Analysis

  • max time kernel
    133s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 05:46

General

  • Target

    fa55e7780af385b915d53836c74837a5_JaffaCakes118.html

  • Size

    158KB

  • MD5

    fa55e7780af385b915d53836c74837a5

  • SHA1

    dbae7c8f2783cf800df82e3d9b42980deeb9f594

  • SHA256

    eaabdea621c239c5c4909293bf97692dd4aec1334ccde9a6120be11022e2398d

  • SHA512

    01d42b8f82ea52103434c03ecf2aa789ab7d70b96faffa30d87072860cce3655798c499a8ed5ed6e3df796590258b775a628e389d9b06ac2353e6b6871ea4b88

  • SSDEEP

    3072:im59bMW0pyfkMY+BES09JXAnyrZalI+YQ:ibnMsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fa55e7780af385b915d53836c74837a5_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2304
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2248
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1856
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2228
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:406544 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3036

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4313dfde0b83c147518a3839be0681df

      SHA1

      a788faa4d2db61125ed59297eb7bca1bf4cb1b48

      SHA256

      56878e57a6a48be7ecd5078dd185eb854c7c4b9bfe5a40871c16d959a948b13a

      SHA512

      e8abfb1e93fd436f89fa41e148c8f882a4bb7c5fd9b10ca8fc9de0b68d276b1d8eaf99ae95aee3f2c3f58f20e8956a091f84965e3bfce98020305d21072cd175

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4e9a562881d6559261fef2cb94803600

      SHA1

      b69191ba3bd8ad425ec792535453986f253472bb

      SHA256

      75839231f04b918eb9e3c95aea107f9a71ea6e7fa5a2c4a87d53b45c7f4821ab

      SHA512

      c0657a8d515cfcb385a05cc45c42e2ecd7c7aa9641ca20cb06d5fdfd58fead4b2d830d889bc7eb5a03105fb303e4641595c86552dd353f2305c1546883942b16

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4dfc3009426757bff80ff4c1f425a3b7

      SHA1

      41f9013bb558e917f0f9af60c614d9e57bd3dfbf

      SHA256

      35acc6bbe4b9684d8fdc32a10065fa6aeef4a9d95108fc96ae71a68c5d050377

      SHA512

      58555ba18263d93b590f7d76df94f8e7ece4e98614fa534b0cef48abbae30be69f78b9fdece6ec6f79308f59905dfcba0b3a0fea1db3c0ac829a218cd7682dc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      25f40358a32e2860461851d129d4223a

      SHA1

      711399dda611eaba9e2fbd0d4fba887edf242e5b

      SHA256

      e1bc19f5921d8e024ca4b3073190571b9a90afa1c61a4dc7e653139eae07555c

      SHA512

      ebfa77a605572f74996786b36e5916915e3db6dd37d4606676411edf21298a93de92856c66acfc1b71cee869fadb5781c071169c63ed2ce5c67d6dd69485f2ed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      10b8977992d96d45953e7d53901ff0d9

      SHA1

      2777eb08ab7d28f932e3e848af4312038705f56c

      SHA256

      d98697626a81caa98e663bd377075582f7a22b39ab5958b1c09cb76c4c75cc74

      SHA512

      29a6ccddea3986f2dda70ad12c5de2175ce39497301336a020a36fd2ae06d1fb02125e186a1178c8374efefa02d4a25bda747c501ea0e75de831c19b17faebc7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cf393e42f226b08012772d50938ac35b

      SHA1

      6bdc7c74b073efbc3b074f96f0bbbc10ff35422b

      SHA256

      28e6a79c018816149ca6fdfcb8ee329a1e3bd9ff094b67da55e1778a82cee5e1

      SHA512

      c63829e9327eef54038ac73a762a64fe036c0ef388d97a86fbbd691f01ed5c4bcd5de42ce33190ce81f639f57809125205bfec234998f83c3604ac9542cb5e68

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8a4889c8022ceaee9192ee60f499e526

      SHA1

      da87a0bb6cd177b92a6588d7d0b3600a37a50ee8

      SHA256

      bf8ac875f9d2c5569ae3172d6e5135f3944a811964754b720750634694e5f7bc

      SHA512

      db472f476a23de9b623eb7367a0169ec7f14f75f2ad311ceded76b808d28b5685859dc8c1880d29bea168340572de8c0ace9614dabfd5f0ce3946eb38429fb5d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7e9b54b2d2867a5d26097e61c48fd438

      SHA1

      d3ee88f931fb9e772021c19d40d3d55d113b284d

      SHA256

      e69655572d387f1845ec97f02e7e640dbf0f75987da5bd3efac41599941c1bdb

      SHA512

      9ee1c5954954690ab4f80f19b5ed581ed13a1fc75c8580b72a4981dda09db553388649291158bbb192e6326def9c25a56309220dbe7f3efde0851bc08f360ac2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f201f2991d4d8534e28ae896755e8eb9

      SHA1

      d1a46a0abec8d54a07085b9410abbfe089d3d24c

      SHA256

      32bde4f11074f4de43a65d5dff56810cf1ae4d541bf04ab0c0b5df8d163f15ac

      SHA512

      b3554dd77dc80a08823677714d60792ecc297bfd6b8f9ebafd3fdbc4d013b9e314234df3433b149b81d6e505e141999f199124da6858f5240730c056861e955b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      86a664025840d1fd9002c4027c922ef0

      SHA1

      cbeaffacd846f9e999555a8544db69d82d59c438

      SHA256

      2858c07496b73892bd8e8176e0370da05de7aa38740c943ade60334ad35b0363

      SHA512

      9d47b2e353977eae0d0fe80298343694ad3d32e37dffcd8d956e75baaf3a8cc7aab1ac1e1c5abb99f53c5395c4cc3e9378aaf484c4c00a6ed788fafb5278659e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0ecf153456b5ddb0d2abde562fbc489c

      SHA1

      881fe35af97ea6a97e63c2dcb09a8c806a31bed2

      SHA256

      ca80a18c75721c3c9cf4dc893c126ffc51c294b2c9763c91cb886f601ef1d4c6

      SHA512

      1252034942e31748c2f07086a168d512a3e89f6217d32903825d8bfb6ef186ff2a93dd3018b437b0927439d4347fff0419cb0d1a01e494a24be61a30bfe43434

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ab3f0f4c4b5e0b5bff7c0605aebbd3cc

      SHA1

      f9f72b0d1ce3bed03d7c36cb4a64f761c1a71e71

      SHA256

      55b8ee0de6a950b7f639942935977645ef63b714bb35cfa561737aeb330e29c0

      SHA512

      929d5c0900682ccc6ce7bf4adedf3b22f78e8a72d2f927394cfc9e84d4d555c1e446a2eecc014d21682d9e8b61c0fc1b0bf81a6ae63da1c73874caa4b5353121

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      29116cb3dfae3d02a318c65d91d62df9

      SHA1

      f15ff3cc6ed5f7882e019194009f172072a99664

      SHA256

      6bb2fc48d633bdfe126fba5440e899adac0c32fdbdb9c4cb6b30a25944f62e1e

      SHA512

      7a6c517f987590fc9e6b764854d42aa67fe1f8503ffeff9f75bb7f599eeaadba7f8a77423993bea43de6d37949147c67349fb0a7200d78ba3180b83ca8805249

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9591a3a4666dba637b0726feb55ce8c5

      SHA1

      807659c8724f04d797a2137b4a4085ec874395cc

      SHA256

      a506ebd234210dcc4fa36f197fca51aefb65046a65bc530063b14ee437491497

      SHA512

      8cea5dd6a0b95bd5fa2c6b9b6129217a6bff411472e9bc0b7b9bd0e429e67ff597f1ec6e947d8eb55d799acbb1d674b9e7badf6e96fc45709747545da101384e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1237f8f074e301c1b5956770e1c40d8d

      SHA1

      71cb990439bd88474020ca755e0d9221f8d57167

      SHA256

      12076acd42688d3e4dba9e64c8d7e2e889b267cf176c783015dab8474262646a

      SHA512

      18b8da034a191149530bf14bd03f09240b5de023c0a9eaf4d2847f21aa4d87042bff518eb317eba2a1445441eebf2faa69e1a95c23d749d16a8793c1e553251d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6205216cc196795377c6a211ed965fad

      SHA1

      a7de7b115846c99aae99e5a72db1c9d958bdf694

      SHA256

      13dde9fc8fd56c05912a2e9e9e7b63b040653870f35fbe5dddd530bb0c3158f8

      SHA512

      fb21a78681b41639377680695c78a9f54030bbc1cb42b2bf23f2cc05eda5a1f40126e5c53f75eacc726f331be8eaf932495a8e1d89ff165782da245b69fed55b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      59a8f9851b17034614951788b3a252f9

      SHA1

      85e93b04654f34b72d0ea4987460ee262d87d12c

      SHA256

      b37304824d3d0e099346b74588828eb8f30f615e580c7433ab6f3f6a2b7037cb

      SHA512

      234e71712d09605e8665c2af28b6aab6f93b8e81e8f24c85808ae56f94ad4a0533d8ed73a4d895fe4c410f8245880afc0cc6c730b3d56423eb543d8c00778441

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4ec0d9fd02e2a7d84279816d9cbe212a

      SHA1

      f5c48d61ffd438a649f89b8c3096a8cc817df251

      SHA256

      fd44479b76b616ec235548e58df94e7bf4e0d10c150535ebea69b57f23de95d3

      SHA512

      71c91d21adfeb4fa938bcbf9204fa070152b388e061623d6b8e4764df5b5ee7290388b6a51bef6b3a89ca83bb04fe9197b0ab2b2b2a7affa281442db2f919ac7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0608e815e32c3fb8b816b2003220b226

      SHA1

      a35e4e4518c2189f4c1a6d224c3e5f6465d9cc44

      SHA256

      549e1420995b9f9dd01fc646c753e47d415c91bcb38f23e29b0c9429674bb6a0

      SHA512

      e06569ad3e62545e5518ed48efa9de9765160ef32851650ae2264452b818ea8a78bf09c52a4ff7f58f2a1460a9f3619afee84748adcb209870ee69ede490d76d

    • C:\Users\Admin\AppData\Local\Temp\CabD55A.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarD609.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1856-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1856-447-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1856-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1856-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2248-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2248-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2248-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB