Analysis

  • max time kernel
    132s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 10:59

General

  • Target

    f8b1a3933bdc5bc850f4394aa4d7ee08_JaffaCakes118.html

  • Size

    160KB

  • MD5

    f8b1a3933bdc5bc850f4394aa4d7ee08

  • SHA1

    a63aa84c488432337347e0fd0ca92a377ab4916e

  • SHA256

    e305400aac3eb8c9875b1fcfb8054d244b7a5623217d53fc7b63ffa7094cc1d3

  • SHA512

    67808dfbbbe3eababdc3358a9c678f5c8fbcc0cb39226380bdf31dccc687caeedacc66af885cdbb6e9434d2ae5614a84f752a7977061d80df3d64e2b9cb30a28

  • SSDEEP

    1536:iYRTycNEOnYvdP7kjqByLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXu:iSZkkjqByfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f8b1a3933bdc5bc850f4394aa4d7ee08_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:564
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2192
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1416
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:406539 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1956

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      57d33c91830cd6ead4bfbd5307bd0206

      SHA1

      8f674a8806da98dfc2d213acc26a369ac5218a95

      SHA256

      4fd9cc0dcb75b1cfc3a3fd04463f18ea40ccc9950d4ed1a59d2fb8683c785a1b

      SHA512

      af717bda9ac2f0f10ac7c12c2ec9db339af1f4e5c27016e9a1f065db580ae7c3c91117f88035984d398400c5bed49d66545ac58bd8350880d6a8dc6bc88c25fa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1026ba4754520a72e0ed5487b5de9d66

      SHA1

      6effcf0b182643633dfb841c9f21329e718639d3

      SHA256

      9c47988031b590756f8b1060e9b5327159795508cba08fe77cb63539028a120e

      SHA512

      989ffac9cfadc6acf6a91c5e0a35a797033ec7771da0a5394f8ca7ed9ef829cb49e11f1992ed5fc1e2482c29f36959cf2fd52398ac78107a657a13f05bc551e2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7f3820e6cfe47aa2500aa3b2528583b5

      SHA1

      67c5f898549211aad8d58c39d27e380b6b2154e1

      SHA256

      e6cecfe9a8da408b12afb1444ec3cc42306dd11d44cd8a1a1c766cc8efdc69fc

      SHA512

      5db996a2804662243617a366a5f660a2520cf250b8804cfa83b8ece1d5ff7fa710d58ee5aef03a6012d22f447b3cf4bfb98053f39b5f4e9ee8f0d01b46ece4ee

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      32085ea9230cc263336c444d3a39dbc3

      SHA1

      1682de33e0ff16591385408e9579b1b4597ed283

      SHA256

      7a508cd149ca95f28b6022ecfed78c063a2a824983f6907b619887b2f7bbb5df

      SHA512

      85b81a122b406c13740630066da0fea2536126ac1c84e08d0fb7057ba830b653d78a1b1605a7300bdd6d16c42f7d5cc18cb94e951d571b12d6bdc447b3998d6c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ad61594398f4a9e1a5dfaf700a41451c

      SHA1

      5f84d7bd67303950f297411abcbd1519f6b9a480

      SHA256

      a2a279b879e293e23956cc868fc134e901d2626813df96be234c1b8e83531a49

      SHA512

      0e8e0f49fdc1d7a7800cdfe4a5c1fe5309bf7400410007719838a6f9aebd01fa0bfadaef41b18859e8642f96b5a5cb2b7ef5012b10050f48d3bea1d437b7d448

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      544cca4efca8b841530810a5f6cd6973

      SHA1

      bdd6c7246a2b63d1e82f8796b2808be1020505da

      SHA256

      2cf72c3fe3090920f9feeccdd632de1c0fc401478a61675c0f3aa57b51318878

      SHA512

      aa8ff8ccdcb00272d8380aeac47362c8ed17f936577cc32a11373d62e7b0159694c792b1c2c1440a3e11337b53bea8a16d67c39cded4536231bec90e1b653787

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      753cb2330b02b679e9b061c82e883916

      SHA1

      e99129c0ed3a347e9b411fbfa627d52cea02a392

      SHA256

      f5c2604bb1c40c015fe2387eb7270d36397303f0a4ea784ad931f55a91577aa5

      SHA512

      d994a6984eb1cc1a4d6bbef93b2c460efdb1e2a05fb35bf2c3e405bc835fbea0a2e64545c108bb47854d25d44f3b9c682d41195963acce91253e5204fd34ec4d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0db75d648dc28450bd4cb54ef63d2fa0

      SHA1

      48765c1002d1a144b50f8885a31bbc806a2e4ffa

      SHA256

      2a6f19fe8c6b267b150d1bd8c49a0b4e17e292dc57e7f2403f73dc82b5126e79

      SHA512

      4f4d6976c7021445092685f8683f23046e2343b5a52b904438e11a3f946ff5cf3f0a276099f4e62ca634342a77432ffccbdd8efdbce7a3791e0d341fbbce00e7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5f076fed64234ff2a378e816435dc079

      SHA1

      6cc283932a035746838a6d99d8a11554f0317a0d

      SHA256

      be6ad7dca7ff11b61257f84f440cd59e766c9a054df062d6d3860cfedb7d699a

      SHA512

      8e54f6aab82881a2ee404e06872724de32748d4e7f3558d5ecef34f76f290ab7f3817eed38abc65f505f49aab929564be3a6896801b5d266dc6445310eebf02d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3f7e680a823ac306116ef1981253228e

      SHA1

      aed7e6067e569cd16ce31bd83b15550d17ef9800

      SHA256

      81fa4bc36717d5197443cdca32e674a2018e8d6bb41d95a0eb28d5a4907e3442

      SHA512

      7a08d891d5022fa83eb647a3989c27ec300ebf2859839a22852ce95003abf934e17b3ce13ad87d1579e9189b5900bee88c9e94d1eaf66ee99280beb164a7a768

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1c5f8bbc2de2a8ac3ca7540bddf7d0ea

      SHA1

      94187c1c0af8b2a5df99ffc4406c0aa6c82decb2

      SHA256

      de864a04cb0ca7c20276fbb509b26e5defab49500877956ecb8ded18d14e7961

      SHA512

      22575ce05ee843245125d56d8d9bc39dcc4d8bcad4bca8bd74ad8003e41a25252d6eae2cc69b73bbf656e4b9ba22717b82f0c620ae3e51924dfd7db4c613a105

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a1fe987586fedbb59bd4b7d2b8124c77

      SHA1

      42698afdd31d1ff90f7c7ef53bc8f20c6c5d2800

      SHA256

      07dce996c69b75d796045e65c30ac877181db401bb27ea05c2bad0ce9f03d658

      SHA512

      410f57667673b527a8a5874c8e7515fab6287e3427873a769c780c95699d9570aa064c84d207baa15b7f1a40bded2acbc1774e46def588e69e36afb292a6e9b6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f02eec5436f56b23c0b13b3ffdd77795

      SHA1

      9159182df01b8df57360cf43435a45a302b44e79

      SHA256

      aa4fa9013ebbab95429870428e298d7576b0bb7848fc461349bdf1b73b72db52

      SHA512

      1598e802bfcb87deb26b7a3cb90f2b2612e0ff132c219e10a1e2807caa97a1b470f47eb21273990425cfe487f8792e9d0bd510b4487e9863db2aa6dfb42755a2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8b7e284a80d1207626c476572840331c

      SHA1

      ab1d810fc62a43ea98e8bdec6d0d86d76cc66a65

      SHA256

      28986d910b5b01ab3baa2564b7ce7d50047d0fcb99b41a54f9dbfcdf2e1d7e83

      SHA512

      e6fcdd17bf1e77573d4737374f7ce8a7937d17e832560b706ab0bc71de0f83b047191defef15cdef3f51e4b28b94f59382b33790c36fe317f56b2e11b9e36982

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      14eb1ece8f3ab313cc3e039f154603f1

      SHA1

      9269604d641a870ddac329e09f79b5c7fe866a5c

      SHA256

      b5f7eb1cfbf95a0b3dfc5320814da0abddec669873ac5bb0df598883ead2346f

      SHA512

      4afa5e38a4121e2a2220ec9a2dd65496d0bc7d0df435bff8d40efdc18ff1b2d209f117e6d5403202d19aa1ae021160f320c7eb8f6be990eb5bb0ed851211d5ad

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7620a21131fdec991485aa70167baa5b

      SHA1

      43866ba88309b61531fc120d8b6021d364954208

      SHA256

      2658c9d302edfed28a0e06889d8e2e3c1c7983e8d349c5ccbc098852e01d39a3

      SHA512

      06521e43ad400f5a215143b2e4966737bf82a87287515ef7fa540d5060646e03da73fd5d8ea58535245c3c929cb818901173bfb61c105c223696bac1e5054c70

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fd69ffb8c228e92de11d5d814eec864f

      SHA1

      64f8b87002b1f39376a894aa1c1ba8f90fd40e0c

      SHA256

      3ffc0ae59abd620a54fcc801be7073ac48d0a3a2930ad1aacdcd7f020e501c8d

      SHA512

      15565a862ad03469474517c465048e293e2068e123ce4974f04023764d36f83f4481a593d4c4782642ac10ce9881a4acb0f8b94dc7c5f78307fcd679d233739e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f1ec517010465bdcb4466ca9b179f9f9

      SHA1

      ab930f7c7c29f42f03c5747968c725cdf372a801

      SHA256

      dd437b77e68abd91831ff0ef37f75733e6d8fc06f924be9046274baf9b4ae0ca

      SHA512

      39d1a5272a37b531e46d60ded0dcf71dd9f82f4358e1e0bfde80d4ab444764685eff6a543a7c1876f93eecadb38e2ebadd6222bcd9eac29cc8e9563fb0a07a7e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b41577d3619c7098a0a6b69486eeccc6

      SHA1

      f91e962cf4c11cc60461376443e5e4e30f245d01

      SHA256

      aa162bdcdcaac1a59ae2165fafea39c8a4030b0ad51daa486fba996633e36d5a

      SHA512

      ee77e57a0c1296458af043737745c346dcdd7dce5e63eb0403c2438f5031eedc6eb8acfc0cbf7d917041ca37c4de3e2670cce97e9f963972a15d9a16aa8b2679

    • C:\Users\Admin\AppData\Local\Temp\Cab81BF.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar8230.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/564-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/564-436-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2192-443-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2192-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2192-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2192-447-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2192-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB