Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 03:50

General

  • Target

    f9fac7ac7da00552310e8e1fbc5f0855_JaffaCakes118.html

  • Size

    159KB

  • MD5

    f9fac7ac7da00552310e8e1fbc5f0855

  • SHA1

    368492a016ef92d05f81dfc9bf168b61afd5f275

  • SHA256

    fa159f3d5010f3f8cc90586d6f68aceff0e5805e701380f221e094f7c010a9e2

  • SHA512

    a7e3b58418e101b40e74273d93e97a8dcccb7bbc9ffa97a2387d31267cb383c4a613fd3e229eea426bfc0a1718d31f0781da5d7f025d480f5dd3d368f44f1ded

  • SSDEEP

    1536:iwRTvkacvQM8I/bp96idyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wee:ialQjdyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f9fac7ac7da00552310e8e1fbc5f0855_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2640
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2764
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:544
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2456
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:537613 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2508

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3158980fc222d5f6f7a29e853a03c42a

      SHA1

      a18446630140fec75213c1efd2e3c1fe6bde59f8

      SHA256

      0289f9cc52624850d32fb18e8d526f524930124399d8b542728f3f06f8d81c2d

      SHA512

      43ae7ce926355ef01f39118f439adc35524a4addd5c8d692eb2d13349b6211fe88ac4d952eec0b5ed6917e44629262d5a1cad1c5910605fc90100188e7327959

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8ed63ca226472eda38fb85c5a67bbe82

      SHA1

      f0f02a00759fd8af738160f850b1841b6e968a9b

      SHA256

      85022faf88187d23f4b063b5feb47f979eef6a2ffe0a104de1fd89ff486700d5

      SHA512

      6ca68bd41f86769088d96aaa1b46670f260e4c21e8e227b8ad927c608ce7fa7e017e8b2dadb40eec6fd88c5350049055a99150de21e9e10c4d6fb3df075f10e8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      498e4dc853049feef70ea6bfa378f2fc

      SHA1

      7f7ac394979770696abfb1d00e8ae081e797d910

      SHA256

      698f6eb6c68db8c788474c9334d1dccec33e3e12becf3cb2cd33a3e1e8034ec0

      SHA512

      02666608253ba90f1fbfbf5344d8c154a856cb357d1604da816476bed6e4e34146fc693af1d49c942419c2e5228f6137fef9cebe6e68ab7c45a358876824948f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c1c2b448f32692090e4e3798e2e3bed3

      SHA1

      d2b5dcadc3c351c3c692aedea9eafa7e55b2b0c0

      SHA256

      66c697db1750b00fff78d86bac730cf8b004a010db66461f8e406ef635f2896a

      SHA512

      fbfdcc92e35c4ba6200b99d31fb5cacbbce87cc01c7b2ff8a4bb875563f5172181a86f3f68b83e5a78f81d54ce2654ed0f8b0a7f367f0b7aef01bcdf5c562f56

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      730cb597d0e31deabff59a49f21be595

      SHA1

      f28ac7537e89a722099e08898e0d8312c4dbdbd3

      SHA256

      c13a31191cc0a8cc41a724d25964bf1b2e055a7997a0c8533901460f10ebefcf

      SHA512

      f03acce47a815dd0a77fe3c8367a4bed0e5baa6c7c85841b1651a690567f931434b17db27ed34a889bcf35484698288059b9948d1f86c98aef2309a89ae83232

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b2a74cdaf13b316c6c0938ad6e94423d

      SHA1

      b2f1585eb7d26c7125b2e076588b594dc2fc799b

      SHA256

      6b01ab963b605bc4e1da2866e5cb7b0303ff6b752b0fee56907b5509c5d77e37

      SHA512

      7f3dbed4c6822765ff252558d0d63b358ebb964c0ea6b24ab0e8c1ff2810c1c1a9ddc05ff4f76f582cf9bbfe3b7dc8f8b7349d4abd3a8da11ecca141aea4a0c3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      16b97203900c149f36c0a047c28af0c7

      SHA1

      2c2bb74c2e9d75c09d6493307a42033018529611

      SHA256

      af59baa03383009f4585a00df8631d7e8eb425cb8dad06bbd2e7506bccf680be

      SHA512

      f74ff68b8e762b478d7ea9f78e6a1277df22a92250c3f8d1c943e23a490541cfe5c6385178da295c3e180e825c8791f7602d54dfc1da31e200ca77f751fbbc31

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b5488415c68c8f982d3f7502be7956f3

      SHA1

      c3f1f4a9994aeabf217e408165095901fdd93f4d

      SHA256

      70aa1891051e01ece006827c934c5910ff1ba11c56ef44d8bb96840022c1fcf5

      SHA512

      5c6ef068fdfd9dc24fe2fb5019e62592befbbc52cfd6fd3e95098f53fb1914a8e0178da6adbbfc8143f889398bdbab1f527520463abe80d357952a7371542ca0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      15b37e0edb1997cb4946c6777862913a

      SHA1

      8d34c7394cf7ea479b176dd431a1268912ea32d4

      SHA256

      2add90fa99d6b00cd3a1e613e766f008e05833fe068fc368404f55190013dbea

      SHA512

      782bf76245cf035dca6de599efe3162f7310df188eef512011ecb512723b4d9f74d8834ffca6759c887f9ccbb220210321a2f00c8e9fa0ce47005aaf82504b77

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2428865c57e3391ca9e2a101d2eb5e2f

      SHA1

      bc809d6e9e058c5a841eeabec9be1b61b5968642

      SHA256

      2e4de8d38b464adf72f11299b927d999d1bf719cd2f34efb6b649ec2ec699b7c

      SHA512

      86360a9c9515ff3439acbc1ecbd12a9c8869f53f5d6f4047d847278eff571bde1d760995a6bc0eaf3616adf2ec9a5b642af3a69acf2fc5ed822011edac18a233

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e7760740dc6e53978f2f1848e9b1579f

      SHA1

      ef1bc624ed68cadb8b415ff2c2a6f9828c82bdaf

      SHA256

      098ebb625ca791d31104bc59425522c778b654302af804ccd6cdb4d5a6e1d2ec

      SHA512

      fee44967e0251c1f9988d8b49d7e7ee99e6d3489137a003b29386c89f2c6301d60c2f7a10903a9b4747934c001152e144b4ea4431e6cd046504bd15e09b76d32

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eae459d66f7400444f022ccb475c881b

      SHA1

      b55de5abcb6e5d2ae6b3cd45da383a6ecd543342

      SHA256

      f07aa69a7630845f0f6c069ec712ffb88f7f2520c960f65ca666cb37e23d2a44

      SHA512

      61724481713c36bf33f3f21cd9bc61ecdb91a5da8b9bb9bd0333d4505fbf85dd3f1a9859557e41e1356ba8ab2dcb47a9a6957003be6b6e61970365e9b2d5cb30

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e3152b57083413a920b5bd2274146ff8

      SHA1

      2e6d047df18ab06711469f3acd3c0775b1e70952

      SHA256

      0af41d5a4d6cbc7c8260f6f3ba2bda72280f4f3950160ce71460ff532c2bea21

      SHA512

      24b4e4c0c1df45042f4fd2dd47640f67bdb1b4c136da63c4866f0c4940dc8197e1b6988be6fac6703ce6464461ba1bd33f6bb58484ab39870169a06cf404b87a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0135f265b214b794a70583191e4c2a62

      SHA1

      fe1fabee68ff351c71b5f3d96b017de426cb6538

      SHA256

      80f9ceb4ad0fec825927cca168146455718801917f6885c5dfd97623b33cc586

      SHA512

      28a81cb8ab08648cb73ca7ce4dc753f458b63c92d45dacf884b08f30ff4d2f3a8563e772e804185eba6a8d1fa44d9fc417e78583eac72c691bd1f6f6ab9d0632

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      354d3eda8b0183fb598732af4ee036d9

      SHA1

      c990fea71b3488695087d0d163348651b8788d02

      SHA256

      a3ed8c9d4174eb8fc068b53c52d2c63857b8fe971bc3efcf0705c42134c1df27

      SHA512

      7c50024795641e738852929a3731d5ade19ee3268cb7d4055a0aa53437033d5b242d29de47728ea40a30d68bffc582e0a4eb1eb47602b311f95dc0e1da9744a4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d932fa2e3d31b72e3a508185b4571b56

      SHA1

      aebdd4380ec41bb052a6230addc27fcdf5a7cd1a

      SHA256

      c3301dd57c62b57da289a9505dfa113a12953bc832fedd33c28d962581b77359

      SHA512

      d02d2b1caa34e8de79755450e8ac491498cd1f881a12e21ac375c115315be2c6f69780a0dcd86c08ba3fbef580f3ca0ab87f1b4477865f8e93f3773b5523accf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      52c9a40f810373c807a5b7cb576f712c

      SHA1

      573a768f0f762060965e89676a5abe6d2823f903

      SHA256

      b23a62f82b4ce89deef3846df9a49d071b4e172f747f07dbd2b344eac24512dd

      SHA512

      33e6b5b35f558d44a567ff154898a753c273545b2056a27c97ca4605a3e68a91b15c9d795df1517a89590a7a00b04c8304dcb8391e94963a59b18e53e834e404

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a8c6583371a69e06163c6c6995026e5a

      SHA1

      d4301adb61df91f1ddd8692ec93ffc2e863c122b

      SHA256

      3fc3b7d675b7b8d066f37cefd30665cefdcf6b3d500e103a28bd76fe70646d7e

      SHA512

      bba9f8627e35eecc645eaa7ff17c48136c02a792e769963e7f20773c5276d8e0e61e82649911058ea3413889a1141c23748602af7aacee1fc460b44a2ad04450

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f0f6eb5240919e85f0bd9e6428b5c7e2

      SHA1

      8d356801bde6ecd52ea649d29785c13660c6ec1c

      SHA256

      607055d144e576fce4ef3e8c41f93e42e06ebf1e9809b1e490c75b523b3f6e7e

      SHA512

      2dc74f2d3f7dc3c53ba92b755f82b93a3164f76e8ac3fa9986734db994807dd19335d5c573e02cd130cb467ebd858be4d20a66e3f1e4edb2e06d0db229ca083f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6fbcb7a623700c6fc1ddd4ceb65c7070

      SHA1

      823380e7d9eedb7c308a00a13de0e7f679b6c164

      SHA256

      7e84863af12960bd230ad29008f1644dc45ef33886f0e7631c6441cd5190e646

      SHA512

      3f16d6ed7f066a9780675f976494b8435395f229430d2e29d5e3825168453eda423d264292666deda2828bd473f6b5dd0d0275b9cb30eea33d645ec8f476b86f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8b2dc71d281311471d939a68296fb569

      SHA1

      d2e9e2c59c252a60be4f928b17d86d50a073ef5d

      SHA256

      93fa0da6607677bdc64c7a78da7a788023e655439657b407cf8d100f44d32142

      SHA512

      17bf32dfb9ca3a2d677a848c33b89234f1b33bf306a1ea1a8c15e24328b0d7b4edc0eb56f51febf504bc14838c70086cba314c7ded7d6dfd9679470fcb6e6faf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0ee3e74b117e875063fd18e9bbc43d56

      SHA1

      98645a5b20722022e591d4ab2d628d88852d1c40

      SHA256

      de0a9bced66a000c697bc56a31ea67d5b5a325fff7691f5cc642fdbd0496f9bd

      SHA512

      134262aa8f50bb02310972ee5b9c4a80f85a9a48d93bf992d98338b43f9f6f25d7e543890e9dc6b11bda26d6aba1ab13c68845e971dc376130a7d183a9d22a75

    • C:\Users\Admin\AppData\Local\Temp\Cab3F23.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar3F95.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/544-438-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/544-435-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/544-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2456-445-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2456-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB