Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 02:57

General

  • Target

    f9d3c50fd15d1331dce2908486124bc2_JaffaCakes118.html

  • Size

    119KB

  • MD5

    f9d3c50fd15d1331dce2908486124bc2

  • SHA1

    7215efa95b9e467fab645215e419e9975f99adeb

  • SHA256

    ad126eaab087e6389e486abd116684da1152b71b447a111427ad3d5e19a22fe4

  • SHA512

    ba416984a13989a325621738d65f636fcbc8ffd70792290d96624b12874bfbda02d6edd55e0184e96eaa927f8330cc460506a7511580126d081da1af8c149b24

  • SSDEEP

    3072:Sv9pUsNH6yfkMY+BES09JXAnyrZalI+YQ:Sv9pUsNHfsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f9d3c50fd15d1331dce2908486124bc2_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2492
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2844
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275464 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2700

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b560e75ecd29f0150e6e3b3843248114

      SHA1

      2d2afdcf053024f1bdfbd6a5954fc15a66328ecf

      SHA256

      7405b9ee8f6164793218a6181db46d5a7ab9e59f9052dcdfba49cea9110b23e0

      SHA512

      149d2b6e681d53726c853cb96be1d196bcb29b0147999b1d0a59b0ee47a925d93571ba2ebd65e3f1092576b9517b768fce223894282c641e8eb470d4af2c8fa3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8ecda6e5241c0a2ce309b39a5810f2d3

      SHA1

      e97fed1de8a912e8e61e16aa1bb8c14d8b86ffa9

      SHA256

      2c1f2f3b72dda0c4bfb92ce365ac885ab5910a5f2199a6460e7284b9851e166f

      SHA512

      7ad3db698f7304409fae93fd61f76173ce6abc00ff8b91a808ffe1977c1f78295641250a9db03526248ff3459b28e7f487bb32612aa7820abc48442be01f8f58

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7deb37af6a5f0a572f14f38d73525ee9

      SHA1

      649430c6c902bc18781e98e464241a5334070f45

      SHA256

      3d4eb245037aa79d35b36b84ba65f15a85ef6a65e5035b9c1d677cd7a0954a78

      SHA512

      068f3185594d20d46a24e400bbe2627290d5a38a41f33391cc028d3d7186f14e9ad44eff1c074cef9ee7fe4f4ecdc24bf0c2e13f7c616f37644536657c52b329

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e63ce9d7fb37877b22a37e259fc5fe46

      SHA1

      4e82bdce57240989810963fcf8f44fb086faa959

      SHA256

      a66abf23e3988b6daf174db3c315b0993ae415a1fc1a5a403409299b67712854

      SHA512

      0e512d2666a0635913075105d8951ad338ea839f4d442ad06bd04a4fa2269c569487a492c7bbf8c4c1b757fd24c2f6118a739abd72cc8f50cab82e180b9dd919

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      118690bd969b42c630a1e6d7fc5e30f3

      SHA1

      ef02ef127397583d30a5fb031ee703a6f9d7cbc9

      SHA256

      14254020a7b24622623d1088eb808c8475c1475eeac4b965df1761957f08bbe7

      SHA512

      8b2651c7ef7a93c8c5599b70ee18fbe834ef3d04d019f7c4cde420641c09372e9b456a00c2769b9681c68d73d600bca07591a35c44dfc76e3be59c8332875b4e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8b27b17aae8a55514e55cadd4bd3f2bd

      SHA1

      329ddc7432537fe8afcca869800fa684d43d6245

      SHA256

      480da5bd6ed3ac54e3964c1dfb20dca24298f362758a4d76ad8c92fa06977d64

      SHA512

      0a1839ca8e9d3f7f8289bf3a6e899e03f970e388361dfcd21982096008881b09da9b5022bacc40c3563d37272d6e7841a9905aba4c06df1834b30623030e1e11

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      826d18ad2ae67980c9a817c0d3c5fdff

      SHA1

      0effba8048af3698492ea19efc6dea4c00fe73ed

      SHA256

      0da984168c9f82fbc0f3ab5a7a43cbb6eb02f7a06b596084b9d1f1a115b1a814

      SHA512

      99e461512100988ddf57e5e22bc3bc9a0f06de6d31dab769795c810c42c5c4862575a2f66a39c18380af2f24255c4b1477683e7e54760eebae1652bbb0caf049

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8bd65fa47afa1c37fcf7a665e3886430

      SHA1

      f191b4c3575131ca5402342b11a119151e9ed966

      SHA256

      49707b313d1105f6ad2ccd115481f4f26f669b27ec2665bf1d6e6e716942a1c9

      SHA512

      a8709257b4341b3cb73c9f299a5d7555cc787badd4ab2f1f3553ce67d97b32d78acdf53ff3d51f82934a6cccd321b803c372274e195b110f38ff0241a01883ca

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      62b3a87f0b89d46ed6e03ac29825e998

      SHA1

      f152237514076099a59e586559aea93b285c0518

      SHA256

      761cf231b0daa03b8d187ecd67a1aa521454678d749932797d1c209d57607aab

      SHA512

      adac9912701c784f1f9cbf51ff2f4f9eba3f59a52b31f5856eeea7889ac13b25e9c9022b01882b60ce4044ce6120c49d9682379a4e6841aa79a2dbd0cc4e35b2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e9a279a1c87e0776948b731ff87e51c6

      SHA1

      4b24705db311e05de23bc29b377f68618fae9a49

      SHA256

      654b1fe8554fcb4d78bc40acc9d46764a12a761c44ec8bc59f9fd67f9fd57a92

      SHA512

      0a9763532d71139454a1ab385928931426ac63625e9ca02e3d1402bd2fdc3d62d25b893597def274b7328fe85dd040c45fc2f86c867477cc4e320c45c69cd8af

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      48a01c47202573a0b94e2f5dc1a3fe5b

      SHA1

      914293af0203baaee551262ba292b4552eba0754

      SHA256

      f40e8b2c35834b8bfaa964a0f151ff98f4a6b71b13d0f946e988d17521021d27

      SHA512

      40635d6688d1397ea587879dcc7a63b3c0a18d570dbeb16ed00c906646dc0b827b418b44be61338cccd006283486911367af435e0579da55d763122e5a837971

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      adc246290c7e24a6dd26d4b901ed0d87

      SHA1

      3c7a2ecd5dfe4cf59747ba71ec2eb6e090998bd7

      SHA256

      4509762a11ba61056bdf85e77123405bfed75aac5e4da0e67147462337172482

      SHA512

      edaba1b962bd242946d39483f3efa6fa4935edbc9c1853f139651862f0b14e40dd319140023f491804742db3cc3769d9d052aec5ef18b6dc94a7c940dab137f1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a3e6ff2734de1a36bf3066884e77e5af

      SHA1

      a46fdf81f24fb07b71d4e484cff3fc82ec55cbda

      SHA256

      1faf018c581509902d7c2bfd0b1d193b7f71d989fa205481c0e5b00d0240b48b

      SHA512

      aa24b1c98fa39badd4727fb1a790a7c6be96359f5e540946978c44943afecc34be14b629ee3bf1873c2fb99d78fe47467c2fe121a7ef8d0393ea2009878d2b24

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      83201299630cc1a3fd45d50a86f4f981

      SHA1

      36ea810798f7e23e753cb795e48c74db3eace1fd

      SHA256

      d7d86340391bcc6bb62555f2c9ba7162c4998addae2cd5b924dbd473ec0160ac

      SHA512

      918f454e3debe443402854b057875652256807c3b81deedc76a23ca0463a354146cd082a5a113c88348c4a8ac48db97e3291d360e2a7585a26c7b6cd1494a27c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fc688c381eeea39ce5777d55235e652a

      SHA1

      dbd2e192396c6973274b3d34586012768e391290

      SHA256

      1fd88ec2b409506d96f680fc34dc0528f384f81a1946b0d628b3ab6ab9b74b43

      SHA512

      8649ba2ef9b5be531e839415551e98f4b12fc5c27ec6245b542612513d93f1be1f2dc1394477ce9309bb33965083062f1ea0c17e3dc4c4a51a2d76ba678ac533

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e8b48a98d28d73c5139d5273a7b43f62

      SHA1

      1ff167c8b9693d6a3391ace54772199749ec6d7d

      SHA256

      57caef706b98d48e2437597221832e0e6878cd082b970887109f48202ff46a3d

      SHA512

      0f3fa71a1fe24940d121544b4ff0d06509ea5ebbb928e98e449fecec63db111ac41d21610cdbc3dbfec3b0ef57e54cbd527d912c12a4ab72f212e82667042292

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ae9f5404294b895c0cb96be948d6a7f5

      SHA1

      0f257568dc60750792a2afbc8c1278a4166757fd

      SHA256

      0d042fe83fedf46435a84f9044f6f1e8e92c27e2df0e3efc3256a3f5a50a046e

      SHA512

      db33fdddfe5cda8ab04ab160c302634abcfe61c49294f5e451a7ab2bbe10b766680d3cf2394777dafebdf6ff8f164ed005b7b692fe679ad5d07c61ea67ced215

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b367780ff756458d407b4010d823c18e

      SHA1

      c5b45c27aac6ba5fc958d8ae6a2e38eef38fdf05

      SHA256

      7ce53a03398567bb2010867f42b760cab40e11edaae87bfef97d7d0e5aadd75f

      SHA512

      8054dde47ad9ea188a9e8203c763c5dd49d84864837ce27152b418b8d344b78e51d6afaafb1e74499b121bb8dae742b0e4ae0169b7d326405e770e37634f59fb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      834ef264f828228c78456851c6d7a495

      SHA1

      458d511c257bab9f182f8625e2995f15a1e4ecef

      SHA256

      7ebf8162b5a35a25369607972f22728950f33bcc30e6d85436c402ef9ab08a90

      SHA512

      b1c3585ab6378b4c042fc4b1bbfc26d782218d2df621f68754cbc37aa7dad00042cf4a37e571e386067f09de812cfd5443c7ffb129e1009fcc22e35d59b2d49e

    • C:\Users\Admin\AppData\Local\Temp\CabCA82.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarCB31.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2692-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2692-8-0x00000000003B0000-0x00000000003BF000-memory.dmp

      Filesize

      60KB

    • memory/2692-12-0x00000000003C0000-0x00000000003EE000-memory.dmp

      Filesize

      184KB

    • memory/2844-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2844-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2844-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2844-20-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2844-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2844-23-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB