Analysis

  • max time kernel
    130s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 04:33

General

  • Target

    fa1be5a027b8d5c5af71aa406067157d_JaffaCakes118.html

  • Size

    160KB

  • MD5

    fa1be5a027b8d5c5af71aa406067157d

  • SHA1

    c0e6fb68f8f64014db7e89d7b852c7c7ae1e415f

  • SHA256

    3792ec633b9867ad18d192723403584bc474766996dd2ec9bc7d49f870830655

  • SHA512

    c3df94da69af2862f8e6a620bf75a7e7984de34cf079d91137a093ef84c1ed82035f82f324075aaa5f88c77104089ddf72ac1a8f30e96c8f6e3b951d0c86b347

  • SSDEEP

    3072:i6k208TAqjyfkMY+BES09JXAnyrZalI+YQ:i/8TAqGsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fa1be5a027b8d5c5af71aa406067157d_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1920
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2532
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2056
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275471 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2856

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d1a80a113781f59c4656529d94f98824

      SHA1

      e0c82cc8ff5f4c6b51f710c3e8fdf379904c58b7

      SHA256

      0c263dc44db75c3fe1cf2efc9072fdb0c1f3887d8bd69b7ab50efe30fca18779

      SHA512

      d7706e46bfe9548a8bbfd12289ef313ea87b2b733adfda0f942c3484b1cd5e0ef4562998b7a835f850336e8f2fdaaa705529992f73d53e2643503ce17a5a9453

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d5d8c8f5fddc7fc3beda7bcd93bc9c4c

      SHA1

      b1378171a7085fc081660eca139022e2c41d81f3

      SHA256

      7909f24666b225fc330675e5fada1912fe3c8362ff7bd4bcf0955afb38ea3ffb

      SHA512

      44b86fad7217564e22f87ab17883d84bb48a6fe034bcf2c869880a0f169c9b35a446067b8bb483bba0bdaf13178ab32466a3e33fb3e285886106222a93140ffa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      28ef387b902c6499b1559c87c7cbd243

      SHA1

      970b6a1f378020f1d7e274910d1555041217fe56

      SHA256

      e3c910e29fd90725b3b929b0363a7c5ed5c02da5164b0134ba8fe4451892129d

      SHA512

      835d26e860135fc4402afceabebda169adfdcfadad1b21809469dc70020650465432a6100ecf821cc9630e80ca1bd2f6ecc4d6fca87581b03631cc5e1bc08358

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e9542873c5e1f410b6ef8303e34143b1

      SHA1

      2c85b7f0edc274bc6289b7a824a0b0a542744d98

      SHA256

      63299d744c5b4e2e9caab9eb2d9cf2744c55d9a21ed59b9b5b8ddadb0f4e275e

      SHA512

      cd4ed71b70b93c11669484f402d591d39de98c315b777119e37c70676c350833f41dcad184220509f1de0ce6093216493f33dc2612c93ff01ece08c1e973347c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7a9341f5f9e90fa244ec1060be8719d1

      SHA1

      072feec48f016c64ff6e4e22a6aacdf4333fad97

      SHA256

      766d117d3283bbdcacb75660f295c1c02c888fcd9a6b181c2676d218b0a7d807

      SHA512

      1870b6393c915f36169f8aca2f42225a6f7d86738d27c754f1c5cd1aa99d5a9a7744af3d34ccb4e63afddc7d695ba77b0e280bd927f5bc129c52459505873b2a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ed63c0353a8a1c73695711f4c9a4fe01

      SHA1

      0b7304c94fa3a9c7c8d7b8ab7b4a1ec4bac7971c

      SHA256

      8a437c460e2ee56faa31ce7dd265d790271e713e8360cfea9fd7590a252bef5e

      SHA512

      ab2896319966cf72c84e0b5149573c1166e5a15743f7a4725341f849ee0514defc5269f8b62baba114465781f853b68a04a43e3ab35687d38c7a6fb0f888d326

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f538d06c3329eb230465ed492804df40

      SHA1

      cd24df6b4819f615ef89c993510bfe542573ad54

      SHA256

      f3bf1f602bee1903bb7d986b97b04f2dcb7a4c372531fffdb2149d798f5b2466

      SHA512

      17a367da61d542de83004d8edb088282dcf9f15458a0849560771d15334e28cf8f7ffcd3487f839258b82d219aa2c55a77a8c3527943e45030af45732e6eb165

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e2a3ac239a84c153ca9ea417cba17e7a

      SHA1

      912d880d64074ce79c51f5ea348681c11d7beb27

      SHA256

      3df0767e57db84e3626b9a52b902b1f2e01310e12f9c0f474ba051bffaec8648

      SHA512

      97c5544f64b23dce110a6cd9b2dd4f135f07d7cf6da3b1ffcddc62f6cd53ba7c2cd62dfae8d66d42f28b7ba5d28b58f0702faf0c369393a98b2d44f2178f7abe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      120601dbf4e4aaf8f4c375cb3e2ff72b

      SHA1

      84ae8d27f680c40c3ee1e87bf749f64e35de0633

      SHA256

      b3c877dcd6f50dfbb4e357796e8b3b334d85efad3fd275a92516a8c9b53480cd

      SHA512

      58dc8f5543f7a563c3732f7ae389b29a88a1bfa94805daacd0f451f7c393d8b66a03e584a781e0e33b75c58a351050fe9a7f56906b46c5ac1254a77f08988879

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      43d5d459a8640b01e02a177f3ba45a9a

      SHA1

      a301958fe03330a9e87227b1b6801d338c950a4c

      SHA256

      e836ceaf538f926a00741d673e3d1e336434263a6694c4d28169603ae40c4af4

      SHA512

      e1a5fa35b8d83b1e328d48deb5c00e70e89858accd93344a9ef21d73e0957c9fa0ce39c982306f2d24a64bc3538fe58e1184d501ff99fb87e29fbde8c958b549

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f2e29392026ce8dd22312c20aaacd383

      SHA1

      8e9c928b9a711f85f89258156de00a00ee7f3b41

      SHA256

      1d7ed3b37468b8a6aedb5794f4de8eb5505a5d6662ff2712b1534eec49626228

      SHA512

      c771e40eb02f195a3046cbaceb6ecf154f0d696c0a96f68399ac93fb4602420f0612a09c8c84b923be04c086b5087db56c47b5800bcfb77d75bb7e99e17a6e9e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5e77d130a005ebad4609d4522cf46f4a

      SHA1

      935fc9fee82a4c23bc2ea7f1a282226f78a22cca

      SHA256

      a2a89f8639eeac277a7674fb72d35036fe081e5a9d96ed163b7c5db244c22c4e

      SHA512

      fced48d5b9241d7db4ec53a124bc6a9d67238f0939cc9d3bd14a09ab4f04e5f71c26a10c1543a8db8bdaf566eee4ee3e255d0a7344d546c3125b6cb0df14cc6c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a58e1c4eabf52ddc98bc6589360d3317

      SHA1

      f3d3a8f474a73cc8a148e87a946caee481b44020

      SHA256

      20a3b6e905c724e2f5dff3a5ac408054b600e279ce4768b8e1f277eb3ea98871

      SHA512

      15e41a155a823ac9f1f91f54f4d3b0e48dd523a947e151f18958292c35e645735a9d90781c5fee863af8a9db54c42f9c2e3fec81aff9caa4e4009f895abcf59a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e7d42e3e8da95d48c828d283b74a582b

      SHA1

      b36e379c75071dadf134cbb955c26db62a8131be

      SHA256

      25db060a4e3b93a31a4af54068ebe7c6dbe9018bc6e676e2af2e7235b54f17ab

      SHA512

      9f5c3e1605697ed50d5c26725f6e8b223bdc6301b47f2bf1ec506c94fe377fd1926b3fd35fcb59c540c0a5f94f1c93dd4327234e3c52f55d96fb0754e3ef0e60

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      052c402f8d5225f9a6aa2a3f60fba226

      SHA1

      7620a61e4906e9364e2fe5f49d180c51d5f34900

      SHA256

      22903c90b14a5b149dcb61d01685721548e929a32ab34ec96f0955e20d463c10

      SHA512

      0ca8a9e62734b1c48e7e5d1f33dfe7098d0c9b033601d06b73eb146961cca490927d12806d10ab55723bd5064c4eb9cb26806dfda92393be1e45dd6a6c8fc83c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2907f7e1fbd93152c49e2cbddc8d1276

      SHA1

      de8af7069740cbd58df167d08edc3bb92e68c270

      SHA256

      17c01db8e6b9ad7d6bfa7bff353ddc89340a8cc6febed64b7fd83826106cca13

      SHA512

      019fde34a6ba98833351553cb3ae086e077ef106ef3f4c4adba887d0c6f0a833dbb0aeb08641ae98034b43a159ca9b37f8fc4ab2045ca23576988c6311a54d47

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1cf4ce0e46c5894871ac02b74f9ede2e

      SHA1

      849d8c408cac75844201e3576338b07d63eb6986

      SHA256

      095d096a3457bbb7938d04c39f1566712033ba9074640fefc11a902208e4e68f

      SHA512

      2ae349de76cef272161ef6724f78447c145247bffab808b66c0b20f94103235142f63290f234b55fa142f3c08be5382817897245e8d83ce4b249bcd84cbdedf9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8ef761ef1582aa0348862f2b2baec90f

      SHA1

      75e28485962b3fce39ac9348f47b0cc44e69cdae

      SHA256

      299592af7843f9a3a22c5c30568ee948f7a26c700c527ef008f27b933e098797

      SHA512

      55ce43493b51b6ab34b4ef06750b679bc16ecfa6511cabeb854f74184a5ba2f3178b9f18e8a9027a8c22d9a01777e3880dd2752ea93c043c7891da72aecc9f00

    • C:\Users\Admin\AppData\Local\Temp\Cab7580.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar75F0.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1920-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/1920-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1920-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2532-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2532-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2532-445-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB