Analysis

  • max time kernel
    132s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 23:10

General

  • Target

    f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe

  • Size

    133KB

  • MD5

    f9363dd295295e152fb6e359da85b372

  • SHA1

    48b44a67eadf0b87559baee69c900c8344f56c70

  • SHA256

    f17e0413dec2114d7d138c75044084bcf3c4102e760e0032713c045200226a1a

  • SHA512

    caeef28ae90275824881ea647ecfc802ae7f60c1a82101c3ae8e4cd4653a573b0798f3a86abf6668dde9fd218b49dbe97d1db5f7cac7c773988fb981ec37e04a

  • SSDEEP

    1536:aOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:awV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2992
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d32d3fad1046a44e684e22bff82946b8

    SHA1

    d0f75ecf9f9226263b27cecfee8c5cf545648168

    SHA256

    09e037d6e558130e6e939eb8d465855e405cc7b78d54ef7bfd49ca7e8e99de0a

    SHA512

    0f3295f8b4d6ec028e5376dffbf3a223941513f1f5607e8d933b428e4d33d97316c552b76102885a7de1b6fc5fd874fd12c6f405fa125b5f23f0a6ea175ce797

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d916f164b469016654c4a615ca3a92e1

    SHA1

    51db5b6beafd0e839fed6bb868009d13e8ef3fd3

    SHA256

    6222616ba30d12d3a78e71bf75c3ea0279c4b6b061e8e35c71639df4d9789ad3

    SHA512

    51bf867d2a4c738672d4a55e1145ea3f8de0790983377427a83b9f61e5e4d0451020f09c7b0dc505f903059eb5ed84d3acc56f4c13a0f0f3e9d3e6cf69b53f80

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bd54256064c104cd95f7bbe78aa5f3da

    SHA1

    b762dc13c23eb513fb59187d75b3caa0717d9fc5

    SHA256

    5329c2c270874a5098a19194efcf1525e3086dacb47b60d4dcdbca3c41b33e18

    SHA512

    fc72060dd0999dd70fa759b5fb59de8baa0347ee0ccc47722760a470760021c7c26df309d147553dd71a50c9eb52b731877261b40d37c3b6c8e4c480a1ab8b89

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    82e56ecc3dd2480d740851dd93e877e3

    SHA1

    088717aad8f33170e47e634fadf70dc69afaedfd

    SHA256

    32de0614fa4fbc65d4a1add1918bb057e19fdc4bf3666b088e6c4f497fda4c1d

    SHA512

    8bc9a18e5623292944755da4a63eeea2c0a20f3aac50dca97ec87fe9dd701cc561b3d990d40fe05453e5ae915cf1223b0b4d1195d22cca9cebcfafdf3c2b0857

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5489ce9a4e4bb2b38bbb7113b8bcfcf0

    SHA1

    f70bac713e4c02c6bebaf694a99f488bc8e22d8d

    SHA256

    a97316779bddfe84ffb4c52275a27f0c1607548d3e93168397bdaaeea891e8d4

    SHA512

    35eeeda68283db9221f7bb70c215984467ab1e0c84994ff5b7eaf658f6a6b2f380a35947a4e1edbcebdd6e79524a8636aa96fc9341524d077c19204013f34303

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2f786ca29a43d708c356c93275fa22ec

    SHA1

    b9a262e36ceaf482fea1d96a80ce178a3fa6f7c1

    SHA256

    6057f2836cd08144a94a59f54027c53dfb11079f844039281b2998f3f3149e5b

    SHA512

    f6a1ff3d847e252958b01bb9870e0bbc2984002f7a810c342f85972b0d974a0ca10efad1eb5e19c46287350db6711ad5281628eed77127a6330bc49322783dde

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    59ee05b3066b86899f610e441cbb750b

    SHA1

    4b905e6d0ed7e298c38a9860ac1cb03165b038d2

    SHA256

    c1fe030f93086d77b069b60bd2170dec09de17af569f84f98a4a07582ffd72a1

    SHA512

    147ce1ac9c80c196eb56a8ddfa7df32dd4387e199070a6f3684bf87fe87b28bbd5ea1063c6e3bdb0047210739b44ae1602556ae2036bf8224b155fd54b6fbd48

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    65bada6c62fe9825cb12d010cf467c33

    SHA1

    363cebe66bbcdb4db5274380efbcfd9bc2bb961e

    SHA256

    5e9467db0fb3ce4186607c7359a3f4053ae9c1079454e7e4637236beaff4c4a4

    SHA512

    13c4c3af68cde798382b891570146707c28df1d1cb3cd05551652a675487c56f3e070ac297abc0312e20e7057cb6a65d055e2212979f65258c3dc6c633470faa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    60508c34e66d8241b53e2c6ca4bbbe8a

    SHA1

    3928aaf375d92812b26207aa4b08023104fe8497

    SHA256

    ce38416cde758cb83616e694d3ec0e0a12405a234bdc12f5064dd3214adfe006

    SHA512

    5f32db6fd2e780206fb282d0c8b91c8679a0afb06844906d55a85d7f58acc6f7eb935a1a7a89f458e97ee86e976369e3bb22601239de5999ad237a3cd3b78b42

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a249ce34dc656f5376a038ffa3100b24

    SHA1

    86c5bb963fab542deb7f3c209cc39d2a764f2efd

    SHA256

    ce28bdbf5b960bdad9ea90466914fe11767f6afddbaafa88c2f453579020f1a4

    SHA512

    2e8dd7bacb7b6ed8f4f03454c5ae8c37a57146cf20077a64fa77c202bc26c56bcf876b993f5afd33b3a8b6753216836898796ecd061426d8a24b16df03b7363d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    19d1b5fa0f4500127f6cecbc1b608b12

    SHA1

    5e7b0560d2476d9bdb2fcb8c12121c9c6e17d51a

    SHA256

    6bcc960b5e51318e9da24c0e382c8234c883c90d28e9244db181c390540f172a

    SHA512

    3448eb3e2feabce03295b06f415dc19bcafebe3d0da5d2cebc46b9aa843ac20fbd5f0ad4d8d750b186a7eec38d7829a10c71cfdc18b353c4451f4e1689f9bda2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2d54c31526b801519f71d999818b836f

    SHA1

    cd50db2798f04ed73cfa4d58dae97e61e48b50be

    SHA256

    a6e31b074973d33c5a403def5adc0bbd077325e30721666b8a8247f6a817d02f

    SHA512

    dbe67b21972aa3e84260a63a29028c73e7c229b1d44c44e31ccf15f605ddadb0cc827a27f4cfb9c3373fd1c5a02186bf7e6b7974923b41b659df7b6679559c67

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6ad86a8dd46bba8689079a97fd3c92eb

    SHA1

    fe787878d0b1df19593cd45c627920b6c13f85ff

    SHA256

    a8f6628833d039271662eecba331b72396e77a23f1f1585f576a0ce5db7a8648

    SHA512

    fb035d3fae00806016701cd0427fcc102450c342eaaad31db4230d4ec83de89871be1705c0ae48caf843d01d44635df1487984b3da91cd602a1dfcaa323bbb9a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e04b2e0ae7e2f8e3e0b8ca3654b80092

    SHA1

    3d6b72b6f4b145f76feaf304a81ed94f368ff4ba

    SHA256

    cd7a8c69d97461eb2bb5324fec946b1b44fec0dc902929399d6ba39d6ec79dc6

    SHA512

    b59497ae8ecb148e70de3459dfbb9a1e8ed7d5af2331ab4792eacbc20e2c9ac3cc6ee70edb2a90698af14405702ba13e1c57a23c904307e6cfc9bc822d6ccbfd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4911143e0e2a2e34be9c5e761a621ddb

    SHA1

    05222abafbda0770220fa86d6cd395da4dd3e3f9

    SHA256

    58225051732bdfafc8140e5cc35441ee67bdc620098e72b704484349967f1242

    SHA512

    758bc47a117eef0b31cc83b3a39b35f4c0f84509dda927be5f9dacef28aef190132daecd5006fbae429bd7b39b9ee41da4ce2aeb422d460418a269ae2cbfbe5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    80c9221fa852ed28b8de7daaa4637530

    SHA1

    5b14feea22a5356cbfe2c896f7b15f00ea67f58a

    SHA256

    e5b8d1bfce1cac8b02b2f8b894a3d062b5c762705e57de88ddec2ac0446eb2c5

    SHA512

    37ccf2be45e6769272025d1bd8b1f371f1ba66b74f76f595c15410be7927ef284eb0094397673a4645ff57d47a8746703bce84eb1243004783dbdf63a54b6fff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    954939021667c8860fbb62ae746577ca

    SHA1

    a08820d66261a454012419afbc2fa96bd104699b

    SHA256

    fce8f2b4c70e49853319bfc50a9a77c6fcad003f92fd653a5ae54b7cbf301be6

    SHA512

    24bd480c84be16163083adfd32727692ef4efd2bb176ef2d9e332e01a357b3c26b2f0f16d0306e891df909530ea939d6e0f898d173676ef92ebdd42ff8c3dd55

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f728d642afee035f63653b27afb18afd

    SHA1

    cf67890fa448a068a81392e5af0499755b6cd08a

    SHA256

    635fa35454c5637ebdec057f1b4fe379732334ce26e7c3fad2d7ed83ad38d0b6

    SHA512

    d4db2684bfba4047327602155d4a03a1bd5377fb0338d54fed9a6e95d1bddc9fa67f914bac9b32247d37f7bfae27cb94bf23a24b8919856301383aa3b09beee3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4fc686cd46dceb9a8c058d125a93d4b7

    SHA1

    f11ba41adac9ceb84f3a2dea15c9d01c06b2eb55

    SHA256

    f548a41e3fe5181e66e6d43f1aa3d99a7cfebc4b326da2d99edd7962450a6938

    SHA512

    4cd575145a835fc69f2e1a0d2319e4ada0b27ccc95c5287f73a961141b27aae953d513e3a4bec01ff1142d22fab284c3d24dda3041ac8c5c33cafe770dc66563

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1E898D01-BCCC-11EF-AD58-7ED3796B1EC0}.dat

    Filesize

    5KB

    MD5

    832fda993bcc651eb7350af5d296819e

    SHA1

    0a49828456b8241d03ccd4116d415eaedab784cd

    SHA256

    86a0fb2f7fa4ba1c578058345478450926d10fb71e91265b3d6feeaa6968b9c9

    SHA512

    ef75e8eff009b1c33e464a3bc917bfbcd471bfcfca3983a260b57d13d799bd20bde3c3f1dab352a3ccf770fcf43349593921ff3f13efab62363c8028ef2be900

  • C:\Users\Admin\AppData\Local\Temp\CabFD.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar15E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2408-3-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

  • memory/2408-0-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

  • memory/2408-2-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

  • memory/2408-1-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

  • memory/2408-4-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

    Filesize

    4KB

  • memory/2408-5-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

  • memory/2408-7-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB