Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 22:12

General

  • Target

    f90c8eaa05270a2f6038c7e7d49c1770_JaffaCakes118.html

  • Size

    334KB

  • MD5

    f90c8eaa05270a2f6038c7e7d49c1770

  • SHA1

    c1eb724d827ee89fe03a9940e31c0dec2a1dc8c2

  • SHA256

    eafe5477fe4e2814feb13af27adb06ec0f4e10938e07ebb0c7753c00bb03450d

  • SHA512

    97e89af6be672509413dbbebbb8f5469a14b8edd10a82ef4c869605a2914adba43ad11b3097b448cb64637f98bae1a45fd3c35f9a61ca4023673af4fc5a6457a

  • SSDEEP

    6144:STsMYod+X3oI+Y+sMYod+X3oI+Y9sMYod+X3oI+YQ:w5d+X3e5d+X335d+X3+

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 7 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f90c8eaa05270a2f6038c7e7d49c1770_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2320
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2500
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2748
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2956
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2936
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2800
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2676
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              4⤵
                PID:2640
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:5911555 /prefetch:2
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2968
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:6697986 /prefetch:2
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2324

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2e0b95eb87ffaa2dade74211fa4ab008

          SHA1

          8a7b0718ef6c8c55ed9e843b82ede8392eb90df4

          SHA256

          0eaece09e6cc4ad35db6ba47f2d9e5dcc56d108867ba1a51ab75e373bcc5f094

          SHA512

          aebfda94dfa90d4bfa7c53bf4ab744cca2d9e659aa2f7849ea1e6528efd171dcbb61e0854bb3f316bf641f888b3ff638e981927c8605167dfc91cc596256df4c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6d3ef33afb98793b443cbc531cf46cd4

          SHA1

          55f00c4bd1a5939402f4fc20c0e45f053d00bcfe

          SHA256

          c9530928792e3991b5c5c0b1c3756478feae0df30992556e6593c6224663828c

          SHA512

          d4fcff86ce4ab14a8e76be893d80de6a3f5f394cfae45c6a4753e1f4e9ef18d20f31eb44a65769249c1a00e6ff9f1c4f0e841aad79b4be45e606a9d69a3572a2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          55e8a150e100fade82e439c8ef526af3

          SHA1

          2c73ea765b5f163e2f0426c905380e48a31bd5f5

          SHA256

          a48569f0b72e46da98a9f4ecc1a49a6c908d0e5bfa81cdaadf2c9723cb40ac61

          SHA512

          ccd0f37d0749983cff01c8a5775cd55bb9ea7b740733fd8a461fa36793ca4a2ca0450037edf3816edf5fc5d396bfff6b9db7da066784920e46786d79c2ae4695

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b2dbd16ce1708be5142c1d1da288642e

          SHA1

          3b7c3312be01c94e296f946bb52aeb7a453a3b0e

          SHA256

          2784af427915dde70e78a9c651ddb987b6c7951767d86105e336639e01122381

          SHA512

          7039b567f2b115039bcf6a4b5394be6d1c043f230eb280b0942a743d149e3333c08964b66446ecbc9c91da49c53156fc687ac17607c677a2b6265527defae4ae

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          904533fc7809a483e3f0622038bfc31f

          SHA1

          86eba7fac1ace87dd9ba8a9cbdad6feade7997b5

          SHA256

          c03c5c06f00f5265fb30e7d978bac481b6110909ca20ec40b7e2f6e696cf2698

          SHA512

          ec06ae9f8b215c023701ef0a72387cbd39127128f2c6e6be57ca6720e68be9fed8a7b271b9f97e195fb9865b00aec94cce9c5354d92bc9018515cb8193a4065c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c0ce625d63754d7d4af93431eaedee80

          SHA1

          f684f6d676e87c2e395cc10471bf54cd1eb691c3

          SHA256

          1c3b9aa97e42ae47cf36b23ac11b4804da328db4bcafe30b939fe52fa63151d6

          SHA512

          fe11dc21d12383a00a5e54de9e209d08ca982476d5133112a827433c3698df3a81ff95971a5c59faa15bb77dcc16ad90a3aad93fbaa13b9a0ad8d2d7d796ab78

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          df2372223c9baf9aaa681e06d2b353d1

          SHA1

          7a69269e46ada553e6dcb73a43b9616c9f2b627a

          SHA256

          31270696567a7a40e292f65f4040aa74bd5e2c651a9814436324be3f256e3d6d

          SHA512

          8c9671086a648a39d0d831923bf8a8734182b2c24ae2231777473c749c5770e7d460c705727741579429f92218d561350a3eceaecea4a9c5e4590ed8f89442b1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b51e0a653d8afe2599e49c54ae7bc75e

          SHA1

          d62899ec910b3b0dd9d42de872069f25eda4585f

          SHA256

          f6e16564ba1514a7235076ac72f49c862cc7cc6d357b86f9987612eee759fab4

          SHA512

          ea013f2eb4ff838602573055b3a9bfeefd4430aab4a193a5ff148d260f7b5eca2c7181d778af1f62af6a3c34431a8ed5d37f131cd3c12f5414f5a29ada37b718

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dc2331c257be183a255915dc01105089

          SHA1

          c8a1f5197ab3c31769bfab0d8997b6dc55fc6459

          SHA256

          dff2f1c221f4d476d301c74a583da86eeab1865d5a59beebecfe34d2bb2a0875

          SHA512

          ee73161e455a5b15d165f857ac648e6d86ec5b7dfa2eca44dd1315ca8db967b961754183300a87ded0b65ba7d143b72c4653cff580a142753ce8e0a4a2dde159

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c66f398d44fadf4dea761aad7ab2f11e

          SHA1

          5c753427accc0b03042f218e83c6a064aad28308

          SHA256

          1aa9654f9fd2feaee677efbb90408fa47609ca2095a4ac03197a7fd39826f502

          SHA512

          be7a5ffd6a98ce691f51331a6dc91095f94964581721e52acd3b99be63d11cad39a212ae05c92165d714172f1300c54a2d0127501c8f5c27299ba94b1fd59616

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          44bb155b2ef16e9743de247ff0255c05

          SHA1

          c5b7d0e1dbac7716da6d93a0b31e4cc7f388d55e

          SHA256

          c060c791ab8c29da22bccbe9dd947da1329858a9f1f2b9dd741583091f85c420

          SHA512

          10f0cb01d238c8d7b2f7f6dafe03cd0faa0b3c8291c7d48a7bcb5888e106dd6497802cb9d3e368f2da4a610c705b528ebe75434f78bf585025c8a159020e44a6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          26b5d23b2ecb1f0598e106cd5b176660

          SHA1

          49c70cb44d3b1b78569d93bbcd2b2541b0a90fb5

          SHA256

          9bdc0d289a11e1ba828f10307db65fbe20d53e0fe900ec0cc27a55c52dbe4928

          SHA512

          700e52d9416d97d74d6bc4a6d16ae3297a6c40b0ce1a5f107eeddd06b4f853ad31961ac81122e9e5bc88044b36489166aefd3e34c37ade82f7b3e7f71bc2c2f0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          20efbd89e6fb2f8993009fac077c1ed2

          SHA1

          6f0c8a886a071b7776fedc3c9134632913f951b1

          SHA256

          e29dbeac03c644baa92174145e247457f9cc7637efc3cb31f39cc1c5a93c8b1d

          SHA512

          12d60a4344be7ebd77732c1c9de46d674e6e4f71c7f0f3f88efd5f7b69cafffe81ef859d02f0a5a0e9f815038ad260508bbb294e7cccc7c43b2e5fcfeb0f5aa6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          acd3f0d833cddfb6cf94fbd7d8017d55

          SHA1

          ddc775e2630832a3814b78ffb59b5a146ab1028e

          SHA256

          ab03339296140697ee2843686343c262ac2355a9939a84669a93d19d8b1ddf70

          SHA512

          28e19064bebe0b89651e7057138184936414f0dbeff915f9c489914ad61fee4f262c37087c665ec31863c49a526bbbc28173925ac5de1192f6aba6eb798f2091

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fcdef00576212591ebf329a5f00b4222

          SHA1

          2fb8a11cc1a57aea17b6179f8599b7a25bb99e5c

          SHA256

          735048c70ffb05e918a165d4dd67a46bada908d68b71b2d1d0628090d11fb406

          SHA512

          abc939faa063c2bd78b53c5180ea4bcdb8cccf1c3f13fa24969b28dcb3abf8ce372312af35eb42636c8d8fdf2b24b4220352a808a6fbbc32618b67803c9dc781

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2230b772d8ace1897ccc4a2841e70d57

          SHA1

          67196385f12b8ede98aadf4abef60fa7dbc3718e

          SHA256

          f454ed9ee3698b815d460c2e973cce15a156fabedb69c349900812748eb5215f

          SHA512

          1a40b78bb88c56461587d51ea34cfbe6e46a704f83eb1404ce37f5c973a291ded20cdcf73c391ce86965c5e2b58d5651b71dd2846b84858ef2f7bceb1856e332

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          03c54dae40b93e324710c50a10e4ccb0

          SHA1

          1d0fa8aebad0d10b5e927c61c5d10ee54ef219e2

          SHA256

          64fe3040a2fa49b8d29cc761943a36f980dee1b6ece1db4566f3bf3f8218e94d

          SHA512

          db615191a374d36859a3d9bfd47d6ae670907d916a54d2ffb65fdcd067dce6eac6766412160baf7b7f09f196149e690f192fb739d0dd7a7443ec6e8ac0a2ce64

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          de88456aa9ef63dabe2121e3ae80f8b5

          SHA1

          1b9b35d2c63539953c86b55bc32277b9b95573d3

          SHA256

          04967685bc0b065c7b5f10498f2c37628824e8c20b9b0261ec88bb7549bf7bdc

          SHA512

          93aabaa84f8d9184cb32f63a0f5589eaf210941e78921f55a85efe199f8413f7424db5e6c5334b7ec2727579e93fb405ece519fe4bfb55bc4074b94c1fc92162

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          55d4f20c863dc27137a9b545ddb56420

          SHA1

          59e79e00db3434ced318f2358149627c8df3b916

          SHA256

          5f7c47068f19838da95ef195ced0a17ef51537048c981d69aa8b25c2e97b73ed

          SHA512

          c47f8e474b9a71ea55f8e60a4b190d0864421c1d072369f1ace0df94746d347882a35d33358c34159fc73d374d46df1c0e06165b30a257f44ca1cbf29ee3eb13

        • C:\Users\Admin\AppData\Local\Temp\CabDC10.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarDC80.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • \Users\Admin\AppData\Local\Temp\svchost.exe

          Filesize

          55KB

          MD5

          ff5e1f27193ce51eec318714ef038bef

          SHA1

          b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

          SHA256

          fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

          SHA512

          c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

        • memory/2500-7-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2500-9-0x0000000000230000-0x000000000023F000-memory.dmp

          Filesize

          60KB

        • memory/2676-27-0x00000000002C0000-0x00000000002C1000-memory.dmp

          Filesize

          4KB

        • memory/2676-28-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2748-15-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2748-17-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

        • memory/2748-19-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2936-24-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB