Analysis

  • max time kernel
    133s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 23:49

General

  • Target

    f94a4ffa0d45d24ddc649e8be53c7b91_JaffaCakes118.html

  • Size

    158KB

  • MD5

    f94a4ffa0d45d24ddc649e8be53c7b91

  • SHA1

    6536783067dd8741945cb282920e50cc99a6b274

  • SHA256

    8bf088a0af96e7264a53574226a748f38257f4957ecb7d8f02fbfbb4ce1564ec

  • SHA512

    2021098b7288966eb371f7b0db45a28a0b86e6e152a3d04999fd8e90cad5e1daf9ea1a15952acf8df1f830478125a5c422b5f13054b376c364b661a3e6a9f67c

  • SSDEEP

    3072:ir8wPEGWWyfkMY+BES09JXAnyrZalI+YQ:igfGWTsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f94a4ffa0d45d24ddc649e8be53c7b91_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2080
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2340
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:632
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:300
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:537613 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2008

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d2b3e3319608c2dbe04d2bbb0f0ad872

      SHA1

      031486fb30ad30c6b2411df61202f5b9c17b0fc1

      SHA256

      b12634583952208dfb40deb1ea9e0286271b31cfd3f4bc175795cf6e878dd5c5

      SHA512

      4fbe3ce4eefe8cf6051a4dd8509e0936f181f86f04b4256742be436c9b17383767c4f9c20e578eec44bcbce64642fc3e99a738a8ba9ba7b55e2c1983b55a39de

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3a6c8a6ea7fe0eed9869e94777cf3426

      SHA1

      81fac5f127be6bc39e672a8fd75cf5f6b0f09d5b

      SHA256

      a5042dcca3ef0713b00bfdb4d983ccc5f633d731ca42dda492f41945f1363ea7

      SHA512

      f3d379283aef35c8bceb72662c029119fa15d68467a118a1d0f04517133aaba68822acbb198cff665131f1ca9290a4d6f0aab3b25feb6d32baad85206de2912a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bfc793e0fd9c2ebe3e1b5f1fc60cfeeb

      SHA1

      e9637b9d66171de958d7159aa20b478a05defaa8

      SHA256

      2657acb7265a3beea73aa919f8090df31d60dc81e751fa3412309389fa442249

      SHA512

      e782f3611a1d7b7d0ad850306bdfe7023c74140468074bc29bbaa0fd863c57a174413bae0af1d247b046e20b83fe5493a3c66732d55d644fc655f2cddece1e6b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      383664a322d912bb03098d5134f6070b

      SHA1

      23eac760e2cdbc47697eaf22f379a979f40a0561

      SHA256

      020f315f64e36afbe9f319e8c4f9e8b1f32ff3f2a5340acdb36fd90b5069fa91

      SHA512

      1b7cad4a0dab7571b4861e3f47fd44dac1c0482425bcd22415404b0ce10b5230cc2bd6688883fd3703f9141bba75aee57ce6b0562d3ca51b8758da3a4efceee7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c91d01ae683122b9371c4f4ef17733f5

      SHA1

      a71d64b9c6f30df63cfe92b3b6816c11f42170c8

      SHA256

      e7771f30ee02fe801d2bf84499e4b1c72c2e46aebf55583bfc9c3d8d8f1ba091

      SHA512

      9c01bd9b0d513a75b28c21002af2a0bf5c5383fcc4310279c4fcb04e35482fb719d1ea75c0ec39836a53985db5286eaea6b69a88eb898744e916b9105b4f0836

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4a8bea4e5f60f46ba93e57308cb150f8

      SHA1

      b5370b65cffe2efa6ca8c15e6c71b400e55e9ba6

      SHA256

      522d8865b5ee9b65c8e8c9d5ef2e15a95d6ccce0b3eff3634264e8257f857b19

      SHA512

      c639fe5fb3dd7f8d0070afb86b8fb5a3f919d2bf0361deb36e6f76d11042b578bf7d861e7c75536ca0b360fc96251ff3003626253423145347507582eed6dba9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6e8c11991cebbdb042b12bd2820e005a

      SHA1

      cd434655afad126852bd993e11c6dae47f766422

      SHA256

      94c8fbee155adeefe2d1b7f1242bbf124e31c3771ef0f55c6257071161a75079

      SHA512

      4ae11deb61e90e6e5abb936f36f01b510294dd8102ae8e6cb2c90edf6b2bee2fb46851b58f30baca6c40064f82a8fbcb7380b37f74c8799bb11fc8f3a218e0cc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      32c4e9c3462a3a0216c44839d02edabd

      SHA1

      97c181d65b913a23400294699fdb32add3087ab0

      SHA256

      4af107cd8a5b6f3fff1c3043dba9f7e5b8f6c233bfc69bf039a78a7e78ae53ae

      SHA512

      ab133d56de70371a26a8e061d4bf8d621606552d929ee296622f481e6d18776c41a7dfc7a80ca0fcf5a57d5a4e4bcb149720dc12b8fe7244f0580ff851311a1e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      480e6534f1e3eadb7e5643ab4d8470a8

      SHA1

      bf9017f2f897d4bd462707c6723ddba2b4b3fd5b

      SHA256

      700288376fdd53c937687430b3b4e7c24bbd96c2ac49ced8ead6004fee18fae8

      SHA512

      a2eb95a02492370c444dece9f1094d98b1ab2bae116f03d5d7da7e514a23264f148bf0ac87e188a01828cd44ff2859f5f7e039a7e64c902ca8da099f35146009

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bbbec7cf4a07ff114e5fc16d929940a5

      SHA1

      5824626abf24ebcea398570cab2bba17a6779d0a

      SHA256

      e05bf318ec34497326b0f232581d3adf0b17811b0fb23e14e10230a86133c79d

      SHA512

      2755bb2e258fb8ed68d0ce3ab7c85feabfaa56fd219bf42907ed3bf2ead146e88e992ffa1f2454a4454f735480af50b08712291e64f132593394b61827997acf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      86694dcf4211cb96714cf9fb641cddf4

      SHA1

      b8791a9301dd9e247b278295e256fca5dbca56c5

      SHA256

      fc01599e8c50bc39ffaaf28056d8696de6800f03945e434be5664f11da73ab40

      SHA512

      cd9bf408622a755706496c083a789ef54e5b1fd866871e98583a34a3ad8b5808622105ce6a267a62be38c42e0dc288a670db7157751b7525b3dc55ab60104b72

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4635398dbd0f3a4293627bb085cc2a98

      SHA1

      f6d229cd0cc01bd26b7f4cd5dd896c943f786d19

      SHA256

      bfa00e8ac8878303db43ccbae41e3d7e428b9597bd31bdd5d317ffcbcba71187

      SHA512

      378d3f57f821e2028c7dec382e08d1b0f6f0cf10df16afea080fd55dbbdfbd5a7bbb55f7b41113951f737464f58232ea79b795cdb89f4fd4bee07386c15aa9ed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a45f4a88b0f84d8afab16ce9503bd977

      SHA1

      3c9bdd8d8f7bba9e19b958405e4db20abea62d58

      SHA256

      74fb98dcad938d800e3b5fdc9c0f2e96f0839a66ed40eee7ede746ce2a63c52d

      SHA512

      af73843b01bf24d366f3251327a689889982f56e50c855c560adc72ab94c134bbcec61dc78cf6ef5c56c41d5c7fed59675d207ac0d3da092caee32d82fa3ebe0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5b5b211283b614967005a5102e5f3d2c

      SHA1

      7349ab16ea3a2b7e123cdd9864272077d9dcc108

      SHA256

      8e283da6f2092208a133f6fc572bf0ad2986aa799e6f490632ae8c12f26a5e2e

      SHA512

      7d9cee953594f92e15d193a238c7041d6bba57be07c53a54726c731cf102a6cab2fdb627d9911fdf7330d4274663dfab6136379e354e70c26e71ad9480ed978b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5898b96c9cafe49e13e88cd54760ee20

      SHA1

      0d12975395c26abc876c93f1501c5bd75e7cc22b

      SHA256

      37cd4b61af1eebf247c2b2b9485a2bdd303e9b171c485f61c27b994911d7cf8f

      SHA512

      2bf64e29d889136c03208b680144d1b0cb758a96ab23219c6167cd7815dcb3c09f556788fb9f35124bff1a885ffe096daa5a5c3032119399e4132081af32a023

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bc8a8fa7b5913c9696b1675f14f1e5ed

      SHA1

      c5ba4d0042b43d74ef9c774ce016111865be5e26

      SHA256

      95f581ce4fec8ee21d66401e764aa91abf9cc4e8737ed96cd302c9c26163cc15

      SHA512

      d7e51fd9e9afcfb1dace256d635fc7ac7b339bc1a65705a076be465354c5d895860012acc4a93bbc8640290696f9636f57b48bc0e1bc4a72e9f09e87c64c067d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cbca34c176ede9556cecd03f2ca0fcc2

      SHA1

      b5b8e1577ff52cd54acfa73cc2ae8782b11fe1cd

      SHA256

      395f93ce1f1a7a899470eb97f94bd7ece03ad2f37adbd18357405d01011d9f61

      SHA512

      d8f0a894974001e0a2e9cbb230bbb929e2c5c77428e3746958f640b93e4f6f1d0c637a54e52041c90e4013903371fb8450a3afa050f5f1e487b600b1db925783

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5d190ae31d65bce8d1b7cbc62d0d5d46

      SHA1

      a9cd848895548cfd186213cc5a6e41ee10eb9260

      SHA256

      9cc95a243c17273a4c464680c6e9f07aea314668c2dbfe4206a4c1ba9757152a

      SHA512

      ad77e8a7223b9c584e6c7eb9909af31548562be7431112ac755b1989058087c826da3564d2049f796c930c21bc56df959f9e2f5ea70dd45d4a3c756be6b4511a

    • C:\Users\Admin\AppData\Local\Temp\CabB126.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarB1E6.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/632-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/632-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/632-445-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2340-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2340-438-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2340-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB