Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 05:14

General

  • Target

    f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe

  • Size

    106KB

  • MD5

    f7794eb2956b63c251a9e04f01a353fe

  • SHA1

    dca1a5b3b43feebbb5c53d4b9e2d499d326b7ced

  • SHA256

    b936816df3b31e7cb746c1d9bcd33321ef046fb7ef10088eed11b4ddc64e0bda

  • SHA512

    a30ff8e92c1ea762d7332b2b8b277425f38982310fab56733f49d56f314962758826945552c319e45781ae92857924ced6fc24220c9bcb4790afeb64559e5ba6

  • SSDEEP

    1536:tOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfB5:twV4OgSzBmh04eZFkz3Rr0gwGj9Tf8C

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e6b99e73f904bafe2379556eb2948403

    SHA1

    c709e17a52ca50c189dfcac44a3c5ba2f2d3be75

    SHA256

    829b8b5afc3dbf836e84d667ad0047674abb42a8d17e515eb6fa3dc1308d183a

    SHA512

    bd35482fc6cc11682631d097ace9fcec2fc4dde0c9ac172f4b9cbc011dd1278f9ddd1e53d2f5d164f2684445adbc2e380fb4c735021e0994edbb0b1f3975f1a4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2eb9e5073feb92503259e1675daa286c

    SHA1

    07c4c084b9e8b6b1614c854e75077c98654df789

    SHA256

    2fab3a4e7ad4d744bfe2db3ee0ca98a7eacba44c28a3d6dc9ab1c770d3e4d5a8

    SHA512

    3fac4985466cef49df5169d50bf4506026cac26517c5211c3149bf114c28cfb9f19914ffa959a88b335d0f5aae0628b7f23295541b05719667a67e93432bd17a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1ccf5c171f5545d16404d3db376f4d0d

    SHA1

    9e3ed47f47e22b5c1be68417c7e0679ae1440bb6

    SHA256

    d481bc2df2bd7059c173fc850ce7778dea3b294ad5fbc52e36e53ff8d68ace9a

    SHA512

    7f5d7b4cd5aeb787cde945ae242ea8fd5b0b72ba64fae85e1eee2e67c6f1b138916d858a58d18a3bb49a14bbbd40b42524bf2306517540173fe7c86d062ced67

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    254f551a80f3fde57adc3be7186878dd

    SHA1

    4380605828a9f137e424a9a268a5d0756aaa755b

    SHA256

    d869b812fdceb7962f153f97b2126ad53ecbf018b0a10932484dc6e1cfbb89d4

    SHA512

    bc912a589fae4e86d3ce8786edef4843bdfa251f4c50d1449d61ef696399f76c817f95fb397583601cc75615eeb9c87c29203d20d3d6f95ac7bab522bb211814

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b5b55326e2967ef12687d58fb1a8ea41

    SHA1

    d3563379c5a0ef40662163b0b32ceb9e62af5cb6

    SHA256

    c12790588519ff8b7b61be3ddfa63d25747c44a449565cd8287cf0375f94a300

    SHA512

    cba8231c7508c522e5d4bc1624568b899a5ff2f98947c1e3480c76ccb233eb775e1b70629022277912216a1d4fb5949483fd8a57b282d1e75e98497ae4d741f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    18cb4e408bb34e2a76db154f72b0a950

    SHA1

    d6b423054ac9d8a2788b113e95947c9c53d5632b

    SHA256

    4b4d0a6d3077e5f18494b89eaa76ed95759447fe206fd4aa1d420e2bbb0e1b22

    SHA512

    986babebc480030ea17ce945a42039da9a51a641fa7dcb523fc27083ecfae415950f04a0e79b907346635e52b396559fecd71dc0f7d70d411eda6321014f9845

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e7897fd18cca0e5ef774dbad276074e

    SHA1

    e5d5c0e44e95af1e536b2ca8df60539d7e08e942

    SHA256

    5eddbbef9a38e594e567341b6998c07c9477c58693e8db5c773f246ff1c675f4

    SHA512

    d45f6718a015a06b32abdeb2616b1fc9baebca2b6c10a3baa7fa69ae1a2d292a4dc120109170d9fb42ace9e63332dd002c98f2e1ebec697933be17f98f16015b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9ab0935eefb7ac9643f32616b462e628

    SHA1

    64bafa3d0cec417c26e9e80f2f210210e7f08ae5

    SHA256

    24635bd5752fd65c768c3f4cec1ba0ea23c364184409755c1ce279b675ac7e4b

    SHA512

    fae8a706864ea97b5ce533fdf381c99f203e675ed6ea9f853b0547cc4ead9ee1588e98d2c074dd17547474842391f3b94b2e23c04c94cf16a407c1a813134e06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d44d3ecb3350ed94b31df7d626ae7e13

    SHA1

    e2593fa860c9e0975404ceda08a4905f76e469ab

    SHA256

    ecb5e12cbb0ffa8f55b49f97343d572b60045f67449d0989a7e62f6198e14278

    SHA512

    b94f1184c575ede1c8c07f0120fd1b89d617e04e0cf935bd0dba071f02c83a287d34014c17ac1cb9e0587a9e479957dbf539c3f0fd1ee306f6d15f981ac4d2b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cf9e344a9ecbd72d76d243228a0d0d61

    SHA1

    7d1ad0c74e0d3a9758858abc112036216ad4f702

    SHA256

    7fd280e14bc50fd49f71912ac81b017aa4aac7ca819750bd541efc002e1ca58e

    SHA512

    bc240645c7eb797e98842bad2f7328ca5f4339c55f1e143c72d9edfff0336290067a94c8fd90b7acf6568b826d38cb71389bd600f358b88094c0fa1bee7f9f58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c11fa8ca786e5684b0ffa4732fcbee5b

    SHA1

    77b165afcfc2e5ddcab3c969285af9296e211e61

    SHA256

    9a349ba590591954a27c36681311b1406b1b43a333ebc56ff03d3e3a4e4555c6

    SHA512

    0d54383d6c5d94c90f29654a35ebcf59851c6b14a766a9938124ff68ae8bf5b24fb7427cbe0a5fef12c87f9448f50425fdfc1e94cad947f28d2218011c016ca8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d597a2e118f6baa5e36524782006b657

    SHA1

    e8fe332c25200721e6a352d38581223cc1d2927b

    SHA256

    59dc8dfa38942103fef9c819c1e6a806bbe46b51692a11a1d76978d80450abaa

    SHA512

    b50c66b720a2377d33eb564e71d76b1be3f953f7e988213fa9f1e4d2be197d2db431fe0ae5df3bb59ea66ed1479a1a1c9ac97836a991e87a5e4e013bbb80801a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    37df889b703d1c69127600d08becb7c2

    SHA1

    77526a763b7ba5d88ceddb620aba146b80a6cd97

    SHA256

    9f99981cb23ed2bf86a602fa88e1167129e32665ba4b118b93d183a33dcd0cac

    SHA512

    ebb80fe89c95cdec60df945551c140287806702d7c9e5f6fd657f223ebe832f05083889983fb53783484454c4b36eaede197ed946ffc8294d504c72460eea5fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2f9652709b29b6a68df48e07e1318e9d

    SHA1

    0eec93abb6a0a935652f301f7945034470ce2499

    SHA256

    5861df610a1034b87a6e87e2e7bbf21a35d55ab52e5212230c914855827ff0de

    SHA512

    23f654a9b883e53821ab734604a6de4ba57ce5a7f882c3102eedf95b225f5293f84cb9465610c855052e1d81c8b24d28067d5ecca50d54bc78d0f3745d37d20e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ea32d3d622aa97c6f8edc5cf5f414e3f

    SHA1

    a971f7ce7c54a0ee4a4dfa16af788478f2d76d6e

    SHA256

    62cea401c4c4cf287703e511929f85f46b312c1b7bdc2d3da899a6b4055ec912

    SHA512

    3b6b4789e1443fd0910cde452c0359faad6a4e5c7975144f4c06ccbd9d4bea9b55bdbeb940635407cf48635a67dba10b107ac6485833982e641fc4f1e9954935

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d6f628e15044e25a8e4f401624e188b3

    SHA1

    5cd2104883feffa56cf45c5ad5dc5a2de182c0d6

    SHA256

    ccd685a7763a02f7388a754ee9a0d1c75a8ca23f603545b7c8cdc18bb528a8b0

    SHA512

    239d1013bc35dd44d657e8e8d8a2c543185aff695c79daf5f3187621f08a6d8ba7e03703f86742172ecdc4a2c6933766f6cf579649ed8065cb5f44d080e5914d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1d5ee164935c6504c146e57146282453

    SHA1

    dfd8950fb107a91e4a0cca15259c0e4277dd5f4f

    SHA256

    e1523d7c29717fbc8f511c9a240dec461a8bd0408d766029090bebfdbceb8570

    SHA512

    757323f7a276092dadf3956abe018a72d7a3cbed38f21d06b00cd6a4e43cdeeaf27497df765f78a6be116625f879a1a95c94eee52e2348a6389569ea11b0a37b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aad1d454f119e30272c03608ad39d4cd

    SHA1

    5195cb33caa77716ceb2a7113a0967049deb931e

    SHA256

    568f8cc3b4112deac86f97ee2f638153b3e29b0edcfd170d3bc3fb17878948d5

    SHA512

    456b400b282fee7c51f743513688ef8030f589bf3d2958dbbd8bc3e6a81e948e81b44d24165788ffb9daba34cf66a2890313b664ec0421ffb3f9006d18a4d0cd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    30929e2f08d203480196cbc5a98ca3ce

    SHA1

    bebc299b0b04bcc7ce5283895b51f9de12b0bc4d

    SHA256

    815e666d99fc9d6220003ac333e86c67667b7171b25a0d7fc2962b84ccfe75d3

    SHA512

    43cf6f852c9c39fb0a45c5a0f5910a5412acfe7616284f906f7986c75e6ebdd52ed327b917ffc33690c7cb9a850f510bed518de5f891201a0a3dbd7cab5e1206

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D7325B1-BB6C-11EF-A641-5E10E05FA61A}.dat

    Filesize

    5KB

    MD5

    dcbefdd7a5dc3ddbcb77fce449971979

    SHA1

    d0b1c5b63970a93cc3527f78e9bec1abf76db913

    SHA256

    18aa8be96b3a34a9bfa2347eddedbfa0889eed0b60958beb7753c62201e14a55

    SHA512

    b08c0e4ce97a473a5dc3bc5e6d7c993d5c0adc26542c3a1f1aead499f14fd154e61e1f36595deff7a142c34f98686101e8bbc90ce9f776f93b3a44ef8e1dea92

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D764A61-BB6C-11EF-A641-5E10E05FA61A}.dat

    Filesize

    4KB

    MD5

    1d44d8b45b16875a36881b7f6808b6f7

    SHA1

    74ae65845114ee35836199c7500a6f5e4c19a946

    SHA256

    f86100a55e5408cd2015983f84d5dbe8fa434064f362eb067fc5861d9fb5fcf9

    SHA512

    322899db77dcc9a568a37ea752cea99ee9520ca65b3e4e0932847d25e7e5715c10a27d9edc719c33880daedc44f493ab60efc77ac0856befc9d55e60fa2b62ef

  • C:\Users\Admin\AppData\Local\Temp\Cab9408.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar9488.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2004-2-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

  • memory/2004-0-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

  • memory/2004-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/2004-3-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

  • memory/2004-4-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

  • memory/2004-5-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

  • memory/2004-8-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB