Analysis

  • max time kernel
    132s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 21:53

General

  • Target

    f8fef4d2af42989b87d09557108df3f3_JaffaCakes118.html

  • Size

    158KB

  • MD5

    f8fef4d2af42989b87d09557108df3f3

  • SHA1

    62f204d437fe12b1a1d7802954b7701ef7dd5d91

  • SHA256

    085eddbabe88bc97047a2ae5f29310ab77bf19cfafbf7d4c09c8bbb67d56423d

  • SHA512

    8868acc06b72946b8c3f19891e7521d7b33d41ea0e63d38aeb521e28298ad95c3065670680747f482b78ae5c97e6b4f4843f405db4207d07bc7943737510019d

  • SSDEEP

    1536:iHRTkwOj6GUwQyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:ipDXwQyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f8fef4d2af42989b87d09557108df3f3_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2576
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:760
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2052
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:406541 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2416

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c1c5126a84e58a99bf9646fecbf1db33

      SHA1

      ed24a6104713979b5ebf28edbdd697b37d208066

      SHA256

      f658ccfd5a69d0a13b3289653825a00825b528ec4db516c9df560390ad24dd2d

      SHA512

      396f1e5ca2c1e7252765b22933ed8b6fc45efdce5f625ca3d1fdc15165cad62de3fac71fe63643b2b724d41bbd65465bbbf93c98a87dafe43c62351119dfb56e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      181ca45716ad0ee16a418b410cda17c9

      SHA1

      d5f8472c64caa26b4e9ff718bd7ae6f38ee33c74

      SHA256

      02cb1d8c2c4cef1c0ec0fb8c118325ce440278dd67f9d06478400565b3f58297

      SHA512

      b51604595e889251ac4d821a6b99c352109e23bbdfb6ce43fffa1f560312fc7b1015a8b0cb5c8c1210c67ee22408350e48126e5f1e7f41930168069816b2d64d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      154b5493706bf156b0c0598851124685

      SHA1

      624598dd6a8bacc526d27089b64f690be07f7570

      SHA256

      7f2e35c6a1f0480eede3df0645fdef8a50c690e752a2baa4d99d764919f5950f

      SHA512

      4ba2071934db640c36fcbf88e827c7d829063ceb232cbc31fc79a908e9f5a3c7830858e3efe2b5e6ee74be7c34160d45caf7954f11ec41e83d9de707656dffe3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c34ca454eb4f7fab76e412649b8cc7a0

      SHA1

      2c93ba3909af39c5fb802f6619ed1a67ea196c8a

      SHA256

      923f694248689593658b9242f993e9337d5e17b69d0d1ff5d256553e7b579d52

      SHA512

      bb39c55e26894cc32fa61b6e8e0b35cd77e608f5c779356a424fe2220ed50ebeb5c48635c8caa0e69e3cd8faa20745c27faab58bede670d62d4f828764217a91

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      858151e1fbee7653e62ca1e2176a0464

      SHA1

      390d4f65f09616702cb763706d58fdb1a60a2c1b

      SHA256

      338509083b53b8fd6ae1e01ed66871e862c5ad70a22fe48fcdcb8d0a004c9c2f

      SHA512

      2b4a695fccbad2373ab8393ac8b7e90395e479928e90fa787a64e863b6a5d702eae8be7995fa3376ee2f37e13e598677a6288ee91bb33e5aabafc2d9b7924010

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d632970fb13e9ccf0e5922cd2555fe5d

      SHA1

      db83bc72b7fb44c58960bd7978e661d1a9b09473

      SHA256

      7b2c27f0d290853ae4022a90724bc11a79f4913fd354667d024d79e82bf05646

      SHA512

      de9d7e074c264a2de0ee594d35f2875649ef580bd95134a37f515154324410c0137dc722734d38e4d5544b286a21e98a932dde7df509b57dc7d18b9f47fbdd6c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c0fe31c4626a7256023a4140bd23e6e1

      SHA1

      9423ee67e37bacd838428f67a19399149c3118c7

      SHA256

      894f6ae3b0e399f016a40b931d99add2792b195c7ee5ffd6b0c8c590ae330a51

      SHA512

      ec2ea21a73de249019a658af84405ba93e6af04a6cbc1a4e621d05863105eb16f072fb0adf611fd47c89cabf29c8ad33286117de4e9fee5e80ac304494868af3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a79e8bd6f0e6c0e5872a5a3527566ea8

      SHA1

      665aaab66dfc6776a0cbba69306c5f89c2484595

      SHA256

      2b8f71576d21915ab8b4ad49ac83b8d595a51803f3e345821a6443cadf04cb64

      SHA512

      9809c175b0abdd379b94885727ae6fd53d46dc2969b823a7bcd3d263d422a5eaded2bc2d8d2cecfdc4c4b680cf17d36bcea56891a1ecc10d3e0d1a43e22e995d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1f90cce6fdcbdb5bb8547ab259c42f9c

      SHA1

      c70d82ac8a580639160e29c5ff1ddb39c96a5eea

      SHA256

      d8ca3239b23291eb906aac02c13f7e841ee16b29f422583f14f45e9ee5bd488e

      SHA512

      b26cc103c8a29d0deaec41ad0397845356ae5531259ee800da88c7f09577acdd0e7726430aa00676a127f16582b906c8b0d20243a418913ea31d1959e054e3a0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e798c3b8dd3ba6e27f85e05299b8d31e

      SHA1

      d5893d1cf11a35719b9afb4f8fc0657a916baf76

      SHA256

      9649d23d312b4279d9a93b1ce42fe775e982d0e460a8e5a1afc3a0479ccdcea8

      SHA512

      0edd161793900347a5cfe58b5325809942f52289508eb4a9c983974bcaa7688892aec22a23b38649b23ad10a432fb20608e05e512adda2079d6c191b1ac07724

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      595c1fd29178ab11e2d8690adef0ad34

      SHA1

      12ca3d448dd26a381e7481e4cac3c685e2a16264

      SHA256

      0096cb83a9ff778d1d700a9ecff0efa61b3c419dc815c0de7925bd213444c200

      SHA512

      93eac8cdb0a58abfb83ce815a2f4d0fb3c6439f2ee9f788e231c88d8a07003e2604435b6e6a3b51a50be3fb0833c774d3d40a3fa8dad5a265a2170ad5a58f681

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bee5b0db5c8440d89a4102b899a685be

      SHA1

      10161817c6d37f83963745adce6b35d11fa77d58

      SHA256

      fbdf181c0d0dcd0171deca3ec548a259989effab98d5c77f5f0f70ef84ff7260

      SHA512

      a2e969ca542e0f0ab1e81f019ec3770812caeb0c610ea56eae0c2c8e253453f182b3200c93cd648d741d86c50e7bfc3dc6ccab744709939fa8d927b86cec1418

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      31207f755bb498b990156052a7f9993f

      SHA1

      bea6ff5362725060a07a887b16b8d150d0c83c1b

      SHA256

      07296ec4087d30008320c789960809dca29cfabd78b18e2a5384a790b1f48c9d

      SHA512

      1da420950c6171f57a6bf80828d90c7d5b1a2725e029922a895ca354648b43e66b7e1ce2a67373fb4587d9c048df383fa38897575abd1295f297bdca3d72cbd2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      65a76455a2fdf5069303d990dce5fd9b

      SHA1

      e72ccf9d230ee49043addece4f48bdde08d84f07

      SHA256

      e14670d9e28dec12a7e67aaa3091f59f4a84d7745b5820868b5c66cc2f5a8c8e

      SHA512

      7dd13fc986a91f158029ccb71ac94eadef3c271c87e333b63e176edeba99d075af95f7c0729d5248a56a70b4c241d616c8f6583f99e83042a646d6c0f07f9bc4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      80e6e8c6470fafc56a122bcc52277d6e

      SHA1

      7fd96b12555528496bbaf7e95d5edeb1d090792b

      SHA256

      fbb3e0892d4e233dd5e027e5e5be45065f38804f6580362e661f294872753510

      SHA512

      106be1efc83d12ea93529a2c6b261f71b62bc4f4e7ed6c82d290ca6e025625b9fae24d3a3ad687ec9207f1cd24c94a45b61dfe6e33898300e680cf9f24dcdc6f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      99be38c9ae7569b2a1ddb08f0d3c52da

      SHA1

      069384d1baed770e1321ee200f389009e275d744

      SHA256

      2a3a8688b554bb22f43515efdc430bad555a38d1af144a96f2fac74bd4de9ab4

      SHA512

      635803445cf8670e7fda9b1c6f3562b64b503c83fff5d9e570f1e4844407a79dda431e05bdfb76523decb28cf9c8c5c2563df349fc21367a556d427a234e100e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      aa8a36a10a8c31ee7ad3f39f3ec3e841

      SHA1

      09412234f9e616a3183a59c4cb45ae534ba529dc

      SHA256

      6b14fbdfaf940a687109d30422a7f6daf53b58d3e9bba65745489ee756a1de50

      SHA512

      06649c114e2006b414a75bc4335399fa80051047ae76ecd4abc14991475b1157208da3d613ae2e4961d257f320c5b36e25218d93e485aed92ec9384b96d7b88b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7657c91f725280f3ee23e6fc8c510cf2

      SHA1

      fccdff7bd39e9b229c062515695c6c11688f9fbf

      SHA256

      ef338d59e10c1b14e61152601763e4f5c68fb5a11f02ed45a2004a1b5f3c3f2d

      SHA512

      65e290a229da72bc6dbd4c58df3aaed0397900781e4aa0ee68facad5996f6d6de65a15d952bcbab39cf853c16c21981a3cc0d9311a67b3b09fb30d0b73bb8c5b

    • C:\Users\Admin\AppData\Local\Temp\Cab9BB5.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar9C16.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/760-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/760-446-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

    • memory/760-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2576-436-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2576-439-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/2576-442-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB