Analysis

  • max time kernel
    130s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 02:17

General

  • Target

    f9b5d9f070c0f0a801e6dc3e0f4daac3_JaffaCakes118.html

  • Size

    155KB

  • MD5

    f9b5d9f070c0f0a801e6dc3e0f4daac3

  • SHA1

    ff7ed179101bb11b810439d8412b30be34bc4aaf

  • SHA256

    6c8df4bb6b595ba27739b5311cef0fa643d8401c3d087778519671a4bfc7226b

  • SHA512

    3660475a04f079a5c59c3289ee1cd5508dd7ad34dd9c11da7203d87411191d389ceabb758fe9e7f6161025175aada37b459179ca7d709b70de5be19ef222d5a4

  • SSDEEP

    3072:iRultmzco1CyfkMY+BES09JXAnyrZalI+YQ:iov2F1HsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f9b5d9f070c0f0a801e6dc3e0f4daac3_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2368
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3000
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2236
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:209942 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:528

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      23906ad22f2303f8df3d878766ac245f

      SHA1

      fe3c549714687730419ddf903b39291ce8b7d692

      SHA256

      006aa9c1017c47b6fffa3483d5a5f2d095699297476bb53ea35d578ad77f624a

      SHA512

      d6656b306646ef2a77e1caa75e0e75584bc746e8a38625cf095197b9d0940a5f3d5269145beed1796413573633235e06c1d631ddbfe8c07156b5abaf75ba5142

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9498f78eeec08c29f3fa83df83b914fd

      SHA1

      901f84325af53ab019e746417a821773fd5fe367

      SHA256

      5e799392e07c2fcf8374e136cc43d1ab1cd3d032d0ff0fda0d640663feca524d

      SHA512

      47d171f6d2f227a4a2fbb36e1cafdb06f706b535bad21d27105f59e68b9d945654b9c8fd4e1fcd788aed91875c7e208d1e7058055ce2a237e5f99c98fe7dfd8e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4d7743035d285d8af2260a771732bd50

      SHA1

      2544ad2164fcff578cd6bc53cb75543fe4ba4a06

      SHA256

      0c89008beb3dc02ee39503e54e3ee64c619e94c4bd118501ad6ec50bb4e8667b

      SHA512

      f114d23f8d6e852c1d338373b0555d2254fe251685c2ba4efd0dc1b7fc78f502796b14ad3aafd8555f932c6fadb6daeb8cd6bde97ae5d668f7e6696c87cbe831

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5c096d34a2780f34cf8dd4b86edfbff8

      SHA1

      18160d67d9740629eae63fc949d56bdfa26999a5

      SHA256

      a456d51457d23257cff5c4f51e5117d8346e7d10ff06c680486b1957946e5506

      SHA512

      6cdad58c9869bb03f093e713be14b7e7df4d795107446cdb6784830eed3191fa7f735ffa55799a2571d18d0b96b28b683f64e9c984e5c43dbdb87d115bc146cc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9ea5a54f1fcf194db0c8bd15414e12d5

      SHA1

      3da0a1690923b7ae58833f05edb89e25acab6efe

      SHA256

      49f292913cf9c672f0c8bf1e9ef918d4231d7e4d300cb29c56e85f8a32526de7

      SHA512

      3b0a6a21a37dfa426758dbc7fb6cc86af8f1cf83de85b13eb63563ff0059e861b3408e7561d4fe5c80021e4aff46e9be8e4b55b49a225cdbb8ae5fde4e31d353

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      882b8a5c9147bd8b5d8b85e35260f4a7

      SHA1

      2f97cbeab5c6c9b76cdf2bd4fb9b44b4ef2729d2

      SHA256

      b016545a3aa9cf49f362d9961bf20fc58c482b4d2db8fc78ee930f2420063567

      SHA512

      e42802171ebdb49e1764f42cec4edebe22ebb5c9431a2059f10ed7bcc23c05618b385f12242f129ef2f3912424af0e1ed8abe97b1c067f8f320f7dbacd7fdb17

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f56dca2c7596e71f235650cfec839255

      SHA1

      232c00a36e0cadbe4ddc93cbd9f69d3114051d0d

      SHA256

      0a0cfdf37dc4c66bbce97af17f18bc524c963efaa398cb75270c2d3af7d5e369

      SHA512

      81e9fae3c63a95ad0a394952a4cf938d9f5708d6ea87484c8e2950bb3b88981b73b33bee2576c3b4e1f0ca40962db438195e64e343fad85048ef222771381b69

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      51c3937fd05392cae60ecb10dcec1d4f

      SHA1

      4d6789029213cb7f88eea85dd8cd46cd553298a0

      SHA256

      96da1af74c1a72f299e9805e29f46229ec000361610106c720b1b892957fff1b

      SHA512

      5c6628392f04e44afa2d6dca7b6611894fef8ed4d23fd02d4aaba2b7c617263b94cef2867ead1efa0f22f3bc3892e86643a78611683cafb5ffca3554e4838827

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e5a7d623fa212dfee3baf421d23b5c4a

      SHA1

      84c30a63d175ee700e75c5897be4afa1df16cde3

      SHA256

      3a6a00aff602b3542bf74116510a4b08554f3ddb28ac24b0ece1f92ecb5e14a4

      SHA512

      beca258f083e57a96cc679e1dc48b347b97d045efb2f8e76689eb8e7b19abb349884b4cac17a3e13cd8a6caac0a2d044e92e04fda13ae77cb150a5fba7158dad

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0e08520e397758a2b661782ceb29aaec

      SHA1

      65e8928eaaaa01ed978acdb5d78d81487af4b8bc

      SHA256

      161fee80a387a32fc9e9da572dcb9b0f630d235e349f8b243997c266900e8f74

      SHA512

      aa2a850afa3a08932ba782732aec5b6ce2ad211777f3b4f47aba74f58b4a54a300675b162822d08a0c99907297cc5d31d439dd0d048a550294a1ee3f655b42ac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      327f1ed4b7faa68a8014507890914679

      SHA1

      9cad03b1c33f8ed90301bc79fd8ce3c088b0bcd9

      SHA256

      ad9826529b837abdf0b98d1988f32b40b106719f78871d4f69e7fc6959e9a872

      SHA512

      b0bc6c6ff89a2c7a7be14facac30119db4a975b1ad352239ed82158b11f72d4f0c34bb85239cff72e9aaaeda0670f2f34d62c34e17cb22153a46b3243ab5ec83

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b98a0696ee4c6076673b9c91276fca35

      SHA1

      8fc9800edcd0f22a8195f0fb3f03ff7352be6139

      SHA256

      8087e9c249ee81695692ec49f0a9b97e53918a33f9ed6394a20210d02832bf63

      SHA512

      41b77e45ad78821079dc659665070cbc3eaef888a80526018b4c1dcaf1b5f630e22779af9988cec019ac31496a6d10f1ab6c61b24ccbd708a8136323b5a44947

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      97274e90689bf6df8eac6931c1e6ff74

      SHA1

      5edf66bff9323f66c6544b943fdce533f9bc00a6

      SHA256

      bff00d2c9cf123a4da6b3d8d3b22d1fa5af9808e5e41bc2183b33a5d73cf2059

      SHA512

      aa4d0c0ae887a07a5aa1e284091b452d8b7d2f93d5e3820c45ad83641e3ede5bafa3cfde7b278cb161aa4f8060645dd0d729f3027afdb29a5f1c2747c810d507

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1e10331ab3a2eba51c9f270dedeba4d5

      SHA1

      36ae01ba5df0bf96f21c82643969277d67a63f70

      SHA256

      9b5eb71e73fc7e5bb9f60c485756f6b3d4593e85c1cafa2d97f526ceb4bf3837

      SHA512

      f69f99d373a1410d7e5eac603f28cfc4d2b82864da5cdefac30943efa141525c55305f9a4d10689c5d1e2294e1e3feeaf690cf658a0849c2ea88bbaf53d39845

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fcb02fb55c84e19f2e0bedea7cac259a

      SHA1

      d92736c9df608f49a2e5ab9ed1d2dc542b401e22

      SHA256

      7618b953c7e72b3e2002053924b5a33b807c746070f73b28e584387557825298

      SHA512

      3baef8175072d6c9f22c3e9c01d1ab83faf3a200323dcbcc88130006e54618bda09654e5b1e465bbcbcd8549d0f921c800cb1de0a2c8131b1937b25f44b61149

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a231698d9e8d1b502a5c1aec4a9a0366

      SHA1

      3a4ad73deeff950f45127570cb848efd24629aa5

      SHA256

      47f11cd04acd522f7d9f0af2c46a02cb555282e9cbb219e8d8aae9f52b2ab3f9

      SHA512

      778332080fbe193f849a26d553d4d7475f63dccc6c5c991a1b75612a81903ae2dfd9e2affb3c3788134c0ea6bbdb112ab5edd4328175e71265b6ebf98f210221

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c5092f704e7b7ee5ba7bfd6e73d5a201

      SHA1

      f1e851d8aaba7aed6a925a754363cbb2873aa21a

      SHA256

      f894042fe2c800092ec9f70ae043130f05814167faea68dd2f56336f5981b275

      SHA512

      88655bafbd6f28a52b1cb7e16af9e93a42980eb73a5582f1ff3e2a026182e279ca236e0dcaac1311f3cc11cdd2676480cafd96c31606193efdfe0bd63d10c9a8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a1df80df78db85137c45bc1a8c06e4c2

      SHA1

      901707d079c275bf13197a3138f902d446af4c9b

      SHA256

      f29d5b10d894b484d55b82289d659e0e67d609c16e657a4666da608b1254c453

      SHA512

      bed239197d960354fd78fdccc01441aa8f5f6faac9191a19eac952483e7bd28a3a682a7362de1427dc1bd5c72f163a5703547855467ccfe4c542d5a0d2edacc6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fdf5de0afc81675d889cb20892e8bf6c

      SHA1

      435aee6858ac1bd3d69e56c2a32cbd6fc2ec2391

      SHA256

      d36529f9c9a5399ccdf7722d71137b76e043bfc30551da51bb8ac13704c7f853

      SHA512

      c4e3666c761fd6bc5de44aef9d023649ffa8c9fbe0d49514e307629056a4c1b6bdc3bad12b8be47ed80da97471e4f19f7f03d1e97a76a71be4384f19f01039e5

    • C:\Users\Admin\AppData\Local\Temp\CabD74E.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarD7FD.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2368-444-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

    • memory/2368-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2368-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2368-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3000-450-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3000-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3000-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3000-447-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB