Analysis

  • max time kernel
    132s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 00:23

General

  • Target

    f963862cccc204023644f502c3e1ab24_JaffaCakes118.html

  • Size

    157KB

  • MD5

    f963862cccc204023644f502c3e1ab24

  • SHA1

    578738478aa50c4c1a868860cb1f52cc71a4b26d

  • SHA256

    dd3cab4c1af19da8f724daec7fa124f8c19a8b1594e760af0b346483f6f933de

  • SHA512

    6286219c719ea96ec4b53519fb93401acc749eea546b95faec61b133c760c9477649d3d6c3fbaae7033830b4106c33373a9a1eee886ec49b44c3ebfaea577519

  • SSDEEP

    1536:iiRT+0DLXABFyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:iw1XABFyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f963862cccc204023644f502c3e1ab24_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1428
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:348
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1472
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2440
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:537615 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1580

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b3b63904ad9a44ef0c47d315476e413e

      SHA1

      aa46a64432b4ff415fb50a207e82f1c74cc09a29

      SHA256

      6e4cdc3929be802ec0f0d26aa546d7f90c27bbd1569bf90f46f7204f969b6476

      SHA512

      19dbfdecdc0eee2275b97b9f1b7d0ca2e8ad69bc7b74679596e95f923d7ce6b03eaf7ff84c1008b2cc372b876f381ac97d7b07b3aeb6f2e9018d8808064dd8f3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9bb5396622f4dbc2afd6c931e0ff72c6

      SHA1

      a19664859493eee68b6015175fdaa0a4c47f4c78

      SHA256

      536151bfb468c5dcb381f574a51f3fae46f975a11d09eb110aee10af971a3285

      SHA512

      d88193dcd7e07b1064ad0e977277aafc93b0dead0c7da44e452e9e1ebe7ca8b6587af41c769b9db8bf5fdf4851cc11c884aabc5ffc38a667d1fa8dbd945937c2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7c0774724ed55c61b8f8502b9e35d644

      SHA1

      837af5968617ff7e01783144b409d5240599b1a5

      SHA256

      489fe1d682438a3174d82b54da6f01e2ca9554e7f1575c2f3ad9255a357831ba

      SHA512

      050528580de4bf481f8a3cce15d631ed19676698e8e38d58b2c65c8d5050594b0e1bc56b546969b0dd1329e17074e673801bd76f12d7c17cbf65bf1f17f79a0f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d5175e8e7bce62b4eb33cbc2958f6b11

      SHA1

      be2a35d8e039782e568a93a0c7f3379bb902890d

      SHA256

      e78fa15e9a4e05ff0b7675b44310b82bf6a6a46015f93494883702c8a3480ba3

      SHA512

      ecfd428bc17e8ae9939bb46ee53ab76be39e4c4722c7a43b469635928c2ad854afaf45708211b087159c16f342086b82dd578805ba8ccad282366dd63424a943

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      94d630a25312878a7ac9f148264129d1

      SHA1

      4208372f2c63b2c68fe93ab381b32fe0146184da

      SHA256

      508b7a9fb667741c072faa5e6b7793f7d7f3541d4d97c438e287ba0f5a5a2cbd

      SHA512

      748894ed4d471fa62ee8bf90c27ace5d78ad04c7d1e2490f0a06a415f7826c8d6fb9c8d43b8853badc41ae89a2e3c90d837fc1b3696e886de70ab0533a4817b5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b67f25911f51b1f8372c370859a22b00

      SHA1

      4f4d61904e61f71121ca6ef5483560354c03cc48

      SHA256

      220bec2bf492ac184528dd2caae0f3932f58dc70ab2b8beeeee77f687ada0f68

      SHA512

      8fa6e272439a3e34153293ad52b80caa35c9cf6ad9f9ee0493e38eb70b5b9d61fe4377deca8ad47679a1d10102193d4aad2de4007d5bd62e4f631228bb604b22

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c67a7bea8acd37236f2244741df49dc3

      SHA1

      3e2392d4b23d1dacaed076e32434aef8c7ded11b

      SHA256

      3335160f6c1bd4ccc1e5b661eea54de6ebfd39fffd9991811f5e6c01486db0ed

      SHA512

      f91d623d8a09ad67b0a5e7238e981c656cc00fd1666cc9fef40ad450730d54d0677c7ee28da4fef0e35b2bb3614f1832c46eadc95183367357967e9f30eb8a04

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8bec7a9665e954094fad20d7bc7fa668

      SHA1

      0788c402abb1be28feb3aaafe7c867114d9a49c0

      SHA256

      dcdbe76e7923c58f74901f76c0504cfe2bc392b7d5093af5fbc6c7848f90376e

      SHA512

      a1257cc9ebb4e4c1b6f1b75de7c2007d65eee6cf2637ed0b512e1b53fdf0e3af5282e05a0e5851117d4d7ed04218854534e5fd2a644ee79d79c9d5d95df8d623

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ce51dd08e1597f6ad3c08316369fe265

      SHA1

      d3a802d921599b347a8088a568b5c7a8d9a89206

      SHA256

      9f5c6d4475a1b85be618c6c87f3b3fb401d7caa24b275e9dab4e55bb9db420d8

      SHA512

      5e3e970502d7adeca2da582b5a534d95848de94edf92e2c0b8ab6707ce20ce332f008699c073c5ba33dba4158f7d897aa9b71c9651c2ae6d5e41ffefb04d992d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9f31145ab8507d1aa66b6a5a7d595690

      SHA1

      9c30e3757f1284c14dc16b07ef4379eaffc40d0d

      SHA256

      4b35efe9aa2e943980e2d9b7ef4201d51271b3f14188cf7a47061b10b594749e

      SHA512

      7e90d2187f396a2a614e6f5495bcd032b09776c0ef71e91a353c80e61ee14bcf7de64ee522781acde22b9df714a9ec20dc2a14c8ecc73200909bbbe051d3b7d3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      aba1cf33c1f12f926d6778d69374d726

      SHA1

      1a0be0d8deceb1972e0264557e85cddbec061b50

      SHA256

      578d3b65f4fe2a5cec9d802bf4bbedbb7000c76e00e002af5242c46c1c64a6f3

      SHA512

      d2928a2a653837d88d070a9573f2dc4132d446eeb410b07a4ad6666ff5826f259aaff0526f4e77e867ae2a742487a4220671ee061401433636dc90faec071869

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      702701ff4ba3474efddf64ac08a3a2b3

      SHA1

      8201e724312da74f5f78e814121c01a1fe39c61c

      SHA256

      8fac70cce31d0c690538ae2b1b5109174135ccacdaafeb44794a191893344958

      SHA512

      e1220e4a452286bfde05331477c24b5452e1598f9eacb26c004486ddfc0d289ea215d783fd7af81bfb834a9b687a9aaf31fb4d1d109407684d97f8519e3325f3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a145821cb4ae370965898d2ffe376fae

      SHA1

      5a83c074af4e4d856cdfde7592a6a2267725611d

      SHA256

      0a537e5d0a9777d7d3988827fb4ee401b6f13a7deb48c804fcdb0b70a988a7ce

      SHA512

      571c82b8390eb02d6829a390e4d7c875a6158cb4775851876cd617ddc01dc5c5f9c7b347d4f3cd140ca5714862baa726f636095e36cd1eb0b3a28b21f9c96a0d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      47171cf7ba16cd6798c9e30ae6ba0086

      SHA1

      d295f3e1a118596529fcea313f381fb6e8f930b0

      SHA256

      6ba7eaedaf0d2a33facf0316616de5bb458d58bb9ffd7fb2cad6c7e7f2aac894

      SHA512

      b25de27f7756ccf5d381123ee547497608b6e24c492f050670c38fe0259a829ab38f4d4f021a5837144e74e9a46fb11f1210b329d8f17d30de6e22348b10779a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b41c016d34d2c61bcc2800c39a1e304a

      SHA1

      9caba773621c903b3fa5f2b2a167f085859ab882

      SHA256

      e262ed4d786f0af8dcf758121b67e4f01ef8437cf394a4ccd3f1932d3a385458

      SHA512

      d081a960625e9e59d1eae8c3abd6d08c3f9dbb24b23328a08257e78a8ec949bc9fe308678f86222fc8294164668fb277162ac6519010c611474c3c358d6cab29

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cb3f16381ded9379b77844f69cbf8058

      SHA1

      cde1fa171f600fab32c07dd6c43ba0150ee853b9

      SHA256

      d334b920ecea83cfe8eeda35986f0f4abfd7d9bf68d30d49a937424bdfc26184

      SHA512

      d8e798872bef2275f93539dc6ed65b0a128f707c17f6d2241832f06153be089e102ca364fe59c7a659b7f3f5f5ae6258d4c47895f6aa8cd968675f5013a2cc72

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9c753059f7a68246b0737ae86aa7d249

      SHA1

      ecafede9770763e2c42e49e186b017637bae2b7d

      SHA256

      29183b07288fa990f35960780341644f9d25bbb01b7962205648cf2c3b6043e9

      SHA512

      41a4297b72f3aaa28b5a822dcb372056def7fc585e19b633e179e48433bac74604bab51a4945da15c80840742362db959d5ea36378051e605565484e2fcac017

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0e2b15d86da25bb066dc375e6d00335c

      SHA1

      8fbab013a14e5bde5fe7f96566db28aa1e40a01d

      SHA256

      0ee66c6ff005020188a3a56b44e8e548c8b2a6d9c364231036da4e91a9b35f02

      SHA512

      4d676f1f47426a5fb5bdd9c53bbf9a421b86bbd4743a0e501fb587b1feb1ddbb70741d8e9c1c92c56680fe6826e0970602a8e97dda3115c97ce386061ccafda8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      838df83e9b3e2be517f10b9c612edb86

      SHA1

      63a4103a619286ff5e56a533b1e3b0e137955cd2

      SHA256

      d1ce68a0400e19e031eafb05f7c3d25490da563a8eac9b57a89437cfa7f15e6b

      SHA512

      0039735d9166777cfeb6939a981ff30b8ad0429c0dedef6e9b7f1c28806f97a2791e505c998156456ca6f138f6584d6df03c0bb394e4e78ed202e4e395e0e86c

    • C:\Users\Admin\AppData\Local\Temp\CabE17B.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarE239.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/348-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/348-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/348-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1472-450-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1472-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1472-447-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1472-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1472-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB