Analysis

  • max time kernel
    127s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 05:53

General

  • Target

    fa5af66873d0eead5f608e1b37320916_JaffaCakes118.html

  • Size

    158KB

  • MD5

    fa5af66873d0eead5f608e1b37320916

  • SHA1

    290c9bd088898547cef930a1920eb4e84d491d22

  • SHA256

    97a03fc056b7031807861c2823c75d91b72303daa23f5de9f57aeb45103034de

  • SHA512

    4642413581c242741d3be2de4f9dd1ebb06ff8e24ddb10889d1da9c5dd19ceef8c4fcc96d7e8c4f6aa41159b105cbabb3a315fbb34305214a0b16c643ea49c0a

  • SSDEEP

    3072:i8XSAhfkQPyyfkMY+BES09JXAnyrZalI+YQ:ilAhfpP3sMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fa5af66873d0eead5f608e1b37320916_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2124
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2472
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1040
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:537613 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1336

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eeab665ff95e111634441cac0b89b498

      SHA1

      d899f177434e4e138d43bd8a2488be3c7d878519

      SHA256

      d58dcfc2f1bc528cfc004b72fff5b530602063ef0b5f465c09585208956dd50c

      SHA512

      44da116b5aee0cdf0def0fb0ecb6f06fae39ef48747ccbd3644ad78173a9926f78e8ce166a64d1fd325e6ebabea2978f27f69e7f9dd43b0a284149075f3f34b7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ac0db6f25266998aa178c6d534497095

      SHA1

      c3b9a9d600dfefb9301cfec3e0ad68d1fc154f48

      SHA256

      ac43eda65c75a47585d93ee4450c829423e80b9079f5d380a6ae39add94de4ef

      SHA512

      9311f4d20e18cf420b77092c4c63434cbfa87195d72b25c14c3df2d51f9871437d747534d28b9a255e87b1560ad9115cac8668a0f1a077fd20d68a8ab2ec3cd6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8acaf6bb298c00b5d85104198f2e67c4

      SHA1

      2b75f1320648b58794901217e9cf222efb5d4865

      SHA256

      96e17dd8708e091713d657a245f3918b1e30a1bb0be2f3ee26a9190a4ea81a7d

      SHA512

      f2ac824652ddc1aacdfa2329c04eff242c9bc746a60d67b69f074335fd44c974e0b6ffdfb7dfd40b287b36066a516af1fffa52a5443e1382829203deb223c07f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      99f9dff8db51f81cb3b746a54f9e9b52

      SHA1

      f1daecaa8a9afb610a027a3379589b2ff6d5cc6b

      SHA256

      69a99f9f1a0ac67bde7d768410bcb53cc4821ea67ca2e7506d4b1a8503d740ab

      SHA512

      33a7c60c47ab1b99110706794183968d0c84e9e6e18aaa6c62b066f94c3c9bdce15475cc6174a69def7efae94e1be045f22f723ead2b67bbc2b086c729ae8bfe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d87836ebe5c6d37195349b729c20b937

      SHA1

      795541ea97e3ead3ca28634e5e67f3f9a1f435c1

      SHA256

      22694f8d6974ace58de3f39bfc93735f6c7014007c3037c9457321f181b84ee0

      SHA512

      aab905d566d513bdfe947fc31ba38b1cebd7e807d9750e26f49f3cccd7fb4a964d4468e40d14fd765276c543558350e10600858bb40e1e579f058c9fe088191e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c6ac4fcbf0d035febb44844566f8d1ff

      SHA1

      e73fbb3f27ef5fe714f317a3426fd8f112305bd9

      SHA256

      12ab5dba09841bd1d3a382340979b5c3b193e87f86753c4578189eade3dfaefb

      SHA512

      beeb0cbb4a8599f2e5ac53ab34089bc5d8cc057d8c2463f9bed1e27c6cb542e8806b0536678fbeed0f3a4dd3f38b18dff845d1db670ab707a87d41665b6eb30b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      882ffe78fb2edddcc034be0c3d69d4e2

      SHA1

      96517005c0aede7ea6b36999e719f0b4a9135a64

      SHA256

      3a5604cb47e00528fc1a01e5e90f3a3eeca4263e482e64a7d6dfd87f17c6c4ae

      SHA512

      883a05411f76518dafcaf68739d4decfba73a0e49b337c001dfb75716c07ebc2820bda5de8088ec50a7c54411e0fbd78f4b6cf70fb4a8baaf00a13f3ca305a27

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2379609cfd1a90fdbc1d8746c1f0208a

      SHA1

      4813a9a63e447ed40d15301f53489abfd77a231b

      SHA256

      6883aa0687e63ce9c76c261948d36f4100afb821a8a1180ae7f17ce7bb62d41b

      SHA512

      5ce08e5f49884d942bb2c94c2f50b624a58c80e774c791befd35e2cc1dceae2cd8f350ac2d6c2aa443dd0596cbaaedf3aeb679775c82ed085beded64e40579b4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5dcec79f1bc6be52dfba2fd202500827

      SHA1

      6415246cae3b40e69fdca113ddcd95d6ace1d760

      SHA256

      91b1ae110941c3d5ad8130aa6f88c7014aa44e073a815c918984d62d40795526

      SHA512

      10819eca1f1947714384fd655c769a3c5901022cd95bd85a5f5f997c189968d577e10daabfa745725db83dc0d6cd492021368f88c6ecf98b83890fa22c1f0d1f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      81123a7fef27e4bbb27a7de34884acd1

      SHA1

      87778d7f1110c5a45844c78459014b4cb402865c

      SHA256

      324efe449f636d20cf3addedf3136edf0630a5f51ee290f4f0ceb416af100542

      SHA512

      b9e3c83ad99589022c2a957c5533d733bf96f4ae0ee149e59bcd0afd5d7689649c9838ee8d25d3f210e22802a2286f9c53f31d941a1c47d54f0126635aee8213

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3050b53e8d19688f7feae5efb5d83719

      SHA1

      7d9a3d6c7ce44342f01ede45aec7ad53514e4c03

      SHA256

      08df266f0fdae2480cd8ea9e27617f77c0a85bca5f4066be2dfc34a599cc3b70

      SHA512

      37f1e22d57ca3dab29b8dbc95bf51bdab7da2dcf0d4bbd45881e3abcd6cd26f03a1a3652c104be889aba0c1471188b778cd07de73aa28fd3cd25e37443dd58aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      76ba89eafd1221df6a9d2c83268f63dc

      SHA1

      aa8e9bdce6544d73807c4045a638afbff6139551

      SHA256

      a7a197a28c8d79c08220a706f388708fb0396f839018eb0e38937cfb639938bf

      SHA512

      015e00ee20e7411a96d41dfc76e882d9f3be03611cd974fe57604da859c8a15fa8c9fea6ddebf334dd6e248aa3e90f0543428ac75141ac424fea7b4542c10243

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9588efe5174650fe551b5aefd462a29d

      SHA1

      b19973d187fabfe3f6d69e1b94d568aaa7fbdfc9

      SHA256

      750c363726a086f8f09463214c66befe3eec0fb22492b626de4cc845c4189741

      SHA512

      80caa6df2066ac82dcaed0e2c26fa559670e76aa8e7a59001704cc0aa0f01a831e4fa7b660a751323654e2c22bc80eb041dedbf593273a9dbb01344119393983

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      932500a6e29a8e31778be6ffa2660660

      SHA1

      d6e54abeb774c0dbcff0416650c36a8c68110377

      SHA256

      4d1bcd5062a7f3ba9fdfb887f46c7f2af810edf48fca2235c0b984258f02d97c

      SHA512

      0f6dc67a6c621f82ef6499baeaf0b10cc3eaa4528ef260a2a5e31d35bea6a88a3745072184ca1c7df47c4d7bb70cde7746a9fd6d090b89deaa2ad8ce9a8dd123

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      20f18200bbca5e633985db6d9fb70478

      SHA1

      d18eaba4a682cff9a5d4b922e11646310620adc2

      SHA256

      b716f25cf295fe023183bfe315f93a5d68dead95b91c49bb675a8e99394af785

      SHA512

      a2b41ffbd152b29c37021413b385b4fe6f6ab3595cae47e10588d6ed78669ab4d2e505e85131763dc4d5e2e71a30061f94a43989c26894b42d9ec6d59a4387bd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f268b323fa30b852da7e3aac02cdf3f2

      SHA1

      cdee035e9d9e96849cc782f8b5434abbfe2e7cc7

      SHA256

      0728e533d7acbb83314f85aabc80f6f34372e22b8c146fbe22090349db6d91a9

      SHA512

      8718fe3c2f4090652619e61521cd3820202add7342002bb499694bfb733544e2c57d3c0f4228478d3c27a5e35c995c96cc5126e9a6aec4915a536d75d9c35ca3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ff601c8cdcb849a0a16c8ff4279fae28

      SHA1

      9d7414019dd959c7f9e852cbe30642f765ca7280

      SHA256

      febc9caf3b133a3cca90045ceb1f98045cdb7da5f86faded49995bb75b570571

      SHA512

      d27c76c33cba63b8a04c7e880380ef340b95dae65d684225afdb40da95a8ba51b6d151c78021f785b73d858dc612497d1bbffd66706729c7c7d8c3221e631b80

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6fd243d4f0b49149c40479c56764a7f7

      SHA1

      2e5767ad1e78f02ea0c2f33a14399e1a79aedb12

      SHA256

      dbba53a5bc4afd585ea1a10db760b803ba98604e6cdb2dae276fe7308071e6b9

      SHA512

      4f4b5d6ad897885b7fc0b0e2166dfbef0b894305a2610be5330b1cce7773c4914b061e010b7cedc1c22394e4bcdcbd070b97477c4832d11f626ac1df0e6b82d9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      324cb325204f2c62cc11d6b94625a311

      SHA1

      8651bfe2d8c70ca13cae3268d12e9043f0af25fb

      SHA256

      9a653506b9ea4823ec6990dddd11de3bc8a569ceb833df6b167121c76e8d5116

      SHA512

      b10ca1b3772fa4dd5a7c37979ee48eaf51f5f2a34c8c319404093a7ce5049cd150f6873285172dd651ae84b1fb5e93b46a9091bdb2c8fa03afefee49ef1e5cd2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7f5be78f5b48a53524af64d887f9861e

      SHA1

      0e3a90427b30513e3156ea1319713f3cc4f4f4c8

      SHA256

      dc582899335d5a95c3219e5f38b37cb16dba81caa3150e9c656023b2b6e0518a

      SHA512

      58a26a137d1c5e6e0c1210d6ed653eca748f123f021affbf4db137a1816bbfe017871392ada417b2bb4385d31c4da4fd449d134d19a27a6f54d46279aa9ccf30

    • C:\Users\Admin\AppData\Local\Temp\Cab71A7.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar7267.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2124-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2124-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/2124-438-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2124-441-0x00000000001D0000-0x00000000001FE000-memory.dmp

      Filesize

      184KB

    • memory/2472-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2472-450-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2472-452-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2472-449-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

    • memory/2472-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2472-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB