Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 00:41

General

  • Target

    f970fa88c082f0a902c7fef643beba68_JaffaCakes118.html

  • Size

    158KB

  • MD5

    f970fa88c082f0a902c7fef643beba68

  • SHA1

    455d89c056a242d1d34b76982fd6e0091466ecd7

  • SHA256

    a824e028902265536735f7b12d3e13bec63b95d5a4fd7af4a0d9f6db8fcc992a

  • SHA512

    9682f30c2c5eec3cc6edc9e6e8ec2c04475fc604526ee2e9b3f0d12a4acd0c3bc1c9a92da834c2e35c0ac53e6fbd9696fd516c197f4819c3eecfe531f93e7d72

  • SSDEEP

    1536:i2RTmA3Fvu51ud+e3yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:icX3yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f970fa88c082f0a902c7fef643beba68_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2756
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1520
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2232
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:284
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:472073 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1180

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      63aa34b5db5ab3da72863d00eeeda30e

      SHA1

      41f97d822dc92d9f06442016f9b32d7503c94866

      SHA256

      d09aea79c14fef7ab3c6398992b36b2e8ceee90083fd5faff96073fcf5f9f4fe

      SHA512

      ca9abeee6467d6af4751773c9212e3daeb4b0ad31ff641aa1afbfc8de88460e8f419eba0173335b390b1f94bd1c0054ed9b124e18028265bacdecb8941ad2ed2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b83345b32672ef3936a2c1b6cdc638e2

      SHA1

      655a73c7e042ab076196e701e0a6c0d5e72e1b95

      SHA256

      a9fde602674ae032e44a90bfc6b67a5665e49eac3b925b3409922a98f76b733e

      SHA512

      d0d7aef00bac13478f18f03202fe8ac041032cffe5517f09aaf4b3f9b32c6ec25952537c1a031f9b57265899d9feb0ce7f85ec9409fe845c296db5cd106539a3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      120c8e07e672ddf1b2651c9650bac265

      SHA1

      b7ec4b2e8004dbbe383fcd66fac76724520eabea

      SHA256

      2dc7eb83395879b2a29fc53e7c2ea2740e2723a7e52173434a7f412cebf7cec7

      SHA512

      305be41870be147950169510cf54a94fea18c1ea1bdf4bee75e2b3be231f9ddab1aaddba2832884e6caaaa1fd0fe302d1c2b1bacfd451b50a80f758cf8cf474e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5221396859f129c93a3be104d7a719cd

      SHA1

      3c4074b129a67d51ecbedcae738abf524c659af7

      SHA256

      9ff4ddc52011ab41f80651c3667d233c94fab43dcff2f72cb40008723f1d2e9f

      SHA512

      9825ef1711ef04098ea29c2deff2f32f713b96488c9c827eb4a5b5c547f3e9f1a2747e6fb3815b7e1f43e41bec3997f70db4dfc11979ddbd24784f9cb1b24a83

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ceed66ff33f27eb3f9e10237cfa8ff7c

      SHA1

      f95a87228392a5dd7ac5405ae2d2a471c5659064

      SHA256

      67ff879ff273916918219cf35d72640d874aff685b8132666a65ec15ae1f992b

      SHA512

      ebc1f81c5334a9311ea80b24f1233f2315940ee6cb0c0fc81e67c2e8bf7028cd7ad83b63b8f2bb16065557821e4f476796752726feff4eed08809f9a05e198dc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      481f8ad9c60ff1d3de8ea0c179fe1ef8

      SHA1

      7a4ba13689d8034517483fe714ac1b3d13561b7c

      SHA256

      d617332a7b950c53ced60587657657f4f7d363ea6b272bd7030b2fec61543839

      SHA512

      f5b39e0e6f36fec3281fd69fa33d08feeeeb1989876be228edfd1270bee46b0eaa6e1790b534adcba8ab39f8e95e49971e22fcab95496574deeda166d4d379a4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cfde889f25891ff9c6047223bed10cef

      SHA1

      4c5565814700ae0718d8f155d0a7e932b177e45f

      SHA256

      463ab81c61f062a3cf119881a6cd1590b97d2a1d36037462fda895510f4c315b

      SHA512

      854d6203053d18b062c01d93043e5f31b4f5dbbc518a1f97b87a2b09999303edd0f66b51923d7024eaecf1ba57f417e19983d3d6e395f90ecbd01edc79d1e3ad

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7c16d90e8bb2d229d8b66c6325999f35

      SHA1

      6d64f990c6ffb81a27acc331887433f261dded5d

      SHA256

      2856577f13c293f93228a127fd865f64c58196b208366dc25aba2a6c0c9ad688

      SHA512

      5bceb981deeb8290115ff6dcd602666d0e000ef761a28f6e954f10d71f2a0b1feeb0d0741452bc38a0bc377022ca8a08943319dfd726e8a9c080ed04c1e4af76

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f8b6802790e6e24edf8c80a990c44d29

      SHA1

      c1704afb460e0af29bf97d6932104d5ff9401c45

      SHA256

      905f4594e83879406bae182c094df618c384a2fd95f32c7a09f065671344de48

      SHA512

      d3894df4f48476037a593fa160f4440db03ec7a6a2da75b8cceb9a049e69238fe4a7f107ab9fa1d83c043cb7c45edea7a5d4810f09c81f3ae0e02749430af9a9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ac05f29479696c72d8016a45b18fe786

      SHA1

      657175bada52286702e1fcb48ebc73cbcb5a86fe

      SHA256

      0cbc050ccd81d2c1e28bd9986f1260ec25f369264294ba0632471a22de4e8746

      SHA512

      db07e8523aafbbfcda30f471420b92a4287d0110458bfbf1c6cc3f275e141e1be8e8947e2bebeda5c67661cb1136aa4415319db0b6f0f5a7b6a0202f009a5315

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d97afaed2965f5e59b3180db8857b7c7

      SHA1

      1c25fac39ba73243f4ea880db26e3db66c554f26

      SHA256

      5b6b9bfad1b0764a2a5872a026ef814b6ed72de518bd551ffd516ea06328e7f0

      SHA512

      9714621ba74a263d2be2eb4f7cfaf4ab4a3a3ea7ba4ff102134823d962dd3b40c127382c9fcdf16dace5125824c9ae764cf849c01e9949f0fc65b3b63b63b7a0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d97d9787256644149bcac3805c60f94e

      SHA1

      01ffd97d3eedd2c0a7089cf94d78d98cb25d81eb

      SHA256

      40626829c893a6bf70cb65c11b5d7c4808345bd9bf3504eb9713262912de10ad

      SHA512

      3254d56c9629bf4884996c746a53ae30aece5d41d3817359519d93ca25767d1a2ed65e454cfb01854e8686f45c151af5806632484901d0b92721ecf6133b2485

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9893e9c59ceed72cb1a16174aaabbc6b

      SHA1

      05224ebef2167b46a92780882794f7192f800421

      SHA256

      4737bff03879001fcef45d57507f4eb0cea29c288c31bcc9610715470a50a2c8

      SHA512

      4b163b0f64f4da7e87d95d68d448ddf3a25470e90d4f4b1c6ffa002794abce0112ed782a3bfeed9e2afecfca664717ce73678729ced9bc7bd206aeae653685c4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b1f76d698bdb35f25f359ed13a3e16cf

      SHA1

      730b369326e0e4b53169616974d814622b157832

      SHA256

      1c46cc81ed27e2f5ce4b8ca30d7806968073573e3cefe146be2569a8102c5e8f

      SHA512

      fddfe3ad0c2b158d9dab5d76fe0e87f11e85bc01c9cedb3eb22cefb54c420207e99ad2872f92cdc89501308efb3d8fcd85a5ebf20f46c3c544be8d460ac2ae8a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e9726bd5991cf2cec54cb073b91055f1

      SHA1

      7555e3be72115752ee0bc8f1178bf004759a79db

      SHA256

      0b2439f4fb50cf45877a9bae5ec94db23d75ca62591007a9501969b1cc3d5543

      SHA512

      c87a18a20d466dac84e2a7a6c0b6e4ef87348c6fc06dd484b130f9b2a850fcf9eb015e60275db02e915f96592e233cfd3aa07bd2c2bd0c0f00096b166f2df75d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0cfe80eb18af6cb7f23f0c2ea5832bb9

      SHA1

      c291322af57e1e38a3af6e2297fc730593c13674

      SHA256

      314790b23226d6d3cf723a556c1171b6e769ff68712f084e739deff2b726f0cc

      SHA512

      0254c627c717ce485de270fead74f976b3ed2b38c3181d4db9ce45938dc008adb93deafe961c2db814ddbe905c50c616ca196e0e31c7f9b1699069c743200b81

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dd937bed58bab33cabc2bc5eff577a58

      SHA1

      6cb152c54832eed49fd3680454105cab586905fd

      SHA256

      7cdd9316fad39d58fabf9168dc95401783b112130824ac93ff590f61f09dd4bd

      SHA512

      4b3b50a7e99e4bb8d60229671d7d1583835d7a71d1b344d016c0613704ee997674a89d5e3a6e1f885eb26c2775bb5b2bb4737a932f2cc3d38338957a68d1355b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6e757b520c792b9311c66cc89ff29440

      SHA1

      a1d9de9a5574cb43e6edff2bcca391f7692618ca

      SHA256

      70333394447d617bf2f6ce1831eebf7618227deb126a073f67e87be9e02fa166

      SHA512

      ef844f6fd04ce30bb6f0bbdffb90bfe1cc1bdce6e29fbd5dfc62ad8ea665d7d54bd36c4958e5ad456882b2c495c298575f7169068e53ac60cb42982bfd9a2e6f

    • C:\Users\Admin\AppData\Local\Temp\Cab4C8C.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar4D3B.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1520-436-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1520-435-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2232-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2232-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2232-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2232-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB