Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 06:05

General

  • Target

    f7a6f49b4f8bfde61cfe12abb0d3c6b1_JaffaCakes118.html

  • Size

    155KB

  • MD5

    f7a6f49b4f8bfde61cfe12abb0d3c6b1

  • SHA1

    2f9fe38de3dd87633a691971e93420a52ac90bd8

  • SHA256

    57d771acc2817b7489e07174f9b20e265df2fac9fed6bb0465e75ac7ef768fc0

  • SHA512

    a51874b7a5815af8b05e909cac6a6eba48dea203e93133663d5562644b2835696b23293c42742cd49605447394dc6f9ad801ed601b1f4b75d5c79d54adbab89a

  • SSDEEP

    3072:ieuOkvBTnGTyfkMY+BES09JXAnyrZalI+YQ:i+CnG2sMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f7a6f49b4f8bfde61cfe12abb0d3c6b1_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:320 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2324
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2196
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:320 CREDAT:406542 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2476

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      59c2e15cda1877d9db43f959e4c61da9

      SHA1

      d0dd88deeac859c0fa7e2951bc544e64fc9d7e89

      SHA256

      6ea93dcfacdbe673db34fbe7cda038c3e69bac973ca7b1ed25fc16f652b7b86b

      SHA512

      a2916d7ee3b0f0d8ddaa8c2c73f30f6cbfc3fd143518030cceb29e68c892f792327945700b29db9aee4d329a68ee312295d683f9e7e7d12a64cbb014a052f283

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ed2aeafe6caa1a477fa9d5ec19b30c7c

      SHA1

      57c67fe1af350b34434e72810929dce4414bab0a

      SHA256

      60d01f66424098521915ffe166d78de0680128719414397ed855bb385fc9b9bd

      SHA512

      5889f337f55bc17f83f894c0977a68991efcef144cba42244ebbd7fc1c09f46e92176310eb9765c9dbb958f5820f71f06f98ff5affacc47081f3772346eb358d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b284007bd94d971e1e3d73ae1b1491c6

      SHA1

      a27efadddf54d7eca7bcc6d8aae9c38db97f07f4

      SHA256

      c205db172e6acdfc04ce47ed4931065022dc9389f384ed1c591a74a009956a18

      SHA512

      ea4fc8d972efb9e6da8354b6d1a5d424f5bd91a60f1bb0b20acebf53b0a11d8dce9c6fa8a87862acba2e8d3523a08219b26a27c3636a676022aa79c756b7ba62

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f3a82e74410b4cfc69ad343feb16ddf7

      SHA1

      0425724bdea2be79f9e9432f955da635a9d9d0ad

      SHA256

      79abde77f249bb34537afda8ebe4e33b1c5b9b526512096c431f4cc6743f6bf1

      SHA512

      48f275fc0f6fb9b19bc3083483240c7d53fd189fd750737a9969b8fc73ce7d404e57a15d47f06274324208139e471ac03f39395e8f3ad8c6445bf70bb55403c8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b3588d4ef82bec7d9c84532cf42a826b

      SHA1

      94d16b0d56633b8a35ed57111e6346774ed73585

      SHA256

      449ead18393d8df5c8f64c5eea791627286a11f53681f2be6aa6450f52da2051

      SHA512

      0763b468dae9ae074c67a1561aef3c272bdd297a2cd4281d4cc6428f273d8a8a34b10c2b02e48f8c48508ac164cfb69cc79e098b915182b8a4b8d4e60a00a1bc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ac51141224485542c7a13cd36d56d1d3

      SHA1

      95ce366682001f01bb1f97fd7b21a04653768248

      SHA256

      93f2cbd6a3329d2fcc55d394882db0dede348e126002462ed1984d802d33bbe1

      SHA512

      d7223fd80298560f342ff5915ad1bab6f4eef3df914e79648f446965c27ae22aa54890ca9a41da4edd89f4c08ba7df24119a15fee860508d6e7c1fd8b221e54d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c4e897273225dbc4c3b7586840916ee3

      SHA1

      97c926a8573a3b06591a77828ffb417ac5001b60

      SHA256

      21f20b87ae6b0f5f8995aeb2f62547ec429710326ab844927cce3d385c4b816a

      SHA512

      1fbcb32bc65bd8fe5017e2568f3637c1954136a48dbd1eb241125ba77f3e5bffb6384835b8978e19a4903f1c96391865f6ce9b323bbe75a95fba09c548e09c77

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      45b5c7e04322dfe2d5de919d6e98ea93

      SHA1

      4d6edb31ab1acdb380dc8fb03864dc59cc94311c

      SHA256

      708c4f4cdb1a9e93b816b62fe2b3326e351a725c2ab3aa02074d5d4f48db1b29

      SHA512

      3c04f08b7cd56fc7bd9de5d4a0b13dac1c5554cfe6851d2898655620f619603ad5f15130ca1e88f89c8564ee34af981e5fcae90324ec919f2f07242746547aa6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dbe8db4d248dfd070f124a90475a8e66

      SHA1

      0c4434106cc1b4c509c2b389c521e7bb399534f6

      SHA256

      0d450839368e80effd3480334196313a9042d4b378af569c9cf16511118ce4cd

      SHA512

      2e382ce2123ef89848c2abdd2b14a1c2b863a4399c7d81598f8b13055b0b7d79c719c720113932dbf414129ad05d57cba65e515b42d3faad94644a4e7d06e939

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8e9eb9a887f26cb2d6a701ba5f91e24a

      SHA1

      fd44800cf456931527b7e89de861b931c501cbf5

      SHA256

      25363179762c75e4087d7f94eb188c15ea571d2efcc8feb7ad71097af0b06f17

      SHA512

      ef5702d3af47016857a9afb552e3bcda38a9b46a86f494c8e75d33f65574abea4dc1e6c2f2543689006cf1cc00342a89392c0d4376c9f164dbfd02b7c605667f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c41be0e66cdcb06be57e7843e1d7aa52

      SHA1

      d6ee759722ca13aecf16a6b3fcd03f88dde58138

      SHA256

      3334acc7be1d0e8af6c077955b703dc74c61bf32718e1ac319c7bbd61b0d8955

      SHA512

      cb8b635ca360d3fe8d33352065fc14ad662162f14d57eeff3a383d66678edaa55f6e9e4305b0798c2123c2806a784a284b2a04637d2c1c23d2882420518ffed4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      366a2598f39864c1b38373d60b39964a

      SHA1

      1b29e2f103ddc3b0081693a5059109ba1b613552

      SHA256

      3746cee3d9331d9ebc46f25668dd94f3a535220a441667aeab24ff4a61962252

      SHA512

      632273af9508134e6e357880b30bd1086ca52e680eed01402ce8c2057e9858394ea244e9cd37367f392360aceb05ebe8c39c2ac3dfd3753a3862ca420df27d06

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3c9a4af1c8f8501bffff727e887771a7

      SHA1

      7e271d706fa13b3d091f5a1c9cf47dc6ac3c6852

      SHA256

      2087580cd09df9e37596b7fb45b4b2cfe8be14642ac744e99c3bf5f8805568f9

      SHA512

      1c00603e828dbadf2a384121675c9e8bc90a868cbf7786f70ab8b8845ab72b43948edf2bcc2e9f0712a5ee8b06566e694d431988b88492b18cd4200e97380f61

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a7726c0abfb05559e72ef4ebdc9e10ed

      SHA1

      646e1ed5be9e7bcddbce2594cb443aa228409eaf

      SHA256

      b46eb50ac0fba8ab5d982728f240112c15b0531693eb46cd31b5a63a3b729cc5

      SHA512

      5090b507dc4504acb76618f3447e34b25895b6c8b3e60f112945c6bab5fc34e339b80dd63de0b53e03e4b98bca9f830028ec55b75023fbfa66bf751a829f4672

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3392b543a43e1657ec5ed173b1dcb7f9

      SHA1

      ed3a9bcd5868555656a48172133256bf36f7204d

      SHA256

      aab7d599271ce325f53d243c953f77465b51dd45bc5271e2201c7a440148ec51

      SHA512

      18c420ba9c0151f8d10913841554b5f6ae10117e1564122a7145a7568fddf97d92de3b9ddf7fb7e6b0a24d7f9008ed4519be161aa69327be437cb6680c8a2f19

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      57fd0d2c71aae0efb422ad25c74b7d73

      SHA1

      7bfa60b5333eddb95536159df3dea143c1b7ff3b

      SHA256

      045c93daf018b401ea400660604221b8fccaeae4ed6eeeaabc03fc808f2f2335

      SHA512

      cec2466988dd4d3fef906416d208568c8a37e36e84172662cd9c492f4ccd78e3617ea0665d25d3b8749cfc4482174a35e95f0444a613a8e40f7e2197ba49b4f0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ee6a233b5c5b79035b9dd6567e963c2e

      SHA1

      335c546d6e47a8ae6044a27ef59b2b374b360b02

      SHA256

      5b33b894b41c0520763e28994d116bfca539981933a6237c0663ad187bb3aac2

      SHA512

      03b38cc6593cbacc00b8c6c9fe6f620d91b481720b1a7a4422349d69d14deeaab64701717fea21ef6012a592ba191326eb182d6c753dbc824f5f96356ea39226

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f75935087b28174217a55567e6fc5bd6

      SHA1

      1b9fa15b7fc83f9864af4107ac7bc7c3d398503a

      SHA256

      3d3ba4dd2dea04204f821c25bffe6e0f4ac0986221078e22305647445a5b98c8

      SHA512

      92f36678ff6fd1f5bde583ed85e3ee7fb69babedbe39c967404ad75a5eea82bea4eda3de949e8369ce4227fba23aa31ea998d853e2800a37697d1317ab204368

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      785a90959c35b050fa90fa6f48e85bd3

      SHA1

      ffe788c55f46910578cd11c0441bde2070eb063b

      SHA256

      084160e3f089361e46723ab33a0daf37b12787fc505d1dc6eab60506f2c79b44

      SHA512

      ed1ab7af80f0cc234578a90ff54ebf1c88d45c442a6e3afb0c8eff9c029942e52d56e3e810a4cf9e476de5337d5b62b1c258ebbd98e0d9402783f23d484514b2

    • C:\Users\Admin\AppData\Local\Temp\CabC91A.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarC9BA.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2196-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2196-443-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2196-445-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2324-436-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2324-437-0x00000000002B0000-0x00000000002BF000-memory.dmp

      Filesize

      60KB