Analysis

  • max time kernel
    132s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 04:40

General

  • Target

    fa2209c13d54873c35deb1af26715ee5_JaffaCakes118.html

  • Size

    158KB

  • MD5

    fa2209c13d54873c35deb1af26715ee5

  • SHA1

    b6f8744d57c02f04e27ed47cebde356352d8d4d5

  • SHA256

    749b168cb2936559c83967e0d16f42d1b5922034990c8b01cea234ccdee07374

  • SHA512

    69fe2af88b1de3e23f87d86c6b5e2df97b8088963f13bb1281eba783dc589e150113defa96b94b54c0ad6c512db4b44a486076a8f977d9cce6ffb1ceea781f22

  • SSDEEP

    1536:ivRTfWLTQBBXqbF2vuNyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXu:iB1XuNyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fa2209c13d54873c35deb1af26715ee5_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2672
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2960
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1536
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2464
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:2176017 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:888

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5c2b717cb97fb6a26abe123e2085d094

      SHA1

      07fb1cd9343345254a52f490030d395b841bc7d3

      SHA256

      a394413683ca61f7b6da1233122f4a45582b0a99ea2a675d6724aa744828a35c

      SHA512

      4dc50087a7003c0c4eeed53112d286a69f4f45ee8e650e3b75c8ff76d2b550b382fc41cecdf9eaadc622a328da0118ad5c2c465ae15a4a22baf3be46eed87aff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2dd8984077b63e7074792d7ad5f59cd7

      SHA1

      4daedd96f539371416c94356288ff59ce275df75

      SHA256

      b240e3bcb081892c403b3d5655fc671e9978bdf6536869c38c05f94bb932fd0c

      SHA512

      736a937f3fa3e404a4d87adc04428b4de5349c3cfcabfc9eb87bef06bcc8ad50ed1d59daddc9b083118a155e7eaa7f292c544db95805de83ccb8ba74348dc7f5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8593a47f4cc17cf5c129d20b4a01ff19

      SHA1

      f8a5ac2d95639b8d8150698ee97e7eced3d41505

      SHA256

      891ac92d2ac780525e6d1d7550b7d98fea84acf85d9a5f8d010ea8c3da6c463b

      SHA512

      bcca94ca57457a4b7ef4b0e02f2732965b82e83cd1060602fbd7ff915ca40eb381dd6f24f7480ed6d31041f39a525a8281aadee2315b31b21bbd29879de44630

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fbc8e1013288c9ab9b0268f8d58a8727

      SHA1

      09282ddea9e82a61647da7be75101afc9a93875c

      SHA256

      ab7a0490a045075fa469c96772f3181f0f4395ff2f2054649b3bc96149bfbc18

      SHA512

      298b8f79a86b6944f5e4fb333b68f32fcdc1861cab02cbd15693e92174de134d84bd6e3a1a6b0a240221f394f82c631e7fc6bfed28557715b10381117882d327

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d6caa0767f64f96ff2539cd86e3ee9a4

      SHA1

      7f6703a6b42bbf8f43285526005299006c32ab6a

      SHA256

      0fc5c4329e91dfeb8fd38dcd323a0b0212cae4aceba161c6b3d340abdf0a3ba3

      SHA512

      f7ce3b9756f1a0cd4e2256f5e908db44673fc70d1a64e2999c545c7a5473472b7e28c3aa715ff5d86336141965cc751e80ea0fef3f68d771015c6a4dd2db38bb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e06073e44b90642794cf1e301c881427

      SHA1

      c479196d7bd3527e1e70409dcd144b3d2c69f092

      SHA256

      c45a4f764fa1ee7bd94c7bfe00f5651975432d346fdec20efbfca3b2acf4c33f

      SHA512

      11683f656558cdfe767a653a5a34ee408333fd3eb07c36e7861e11f8974464ae9b4f5974a5b4ee7f5f37ef6976aff2f8414680639c2641ee215c790c1a3550e1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9bc97967a4940cf29855b65e2d347b07

      SHA1

      c191832487f7f76f6fba86c10e9b09a0ad505604

      SHA256

      35a74f4ee4488f609a16772999435b32f090aba1c27db740e47d2edce2f42db3

      SHA512

      f2b5c97be2288a274fc1162990e4a2360788fd97d5e159ca37231d6e6a311211881aba1cda90eff0a159ad75a964cd873556317226f6ef301965a2c6d13cbceb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7d083caf46ce899c4d5d04b6068b2e65

      SHA1

      97f67d8230a118101bec91cd78f64f3a6d6efa75

      SHA256

      edd30189dcbbd0907acab69cf74a2367ad37c281dc4afee17ca188561fd98056

      SHA512

      f5adba3efbb065b859b8259abb610b38d6f9b5c30f3d08ba6561b482ea7d325ccd3a596aa8a7f73773accf9b3e670c78f01845cb6f511cdadc73532bf1daec50

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ae18aadcf1a9269b04ab43d16fa583a2

      SHA1

      6e4e545e34a9a0330cd646c11512aa9129fafdfe

      SHA256

      ecd425eb72c96c0adba09fa06ff502a9ba3442f19ad4d0573a9f9f9ef582fa04

      SHA512

      c7ab875bcd2eaf1682b78625dab4e31c29717b41c7071c033802e1689c1f04da929797ecca9e7fa597b9efa9e068323346fa2ef2cc74d28127852d242c79ad77

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      98d7c67d1a4507d3932f44428571eb04

      SHA1

      e1e5986facf38544037d63cddcf974778658c18e

      SHA256

      d47325b1892b52b4f606c2755eeb2a7d7f078f5a40642f4ef20d332e1a21bfed

      SHA512

      e9bc4bd99aa5d4974f81818cbcb95f3b61d67749ff1f70176bd9109cded5a1d1d97df941275f41147f40b5bd7970d84a27b10c14b75a1fb9a4d34eb8ece92691

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      799ee9071ff2c57e510df5ee404a12c6

      SHA1

      10d956ddc1277906f17f28284655b97365f4b2a0

      SHA256

      1dbeec03f380be66457f478d10436e7c0aff742e2f5fc7d2aadef28f3cb6501e

      SHA512

      a4439c8d03ac96a89bac8e611acc99524ee6b023b50e79c13bc7ba5140a3deb4f9ecb40a6ab0cda7c48aa29a2b75823a987dfde75d7847dee593ac58c15d21ae

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      14be2e8be258bd352e3021b79358824c

      SHA1

      83917ab44487a233f8e903049d029b1f45e53cac

      SHA256

      9bc85655250d11d846ba8fa5d6075342d403985b122decdbf4b6d9df8ffc181b

      SHA512

      e26a158e26df6ade8ece8d03db603a1c2519ebc7ea940008fa57f097b9ad5bdfb4b7b98dcbb1066a3f1d6e4ace2e942265f6e85d9dd3f3e965bd7a3c092cb47c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      11601e5b37f854eebfb1f874a1dc7dbd

      SHA1

      b3ea003288efed3185d120ee9dce005d21a2db51

      SHA256

      082d3d1fc9ae4c37e72abaf09474c025b08945eeee167e4aec05688c956dee29

      SHA512

      8e9e7dc07783fb7df447da14cd7a77c779e1744faab6566e90bf676a373be4f9d481cf1b7ed986aafa40d17d5b0ab9dfb1761f69235acb7bcd18ef23d207dda6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9d1df0d0b0222fc4a51c94c696021db5

      SHA1

      b18807d8cffab7b572611645a57d06cb3d4bc175

      SHA256

      a9e9b6496cfb088dd2d04e19a40942f027fd0a952579995d4ec7d15ed124156f

      SHA512

      6d8adfdaf4c44f4181bc8b238d9ec6316eaea4aa9aa6ad04f7076d2b615ceefc4132395486138dedf0cb925321e9e6be2fb2751ca75c3ff8e15bc28ce6215a4c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      818cad7d144b797fbe0e71e444fc562d

      SHA1

      29b5763ef9d66cd4781a8ac3109fe0caa0c345fb

      SHA256

      1bc47fbc9226fd64bff37a96522128cabc1999bf2e3510c5b1bb5bc8a46be766

      SHA512

      b6ff2fcedc91293d1a827be6e89e84c1113805e422736fc4972f5a96231591b45db39db91261740c89f27a6e7e232b3c4f7ac1bda975d4b7d00a2013fd26326b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      140c5a2559128fee70320b7ac1e9cc3a

      SHA1

      6aab21782158ff45cefe7d5c175a7b20c84b9c6e

      SHA256

      69a4b99091243d39fdbce48240441afa98dfabca16e726d3bd2acaa498c5ac02

      SHA512

      b2b06846d4ab54de6dc653a8b359f1601fa3bb41af9658eb791cda878059f8f7de7a454deba7bb2227f4308dbf510447c49a8ee40a6ec68290a7122a0fe3d02e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ede744123028a2db09897a335ed17b41

      SHA1

      c2b26ab2db5994b48923c298036b0970b761f167

      SHA256

      3ed2f30d8929cf3cc37e27c77ceea1b3df3f3a4d43e51213132245796e222cf8

      SHA512

      91c8ee24410d48ff3a4d5b5b8b5dbe7a5b11bd6665e3b766b09ec4af38434f39dd40f2deeaa750759f250e42cecf2fd0d01f2a81ea9570eed6b4c93a1267b666

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      504922629903ee2c06ef29c7392c8e8d

      SHA1

      245a189b9194b84a1b9599b092eef79160790036

      SHA256

      27e16a860be8e840a8cbbd3bf0b930a6efe842faa00bc9cec0cadf5735f356dc

      SHA512

      dc34d43d92116330145c88a0d84c41bbb5e8efae7f22c6c5b26dd32df70df9f58fa0b0705377d6e12b3e8d01d444cf0b683105c91557d462670931bc97281bc0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b7ec1baf97f8bd0ca546d4aa2199aee6

      SHA1

      c1e8381aa709507eee89c08a3cd0eaa786fc5b05

      SHA256

      431aef31bcdee22fef90eee4b826bce27bda91c4865f219a68c0a67e5b81c493

      SHA512

      3405f5500542936bb094398872d059bbe4c6e3b922c189d6798dc58ac2d7f9a65ba99f0957d88309c4e7d0ce5791cdf0e684ba43bd0a6410048aa09e889937be

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      af9e0c227134ac41ed08b8136227bf81

      SHA1

      e17a3aebd10bb26d2d018c26040e91dc4e2055e5

      SHA256

      4f99afd98c90bd2da74a4de0bf90fb8a27335f9c684f5be318d582e4b6c300fb

      SHA512

      5fcc9ede486c6c5ed73dd6d6c62b41896b7cde278e51fd0b6eb52744ea9c89bdf1d74cbbd02cdac92444d8459bdc5558abd32e43385d2862373543330770dd23

    • C:\Users\Admin\AppData\Local\Temp\Cab8538.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar8606.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1536-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1536-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2960-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2960-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/2960-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2960-443-0x0000000000270000-0x000000000029E000-memory.dmp

      Filesize

      184KB