Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 02:22

General

  • Target

    f6da38bd6a94c668d39fc00e64cc469e_JaffaCakes118.html

  • Size

    157KB

  • MD5

    f6da38bd6a94c668d39fc00e64cc469e

  • SHA1

    69a620dbe378b629bd81191ce3bd046118a0abd1

  • SHA256

    93204e1aaf82753d366bf9574ad7f9cb80cb08ae728ce4fbbfe7a1e3412c0c44

  • SHA512

    bf76f4c2b9895c9b5d8546b46323d6844448176687d4e3f2bf02eb9d70510e51c66d39ccfe266c6c5743ad4e8a2724bf66b1d00d685ca9a76f15b4ae2d60031f

  • SSDEEP

    3072:iv2ZWSM7dyfkMY+BES09JXAnyrZalI+YQ:iuZ07osMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f6da38bd6a94c668d39fc00e64cc469e_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2356
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2448
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1000
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1500
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:472080 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1160

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      68b3eee36581f096bea03b289a19c313

      SHA1

      4a02d048d45611c9dddfe947956da621d1568311

      SHA256

      f2cde9eb460272bbdf45bf8bd4ca38340b400f85756914de14272d99ba290bd7

      SHA512

      9d5ca375132ee02d20e174b7bcac7e8a1b7436f84ebbdd0c770707043a923608c93cbad5934e90eabf5b54d9e660b110a15478eba0775cae7c7c0d25d6e770e6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cb8a329a977b0db195e8ac170a8b2e93

      SHA1

      6410854152975adfec374c692e9afd1c5fe48207

      SHA256

      44cf857cfc4e031ed1504aab4e1c7b1797e727d6cc72fb03fc7c579d363e606c

      SHA512

      ac59ddcc68402bb0df910dba05fb402b9130ce569c53bce4a6d67c1c6b9475728c1ac718af74fdc145d0c0bfa72f5457641dd113e7cc17409cd685f793541aa0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      80521bcc7e62d888604d71208884b844

      SHA1

      edb002cbd1621240862235cedb6d6f00b677ede1

      SHA256

      8709255bdbd586a3608d2f2a452dce28f2991bad6a0caadb5968e571fe704656

      SHA512

      2bcf28de5ef4ca1214fe70fdd7295d0211aa51179132b6df05335445a56546f7a1ddf83d500455d6699e7e300e365782f239027efaf6a182de63233d4dd836d8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8b49806f6c3cc507bd2ac9d6266fe44b

      SHA1

      ca3685019e1c53b0276ebc0f71c992589b1c76fe

      SHA256

      8f13276066d7b7ea5da4b95ef4ea851aadbd5887ab2ab99d65354e3be1ef400e

      SHA512

      5751c5c93baabba82a0e0365fe2d554800326dee91a5bb443d6504479f38748e9b7f4b3ee5484d2d6d194cc6a4591605c429633186f74c02fb6d055f898186ed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      026c6e8a2ee795e4f6a5346e4fe2c41e

      SHA1

      0105797ea572006a53fe97794fcb180667b5c181

      SHA256

      04a9fc3158eb4ae9de94d369b1e292a93dd2a384f10349804afff098108eb227

      SHA512

      8066c7f2f6f66deb0019847305f61f34b7ef6ff388ca778dda55c6558518b3e66fe9ee22559341228753c4d51878914e1132be46b619a3571bb9315071722e01

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      11f08446d63ae169423396b3e8ffc694

      SHA1

      be3e3517ef9ae22258847a449f63a6ca4c59bb73

      SHA256

      83b24379ef83e4d6afb7e0410175f95e39d08c9ed7a5b53138a6579279053d7f

      SHA512

      526a81d2b1b963cceff08a8319d3f8d2083eba2990f6fdb06140409456fdf32ad5f0fdaf5a69dce8abee7a35aa01feff54cd52486a4fe7e811e578ab9c79f6dc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c2608fa4897a9718ccb81e27f7a03cbf

      SHA1

      8408af9a008bd5e8920c78e25fdab1d33b29a1d6

      SHA256

      046b478d80d20d94d96ba7482d55aa75ddbf96c33b4ac6a1cc83777ab4542953

      SHA512

      1d334cc135b9ee6a3fa1df7cbd64ee3d1489b8dd2707631a60a54436576b89af8a600afb395f76e6284f7ac0ea76fbeb9a1bab0d3545f7068c949d2d69e07fa5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d7b6a081f3e97c9f984d8a5fe3235c5c

      SHA1

      37020b68765cd68ecd5041fc4009f56e0f754e66

      SHA256

      ecf5fb84f0f41e1f024c1e03d13b61ab8f788bfc95c4ca910147a61f44920017

      SHA512

      ee95174badcc7f70ac0392e96895c09960253f19bc022288575b4d86fda65ef773746cdc99b2c2c83ce1c70bc460c1aef7e9fbd4d147520818d2ed82c458a485

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0eed8ee152bfb9ed1118292415e6b54a

      SHA1

      f6a6baabe321cb8b1cc3d9e721037f25cea2a756

      SHA256

      9538398f14f57fa0df55227fb8c87344eca9bae010bcf35e8ed22b8737332682

      SHA512

      63cd4f49b9f7e7e20df3f576f6ab2da0887191ef8f64f783ba113f2a05723ab7194954b9535c415ed8c07d3b201c817cb7537761de7985aa86a5f79dda25b7fd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      36510bcff9aff1fd83d641a9d87cda7d

      SHA1

      1880a4172556e6f728a875f45d6df94ae196c2af

      SHA256

      76e073538cc20a700295b6cfd1a7fc3df4344bf6abbabe7465f9fa306c197b6c

      SHA512

      ec590e8855f98b59585545d1b72890fe290d99ac1201f1394c4d11888b03660a35e5ad4d495ea5762f4d3cad0f23e143dc5878a08f7bbb47c29bdfd97eff0878

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7a7c060fabb45f5f3fc2f164a918a009

      SHA1

      afce6cd473b5a08235e456261922576eeeed24ba

      SHA256

      dae9b896ce15db7e3db25fa14b986f6537bd489234a53adb92b30d13045756de

      SHA512

      50fc34b23c3006632a261bf0ec5aa313dfae215d2aafd14f7a0a2bfb70f8490e5aa1e5d82ec694543e75c45c072bf8f368b5fd085a7b0449408a269499ca0fbc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      030c7a77b65ea4d0de68a8e4c0921386

      SHA1

      b6b047bd74583c773254a8dd7305ee369c77c183

      SHA256

      845281cec65216b52d8b2d85a910530e830662c387f3f6ad712ff8edf1d1ca96

      SHA512

      a2ddd88e7667795ccd04df54b9bfb38473767e790bbe48ef9b611d80c2189570dde5d542b5b73146e1ca366e6df89febf9abbb8438429df4b993de77a489a3c9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e1efe1c481ce9bec2424201151e7dfba

      SHA1

      d50ec43977f69434977b14d93b4554e49de5213f

      SHA256

      fd47fbc1fb657b30563c72d765e718843f2798f0d2a2dd3fab9333515f891039

      SHA512

      1eecab36329d91294d50b25389e82366ab3be06df5a8dd07b582c219950a908f9706ad0a4a3776259a21c29f24d63360b3d0389009de687cf0b5e00ebf3e75ad

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fda9aeb5720f2f25fb10c131953ccf4b

      SHA1

      fae00d152f3a397471e0e2a21af6f6a3abf8386a

      SHA256

      370a33160c567370d28d05c56e8e649da022cc82f5d01807b2f5d6703e337886

      SHA512

      b6e3d5d554346532d7e3780b5b53417c7fb1f4f56dc4aa294d5f4a709c50e680258bf3de64cd3420a9deb3f30d8ea079c85f340636bd7d535ae07abf1a0a97a0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      60a70d5a574bc57b9907b5dcccf0b297

      SHA1

      05d88f05072aab782fce65a05e9a7ba3590f4f44

      SHA256

      6e0c4d03392251bbff8ad0b7ddfb695e03ea40631cdc32f505a3fa0ce4b1ebf0

      SHA512

      6ecfa0cc0273588d0513fa033c305dda6e9cc4e723f14372d5d1ea37d360e59997a0855030ffd3c44bc6bca91fac7b2f6df1973f00bcb2f28483466e2d69f836

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8e6e8e3e303994c2a97e7cc74b368221

      SHA1

      68dc6a3eef635d427633008d6b58970639bb2253

      SHA256

      2634f87100768461531d8b03db5c4c0c3fe9a5a8a6e072457a75fbcb134f790a

      SHA512

      bed84a108af29967a932a8ace8401d4aa2e649c333f011d98eff12499a084bf20f1a5afd8203a3ef21ee34e7e40f8eeed82b9eba17ef785603e85fe545c2762e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      abf98c98b1258f66c802c5664919dfb0

      SHA1

      f31d8753a702f771dd47e58501f369895f48b099

      SHA256

      c95d2d5dd427dca64153929677af7e386e09946c6914e82f06fe856596290ee9

      SHA512

      99e598bd03aa8555c39cf075320060cd2115c494f014a86623f34eb4a2816c98f823ce7985bd46117aff9c8779f80980bd32b0ffb2693166154e0dab0c21a7f6

    • C:\Users\Admin\AppData\Local\Temp\CabD069.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarD129.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1000-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1000-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1000-446-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

    • memory/1000-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2448-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2448-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/2448-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB