dfd50afe3a91c8c6a4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5315c0fca66c1761a0e3b6e8493e6d74

      SHA1

      e41a0181ce25bf7ea903f935b1e07794e1fe428d

      SHA256

      b1f1825ca87c6e1803501b51e37a78843b30f8779aace95797942b18c5d01c3c

      SHA512

      9b524b6d74fe9f4163ea032dc447624414e542f8596213c7dac7b977e87c34f808c7c5b9763bbaabf091747de1538522cd2495da05646d69bbfc49a484d95609

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8d151b0b30e52d8f76b83340d180dd71

      SHA1

      784cd8b4806d83753174ff0b0dd9e2ebc4579420

      SHA256

      f04ba82c9cb34b8129cf8d91632eb7c9d03660a07e17923ffa7305254e2594b0

      SHA512

      9f97c014a0f8a280082a4f2ea9fc8e16b8398504610efca6fb817e37c8406116b7e6f87f7aa2edb3c6cb703e14639d7a6183fc45713799cbe38a35d63df15e2a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bbc162600681f37e9c210a86fff5743c

      SHA1

      29115e205a4a8c2ec596043630259f1d32a4c08c

      SHA256

      74b20987b6cbe0c76b98bd00c284ed6359fed93143a788c2b4f98b20cab8925e

      SHA512

      0bfa92beec9c67915388f2d3ded2e679cef95cf92b4372fa44edc5e0703d4a25dd32d7cb99b40c6826be09fe27466c9373cefcf768890711e8ac0b3001869d3c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ea9ffcc55795039c8ae690fb7d8fb384

      SHA1

      d759d9f08a9824ba8f596a7312ed1d87e97033d8

      SHA256

      0b6bed6608bf0f226210b3b32b5f046b019da6ee39a4d3b4c60288b9b3e933df

      SHA512

      2a22027b9325b69c52089afea9a0c0581d6ea6944b805649a2856bd0a809cabcbd1a45ada652beff5e3152b3791690a63f13027119d1b5d8dfc2832b49a326a7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      85d965f1abe3db4d1885e6fd8256f101

      SHA1

      546a8033a27bb5143585bde6e7cb97ce5522f397

      SHA256

      d14712ab6fb02e662474565047e13ba1a76eefb74a689612b33d568022a59d99

      SHA512

      51df302e6028ebe92ea6f3de00c650439daf5f30eeab5dc00d8eff90edcae22563706698f728c0b1d10579022617d36c24367c20011b3cf94bec3a7ec19ce7d2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ae1a5615dc9117e7f54f5b902c397d76

      SHA1

      15168f2fbf8f6265589e6f793d0ac38c1d52211c

      SHA256

      6ce653060b565ac8cbc8c5177f7cd12cf982a43a6949ea4290cba5f0e7f4ddd3

      SHA512

      c34104a6d787a26974e216ac9871413f4c8ec4201469443aa9421ad3faf56f42b7131d7032fab28d818a9d9ce48a4ee5cfbf3dae495d433f8cda31f12353403e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      983bf1ee82117432552cc2aa9f17c2ed

      SHA1

      6a3da014fc552beb82bbd9d77c34fd77553e96b7

      SHA256

      fed80ea03c6997682eea49d39a76815f6ede01fc3d1756c46683b6f422de3ed7

      SHA512

      faa8667a07d8eebb38792089b411879c1e661010e9e7baeae7fffdf1e23eaeae2e264cf274090e1c83121f968751f8ea8115242b4a80ce08d8d15a4b5f34f084

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1415a39a58fc4b868a738714bd2bc4f6

      SHA1

      c3cfb5c45ee00fe6fc8d67342f8fbdee6015d753

      SHA256

      bcb489fde923be02467998f4895ca0118871856c9a7b3e8b809e3d4f14dbc949

      SHA512

      378297433d83a536f7dbb9542009557715bdf8e6821ebe6e05c88cfcf744bb0c666a13171d53147608693b0f8994b304e79589cd9fcb07454eb503d50b939c72

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6d25a071e5fe9cf024dc1674027d65a3

      SHA1

      4d25f99104639cc0333f574bcdcf5a2f798c7988

      SHA256

      8078e4658d6e97d13dfccc5cca2cae1dd38b08bcacfd039594b173f32ef20442

      SHA512

      e68b148d54c27da4b2c32c663bc41e8ac3894054e707004237a4d4f4804fc162f2bdaaf6aab7c2fd3a8595cf3950836b680e49ad76ce672781c2e91dfe9357d8

    • C:\Users\Admin\AppData\Local\Temp\Cab6441.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar64F2.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2332-451-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2332-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2332-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2332-448-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

    • memory/2332-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2332-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2672-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2672-435-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2672-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB