Analysis

  • max time kernel
    136s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 04:29

General

  • Target

    fa19093ab90b6f9762d803efa46f1781_JaffaCakes118.html

  • Size

    155KB

  • MD5

    fa19093ab90b6f9762d803efa46f1781

  • SHA1

    4354e411935a3fa0997d1e2381f01843659ec939

  • SHA256

    36508f85d683c8d7ad94b1601f223c5bb41a1ef2e681efd772bb5319232e57c1

  • SHA512

    5a978dfef9baa33b83cbeab62e30d3debd895143ec3bb67a2c4334eaaf043a239eb73504939ced75aedd55f84520a8e0f8e476e46dfd3d07a5a378f2139d30ea

  • SSDEEP

    1536:i2RTPUxM4LiQI7V72yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:ic142J2yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fa19093ab90b6f9762d803efa46f1781_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2600
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2204
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2068
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2488
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:603146 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1016

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c1113e07ad3a436ca55e7b9cc0bd31f7

      SHA1

      599358c7400ca50e13f19fea1b7959c528f9cdb6

      SHA256

      b5def32c9dc971cc59ac38d781734c9f9c7c73480c388536ec1964345d16144f

      SHA512

      5e509847e44e1c734b09d89bb651a8bfb10f32e77bb30f1cd538706bafa5a4970636cceec2288af1f864bed90fc0551f9762df35a0da9b212d02cf4154f59e73

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      01a64aa43d778aa1968c29be5d62133f

      SHA1

      24305613a0152aeba61e880dd2b98453cf572985

      SHA256

      4968d84935f95da692b7588caef6cecf8b12b889e6239e5b7336b6b1fd6cf61a

      SHA512

      e9d9dafc24e77d9847c950cb3440c8c08a2c9c5d8e06f1b5da66a80eb6d114e85288f76e58388d24902d72720bafdf18f04725a323a4f4af1729b0babc81fefd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      00e746e7a475733043970a0498a99965

      SHA1

      b25cb4f1b33c5322c6233d9ae3d6049194db6927

      SHA256

      f3b83370813efd0e518f005a93d64d58eb348329b6cdfdd76421d1566ec2f9a6

      SHA512

      9bbb04726541a413344b0dad5bb76e2f73bbdb9becec71b74f09b60a74dc1156a38c37a12f7d3d039afbd394ea22c0b0dd0a1a2005d495bc03463d2c92901474

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4b00751a735aaf1515f45196897c4a34

      SHA1

      ee87a5896649d6bc43b64dcf019b0e88124ea8b6

      SHA256

      569f7972098f07b97670f17c41740dc7cc7149c7ff1767be76990c4abb546c7d

      SHA512

      9981eb072878d2b829cb289de2911b4c8946e469e48a99450c6b59fda396af46ef42888b939a5e2231c1d702a655c981fe1609254c7b89e8d6fb38366cf84b3b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a36a602e14631938251f0997b344cc3f

      SHA1

      2a1ae3d47e8fb98adaf717a382f2b70453038cdd

      SHA256

      877ade9e8686d27a7d514f43a178291f7be747a12dc1678162aac9a318ccb1b8

      SHA512

      ef5eaeba14dae8dcc53e07fa9e5525bbee931d20b10ae722d5e19ba56aeaf4deb610cb33268270107939cc8f5a79da1ee67b87226241ede0c90d6b8ae7bd0d0f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a04f2fafcfecd12eb4a34d3571362d40

      SHA1

      6880eba07e914a0a3251403362e982726534fa21

      SHA256

      af3032a6accfb85e6099310fc92ac702b5e23a584354d671350a7286d90eaa1b

      SHA512

      6146988bfbd49e37dc1b2cb7d51c044278d5ff5b23fe6c4bbf18909eb815d20f56aad65f79c76d0690a8b2b171027725bbd740c40b9c3082839ba4ffbbbe3749

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d307a82de6ff0acd44c4e53b52c3e645

      SHA1

      545cae0119554ccd268ca30db5d1d0d9a3137c88

      SHA256

      d9a919ca6a56ed4dde75f87fcacc7a29877eff5e669b04f5a6e495a442163a41

      SHA512

      9cfbb4454f80aee686c4a2de1768a9b54880aa98d479b75679a6d3b9589a0b31d050af9b378a843f5fcd57e51415a0adad3220c169c2b11cab46549d084cea3a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c2e4cdacfbb3d0df9e07960113342e66

      SHA1

      6e4ae391b761406fb97dd519f3af4090ab940cf1

      SHA256

      d3c3c340145e5d1ae65a37a5c86fa7dd9b33960aa334c5c61966dfd466e1485b

      SHA512

      9220ae85598033795d0ad15ad76582bc7c95435245a8722f3173fa8ba3d2f6bf2b148d799ece22c74e36c7a21c342fa90ed62d3829da122ebdb4658867a26d8e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f590ef8bd8ff3736b8be7067cbc2290a

      SHA1

      7586337a622932677102410305a6ded5cf88fa89

      SHA256

      47b814ece0be12e8132432a5f6699207a551f6ee4ab73a7b638975810f983a95

      SHA512

      069c58e1e88f2f393d40ec7d931a6faba4454847e96c0b86025f5a5482e693bf7689a675f3234aeb678a3a0cd095a0c5f6bdefa06b51d2c19fe031127ea46249

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      52170852587ab1bb66a9af74a0510e34

      SHA1

      e7829b6219d4be379383596e3598e4677026c3f1

      SHA256

      137aff7f676aaba7c62cc091f0d316898f14b57bccaab118f41fcb78e97722b0

      SHA512

      3f8e2f4ceb31dd2455b7432e80dea40318c2cc18b78b1a45817dbb202503ab4d4a24bbded671cd50a5aa50a5615e07fe8130c79313af60e5532a940ef51d1308

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      321ca13b657f8afe553bd19ece9c9d4b

      SHA1

      4b91d90ed6e61ba3670f0bfca7fc57fe155cbc74

      SHA256

      5b388a3f8857245a25047e3cb885947e4490282d36ef0e871a29742c59ba4511

      SHA512

      f18db5c829290bf7f335de993f3f0fae33409a2f3e2fec7514a58a36a4dc54f6356de6446c152e27da968da4bed7f0198c7e113361502162d275ca5ff017dfa2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      27c6a2c9da91c10487672bed2790b3ae

      SHA1

      a791295160866131fd7255b658d064ca02ea197a

      SHA256

      48cd5d2b3f0e8671ecb15bfc49b7c6e319caf64ef67ca1dca8f8a22aa2997ef6

      SHA512

      9e75dc02a8aebe2e5b5d01e46cc089ad132d0287795469bb74202a94c7162f4dbfa9989b9e8ed370d2b47a3d5a7350fd11d5e16d6c31c57d0e22ec6a7e5e9e16

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      882edd20faf685066acf27dccfb823ab

      SHA1

      b2d3f198196eb324bc90b9b4eaaea2a2c410c079

      SHA256

      4025ec8149db69a194a6ebb0318ff0a544f8fc3c9b727159934b26f430380352

      SHA512

      00aa8052269ab24da45f2656afb521a3e380fa0932ebcbd6fd3616f9a3d6738120c93fb2f7e94c610f8ac5d771ab0f75708a392b4923c3f95e4551840bc9d94f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      46aba64602f34416af8eae1aebd42ed7

      SHA1

      7edd5c17254077d53943c653f49c1b8e724e2d9d

      SHA256

      04602f3f280e980bf7aa5361547fbd8358560e6c4d5f276d3b6f26d09f9e39c1

      SHA512

      66e27b17b829a6c72ec9b5f25c7d0cca5a67dbcc32d239b4d1485bc4cedcc4ae3a0efce2766f15c20595d3996a68d86b1a13e57bef429defd4ca5a7c23655694

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b2255d88d2a0cc894aaf23e130f50402

      SHA1

      bc23e5f8050108ad2c1c6a3b8e907d85ba77f5bb

      SHA256

      dc09f9d401826738024840d590b06851d3e3739e584c27546fd62ebd0ad79975

      SHA512

      942db10670872ce45194b557405cf2dcb5248d360377ccef8f43272f9addd0ac4dd6eb6df4ba87a6a76e438916a7f23b79b633a7d23955e119f64ff3ef066d6f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2abcbbb8c0dc32f40e26a739fb708d17

      SHA1

      50494f065b52e161058e266f59810597a8a60cc2

      SHA256

      64e22b8b8075b6dc101109beb68140f7e0155ea3249f6dac3528fc224220bc7a

      SHA512

      eb33516f95fa7f9bc533ac77e0f2441bd1eb12d4616a976053c37b9135758f0466916e5f7297bae162a49d06a6438ee8fdea704cec4a609f9f81ab5dd80c3069

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bd434754818a53455f66cf6b1853185e

      SHA1

      395bc712843fffd6285ac4d66f4c878dc52ca048

      SHA256

      576c6e25df20c03bdecfdec464b3374bf9f7ecdfe685fdd3977248bc513c706e

      SHA512

      50c9bc24bae812f3bac33643712cdca1551734b981b06574c22f151c74c1c1f869568c2b44fd7093186fe3aec2a8270fc01a450086b7692b3168cfb3a0b2c72a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bafe5d457cec58b12db968654b25ecef

      SHA1

      682a275070b7025e12ffb8eeab27e3607f2e4901

      SHA256

      f25d1d634144259f999e555dd29314512d14e0a6ada36476dadeefb483cba303

      SHA512

      382ba5d7ba6abb99f2c0cc5da4cc87204ef22af6b0e3744984596bb718821edadd0f1080f67323acee76785eebe6095fbf66cc304efa3e68650b619fab9ffd3a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      680a623a610386ed186d31f93786167d

      SHA1

      3139fbaf7c27ff8e8c5db9bf46ae83733d5dffb1

      SHA256

      6dfa833f350bc6b738c297e557cdae454458ebe3382a7178611d90bf4d0841a6

      SHA512

      107bcc2d0b422b3e2f0e496f3d082c1f6cb82cfd0907ebf350edaf1c5b10a13b92ceae9414b423f17d1a42c8be6605c57522e249517f82c25cc527d0316604f7

    • C:\Users\Admin\AppData\Local\Temp\CabC073.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarC151.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2068-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2068-452-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2068-449-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2068-450-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2068-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2068-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2204-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2204-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2204-435-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2204-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB