Analysis

  • max time kernel
    132s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 00:13

General

  • Target

    f95d5be10ec81483c80b39b9e12057fb_JaffaCakes118.html

  • Size

    158KB

  • MD5

    f95d5be10ec81483c80b39b9e12057fb

  • SHA1

    8b8532295f0329ff876f9f72c92624d8f2b94603

  • SHA256

    55fe942a4d740ce6e6e03217af0e49703b7f42a73a2d836eeee903a27b23b8ec

  • SHA512

    2286ffe2e182bb88eca611acc10316d37b5bd7e411ccb3d502b9d25a0bf3f5364cf7edb06340ce37d6bc177d59c330d0dcdf18204612bef2553c680c455a45c5

  • SSDEEP

    1536:iCRT+6F6QeouZFtsaYjj8yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wd:iQXeNLO8yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f95d5be10ec81483c80b39b9e12057fb_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2448
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1968
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1860
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2056
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:537613 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1464

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      42196c324c410e1d3e1981f6dba015cd

      SHA1

      22f4f4b959546bd9dbd0ab4531014d3f0fb92af5

      SHA256

      66b99e81cc99f187ed50ca252678bdd8a7f3dd432f9a540e68eaeada3c4d30b6

      SHA512

      cf4a78ff25a25f10c2fff09bf47d4133b360317807526da94cdadb698830efc6c26f5f9e92b835bf9dc185cadcb3274b684eaaca17f1e892741ac9dfb47c21f5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      53f510a0b6f42c3533d85b2ff2de9201

      SHA1

      550d7c8e11f6ec2bc67f9066154799ff6b1e6f4f

      SHA256

      942d79659a74b17e6652f12e4fa90866d143b12fb816867ca0b830493312007b

      SHA512

      3bfae8b0894ad7f0c8c3269e0640ebbc42bea47237c35efb178a873e72a684f6e42cc6662d75a70ebc29687ba6afca279df933f07e93d3b89dd1ed07fd711c74

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6de8fe132947be11e81859cd8967b055

      SHA1

      649f92ddfd6d4da075d356fff5008a2084aa45bb

      SHA256

      b12b47da4cdc992f099ce9f65577055a599bb3048274f4d01a4854a1b9aa89e7

      SHA512

      bed630fa55b65b43e49e90e4415bcbc4f96d57e7c31e5d4c66f029dd97e19173987c9a2f52b97aa457e1d1c4d44667fdb2fc93986a612ff2c9f482d29a2a45e3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b62a7a7647e42972f39896a2250c38f2

      SHA1

      ebea4a00fff72b845248bfa3e92eab761e464ca5

      SHA256

      1847a2075504ebc2dd3b5ae3dde59b976a94519b3bfbd0fe29165e163b76246f

      SHA512

      7079edee4766641e974be1bb2e6046ae1fd1a253c3932a2f1fb07a6b285ff2a53083ab9de2ae65fde013129879a9a23fa5c787bb7f4dc0ee27313141a12ebd20

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      358e6b199235abff1df14a3deee38cc8

      SHA1

      01ed284af428ce56d272e484ddc711c6151ea3ad

      SHA256

      c789e29239ec82c9cf655ddce3c4110f12ca6a9126810392488b74d1c63f085c

      SHA512

      f283e33e0bff85cf620e061a38a5a84008bf11c7b7923e95f688595e17c92dd75232e46260cc9048cc2249460804188f523ea80f1fd28dd11726ab336b0bfc68

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      681510e9376a2271b631dfb45cf530eb

      SHA1

      0ac88eabafa9277ab6085f8e6070d0b129fbe87a

      SHA256

      ffe5a447af5d1273e3c67f0ce52f60bd36c6be40914d2c9eab021d7fa6959c53

      SHA512

      9e1478547be9040f7eb811cb767708b67e4f9c1351f61ad67a2de5347370b3a4c4ceb6159b793ae74ad432a511a442231ee2ac5b775bd4e2334f9bb10e6b02c5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5b86130796e290d8f0f4f8904a7d4539

      SHA1

      5ed32d450b002614883c5c8b7ab4cf825bbfc458

      SHA256

      9b124c82ae87c9932cae7106b11d248b732dc029bbd2d4729a9c71eb03f4b35b

      SHA512

      e586c0b5a731b2c9a28ba026e6b41862c95171afd5f831e90d85a3130337029bc8653d3b13aaaf255f90248945a8ee217106c82c090071c588b857916f285a5a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b3f5f5396b4696836f40fd59aeae0089

      SHA1

      2f26b45d7f3f1885ae96750ebc61bd5a7c028acb

      SHA256

      0cee383dbcf1d905e2dd838768daef03a0adf06380b1750eb65c36136fbaa17f

      SHA512

      5c0e880cfbc7e9ef478d839c72c0a448fd2f351491c4edad3497462a7d640312bc02fb94cd16c3902a7c5a004316c429ef65a4c1beee224fae7a37d6ae88e1ba

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2ef6bccb8193bfd0bb2b42c17941793a

      SHA1

      69b4f6b5f64ccef01f2e76706a611311509e6bff

      SHA256

      f8ae6505486c5182f6d58d89121e6a076655c185ad7f8e17fb17378f6338d48c

      SHA512

      3e91b32d5b4f558f1032f7988ae43ee079d5df8be28c37255bf7743c022baa768f275be312484e0e68f75da489e6c1d55ab38a378151a520f71ee52b64cc73c5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c1e7212e48f97da952edfc09bb83b92c

      SHA1

      31c1573afc29525ba1ef1c8fa12d00c755a2a388

      SHA256

      78f673bb6b671cd06f1f218430dc89b5cefe5fdd9ba2d2dc1f410b6f16e92385

      SHA512

      0db00620647b5ab5fc48cae4837a99bfd8b4e02d6f17d6173945c0dbfb0d2d79fff56b562950c39bb840ca9efa1248f3fc1b4f562f26e92377ba6276d1a0f526

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f816c5d1d8b71b8f064f2e41789a29a0

      SHA1

      ddfb382b1c1d944630a6e9498ca6ad436bddceee

      SHA256

      e5f4117ebb5530182df2e6952ad205325fb6eeba4c6fa484153ea0db359f8ede

      SHA512

      d0016be3c3e8a508f4378a6c6e9840201cd3fbb68d88eea58ca64bf2698c3003d27d87c878244271da52c0b9f76d4edda52fc07c84707af1226e9916272944d2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d27493a6ea86d591ef8358474c6c856d

      SHA1

      d7b304a7dde816083244cca4ea23cad30cf1c919

      SHA256

      224bcc86ea91e28ed31d033c9ba07b5ecd4688e961febfffe99f40f4dd7e2fb2

      SHA512

      358c7f1cc54264097918871f7aee5e88a32a18d5a745c1f45d3a2310f9bde11763f23171de7578459863e634b4a77d0574d4f21150aca128dea7af387a4f6dbf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      956f62b57bbc647de9421959bd022e53

      SHA1

      80f07bfc1bcd7b6ecf13c71739a83e87486f175f

      SHA256

      6a605a193e87082e8b31ea9c21c1522e1161cf6e496e35e68c3bdb3dd127042d

      SHA512

      816724e16da21bab3d0a1c1697421e2f645c81b405f758de772695e38e48e7ec6b256c463150897ea2f1955fb51f25e466460808f492dddd2db189842144c39b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dd2f2038498682e36dd683c895651678

      SHA1

      bcce8690e55739beab206a2caa7ea505ab64c8ed

      SHA256

      1ab8ce7df57cf47708376de83c5e71866f8a6506a36c29d6c8508db975f60a26

      SHA512

      73efda34afebf7125f55acb262888b2ed1f548e1140a6a97c4c25daab2bd14a4a74d4878ee2a5d8b81eaf907cb649d56df89626f35956aa97168ed73fbbed45f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      75459a4f09947358ed81b6eaf8b5e3ab

      SHA1

      d1e8fc5f721b0a12152b24df345063589007252b

      SHA256

      c1e82b47d9f51db333057a5d8492b9d89f735422ca8ba44efadf23193fa28cc6

      SHA512

      7a8189601abf31489f0f9344bc7b1168a7de8d3896f5977c954a96fd42206ff38574292a5be403c4ccfd91eca115f63b98f64f1f9ccb855524e0d65dd94d2774

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5fa4b9629080be9da8a2b60439f8df03

      SHA1

      aff2fb5cab05cb50fa85616e7c62822c796418bb

      SHA256

      bae40b1896943b40c0a0772f3ab7f5cbf7bf1808e7edb4cdf33d05959b0b3a82

      SHA512

      8000ce9e63669ce32020d536e109fb33f7512ea1386d7ed05168a5128e86d25b63738b53a58c239c01324e39a154eaa2304539e0f062635484360b884a3d3d90

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      242543df2ec7a121f488fa69b7c54449

      SHA1

      5342a3895927ffc9058ccbf6d69fe63c05083e41

      SHA256

      045cf3f5438213b209bfca06674c46803d94d68e4a0e2e9889436ac98e7a67bd

      SHA512

      ba0c28ae96259c42b24e19ed96a11c83a2001c33633f3d85c07b70265f34b6f38c69e972fa5ed093434b49298bb955384792ef6df47d9e719165e4b91081a91d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      301d5cfae9ee75193d816edc126c6c00

      SHA1

      7d460534aa9a22b9c89ea5dfdd9ef76cf4ae0197

      SHA256

      89a147abe06079a924215d4aca2ae5bc81780f5962d8b52ae83e64a3ff63115e

      SHA512

      70cebb8a7505c2be1188de5e17008157b1735468e8abc18210676caa7e9867506527fdcc362ae55f8849407e012ad3a0a2845bd4f29ac0b70522046f676a6281

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      032207291179e9b9e8679ccdbb00c69d

      SHA1

      f670a189c14dee2810976c13eba85285440ecf27

      SHA256

      b9724aa62342017048361fbcfc0e9c2ec7e548d5b4d95c00bef6a94956a4f502

      SHA512

      bfbdb55d4a56714cd4ffd26b3d2e643f22a4a6ee616a534f92b7e79b5dfd672e20ddedf68dc56d4d067476a2c0114f2eba725ab0af9f0b9fa63487d8e04c1527

    • C:\Users\Admin\AppData\Local\Temp\Cab93E8.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar9487.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1860-450-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1860-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1860-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1860-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1860-452-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1860-449-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1968-441-0x00000000002E0000-0x000000000030E000-memory.dmp

      Filesize

      184KB

    • memory/1968-435-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1968-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/1968-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB