Analysis

  • max time kernel
    138s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 04:26

General

  • Target

    fa16c2f3e5942d40132719a4d2277fef_JaffaCakes118.html

  • Size

    127KB

  • MD5

    fa16c2f3e5942d40132719a4d2277fef

  • SHA1

    ee6cbaa6c06468deb20dbdb2ea25e798970dd9a5

  • SHA256

    be912224a74aaf2a90c6e9b690cb96d6286795a70f3e216117bcfdfd3f40ecdc

  • SHA512

    ef874d99225b77e2472b9a47a962600a40a14072f9d5b5559d045ea89dc0d9319aadc47ccdcb338d685ab6184ae7e7e16457036ede0a13273f500ed03c8c2fe0

  • SSDEEP

    1536:SZPqJ4hSyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:Shq2YyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fa16c2f3e5942d40132719a4d2277fef_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2292
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1660
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:544
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:472073 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:924

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7e7927c57cb8ba338fd173d33281a038

      SHA1

      da2253e97a176640d8ab36582cc30f9306a86bb8

      SHA256

      9c33d7b27f476525c1e6a184fda20c85239266f27eb378824cb1c7f76d89a8c2

      SHA512

      7d4201a0c9385ae7b0b2db88b37a8c3e3360a7f165868ea12ef858af838e85e29b663459306f80183e13dd5d903e6aa5015c73af8749f258be4fe56c854eb7c7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dbb241698c1dc8f3c684e504ebded29b

      SHA1

      db35acab3dde0b26d1513f7786b3c130700920c9

      SHA256

      18788065f4f6a7b5eb553e1a7bc110cd89ff55ac280be8f2c38cae6771145903

      SHA512

      617e287213b52c77b41d8ec29fa2d95fd09cb53017f50ec98fbcaed923be9a58395da13dc3499f788754da375b6362657e241eaa5212e5359c24366b67db81e1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0345dfc9704a5cdc62777cd86d8afdde

      SHA1

      ca82cc58914646f3225a276cb2c689ae4d1db33f

      SHA256

      19fcde7bae7f4293ff9f719288c15b92ea40dcebd9d9ba69e07e3aae205dd177

      SHA512

      14e1444c9353e36e38a0445459813140a943708f52ea24b1456549b37a597100605a3eec2ba8063bb98f6459c7ea531550634b15c4b575067e42658b505b100f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7f675a80a6650a7b3d78ecc730fdfc01

      SHA1

      f9f5437618b0209e40f63ff7ff6067e31f69bce7

      SHA256

      40ccd4c3d6c12bf25ddb9b99b11d2da34867a3b5a7dfe810be9218f971c63025

      SHA512

      6427a7236a9052bc018ef28c1f8f8591f278576ba581f2819abb5f6f678d165ef179b147a2563abc1a3af89eccb6b4ba31ff70a75b8e80407a0fe41a03d84d4b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c3709d0df7be752541c1f8d2c22cdd11

      SHA1

      91c4e0d7f1c00a40bf9b60b3f5a716ca8f2ac259

      SHA256

      2a3b15c317734fd1168ab46b462152aee7c4678ea8968ea3401b42cb5bd9df05

      SHA512

      0959d599e34deaa4f77f523c95716f577c08a83e55538925bdfe96cda3ed230e809d6fd7ba16ff60fe8b2ca49e64c1823b6ceaa57e8fa980486d97b81c2d0e7e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      32c22c9baa1d99fa18adce09cbd58419

      SHA1

      ddda8ccf62a49d14aa2c4553fdc09f5f16dc0984

      SHA256

      cdebb8fa17040ab8a76818a8927def2abbb38c0ded81c0b14cead59990521441

      SHA512

      6d6011c346aa69db89dcc445a1b7583b0a572d1c00c9aebc85194b6e5badd9040091d2d29153fa4abac9c5b65f41590cfe92f27091d6c116dede9d629d82ed20

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e1b1296d23b9235c8b73af8388f6ce23

      SHA1

      580216824acb6cde80986ed78bab3c9557742886

      SHA256

      dfd6d8c49d9e241e2561c83f3bc35eb034db3ed0d616baec90b166a11acb1655

      SHA512

      7775722dd84b8210212a5e2acc8949e0d741a9987a3c2e866b9f043001bd2fc3de10ff77833b8426c322a6331c5cb7c671114df47c4281a44433faa50fe97a67

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b9802cf3a03e6402641d5d004d867318

      SHA1

      a00d8a84e73a3df042bee3e1a5c27ffbd5947a98

      SHA256

      c3f896c2f82a2549709d2aab292ca56ae971b7c3ac65fbf00e9c4a9eff077c32

      SHA512

      4b7221b9e4f1091c2660bbe71a50a5b1f8d27dd6e96d76109612be15cfd89224ee596d2d5cbb397e4b9120a8979cac5ec8832722197cfc79c49aee41b4cb6d31

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4ca74c03762f11c8f0fd750c38727389

      SHA1

      fada6ca7da896c2609ff0a9986634ce9e120eb74

      SHA256

      8b302da66fbc14b5500a9c1fa1d608cb8a0bc71f81c58ff343b20d171e5748e2

      SHA512

      0fb421d5082625e6a844a73562f6ea000426f17f7b050416232430933aa9b69466da5fd2345e67b2f37611958cf90e689b613383d60774b0a7a2fad62236adb3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dbd241f70de4dfc0882115eb37966785

      SHA1

      980d21f231cdb51526875be8b8289c97c15b7dc8

      SHA256

      52e265fed12f09af226c822f3986e8302c563e7bc211fc382e6a8a2a5273cb06

      SHA512

      7c9c358ef3c057cc63c1f4ac0f6fb4f8959d3fb5a2736ecdbc4ccb9db6c7448c341771f7d0985084c928ce644b7337a51193cc3a952c986449ec2250f20efce9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      48b643ff3895e82ec5f570d519fb038c

      SHA1

      44798afd626f296c3fdf168f03d31921f8eb03c0

      SHA256

      b973d5bac3c60f4f7cc52c0adbdd1e7ce9c87bcc9a8ffc3b3210b5dcf66d705a

      SHA512

      96f3be5dcc35f748a7d3d239cadc9e53e9237d3eb057e13cf84a512f42bdc9a9e18dc37f9dd8ecd74f8157e336c13c2f9eefe9f3a154be8765884533bd853bc8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ee18e4efc35f6cecf412ab2d468bf0a1

      SHA1

      96dfe8f9301bd61ecf74a78b2adfeecfc531836b

      SHA256

      299b85a8181d1e798593168886c2cee9672dfae6ac7b7e04a4fb692e11ec96f9

      SHA512

      5eea635b53c6b1a5857f2c4caf063b971a17c3657682e7e7c8bc8067193734a2afdd1e977fe97eaf9c2e38e192b96f5e5e82823523c149b43035adb005198da1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      96405616f46faab91cd04eb0429a2584

      SHA1

      a42030d1e8fef48d38adf74dc7d8570d645a3efa

      SHA256

      88c6b6daaf0797ac951e4dda684d30db8f7d583f5d91d02b7173daac0bf8a04c

      SHA512

      d3816d27d690246340a205baa27704bd43ba1cd878585f22d98338f7e4578c907eb39a16bb1adfa2f11338b9e762487e0d2175e40590c5bed13b420727fbc213

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      71ffb1c6c7fce1bce17ec430db699952

      SHA1

      9ccf730a9749888159e458635cea80fa668cfafd

      SHA256

      36399cd88b4ca2e215e0c09a3b74f76e267bf2b8ed78ce12422db27b54df332d

      SHA512

      32d4169f4e08c7aa833c40ffa5754bad3cf8688ca455966866256aa6caa0a28697dd4c4767f5ee3606f39f4bbda69e369ca1c86d60f18c1705930ae031dea437

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2693222530e6655ad5a742cc2e1d4909

      SHA1

      648bba3aa6354552612e818522bee1738f5dbc9b

      SHA256

      bc7e06dc94f45327b56934d2b31ef9a17db4ab8a4ed0586bfb28c2491d30c214

      SHA512

      28b93ec9dff5508e9b0e6f0d58196b0dbf5d702b33d2e4e5471b14e3782416c82cbe0d6184fe53fa9103c20dabc4c3afd416053266dbc2e36204d5a53aab0260

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      944deace5c59ff3c2fd64f9252b46435

      SHA1

      c70e62a92dbe1a0dde91694d090c7ff76f7e7871

      SHA256

      3e9612fcbf446649c21c34fa160bf05c0610d2f56cd5209efbb8970f739f0181

      SHA512

      c0ae571d9749c6c8e07edb8b47c2e973e6fed6e9a94f3c2f2aad4d41b7d7de1d9a92557bfc7823375c44fe9bb4d95e09eef400ecdc42dce1b14b1af4abaff9c2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bfb59158d5ad9113ea85ba2ba4c52f34

      SHA1

      e4d5afe9c75eaf0427aea6f5371b55f6f51e50ba

      SHA256

      c77c549d5e484955b227d4ab1684b6ca9f090025ff5da5eadacaf0544d73396a

      SHA512

      f4d3a9ea7ce1507fc8cc2f2837fb208a9e34b22c7d42a096911970bd0e6c51161e8c381589ea8333b655c39933e9482c0ff98af76a5bdfbceaed6692bc43033d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      50624747828bebf9af68178d3fd18ee5

      SHA1

      3bb44614d8a62bf9d5e7f25ba79d28dc1c6cb819

      SHA256

      dc8fa943169719700939d6b6ebbc3347530d896ccd22289648c591d998f7dd27

      SHA512

      88cb788b022c61065be25971bf3ff9bec0fd59b250c67873557be7353519672ad911d3c848d5c115ea855016cb6ee0c8c8d265152e9da95de771696bc865b134

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      444ad40b0dffae7762f3271a93eba1d4

      SHA1

      369797db91788c24d35a507f3c0732d303a53356

      SHA256

      deae327c89b77e1acd79c24eb9350ce12b7b2e56378486a4691dc2eb57202038

      SHA512

      b5cdcff669179e4d00cc441dafea131e0bd45bb040331bda18b95ed92230e6485aa1ee5c03f15dfadd02f95d57bde7ac2913205794796dc486293acd011a31da

    • C:\Users\Admin\AppData\Local\Temp\CabBC4D.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarBCFE.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1660-447-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1660-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1660-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1660-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2572-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2572-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2572-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB