Analysis

  • max time kernel
    0s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 07:01

General

  • Target

    fa8e5bc4ffd88f418c2127bb17b9de46_JaffaCakes118.html

  • Size

    156KB

  • MD5

    fa8e5bc4ffd88f418c2127bb17b9de46

  • SHA1

    e3ea5f1db9a120a7a8279c7e747e95b65159a354

  • SHA256

    9d6e57af535e5800042701a6c539398f7a05c5c626970535ce423b81ef428c05

  • SHA512

    118d9e812665aac6bc0120495fbe5061ed6c69621704b6fafe890004ff63655e9b26b416629bd58291bc8dc92156fbfce43c55f51a7031e90f6ff6555de9aa6f

  • SSDEEP

    3072:iOq1BQbrkcBDgFYhx2Ww8JHtqbUOUiBUCjUO7AxmK49ZjyfkMY+BES09JXAnyrZ0:iOq1BQbAcBDgFYhx2Ww8JHtqbUOUiBUb

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 19 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fa8e5bc4ffd88f418c2127bb17b9de46_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2288
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
          PID:2300
          • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
            "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
            4⤵
              PID:800
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                5⤵
                  PID:1984
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:209940 /prefetch:2
            2⤵
              PID:2228

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4b2c81766a821abf37ece7de1fddd438

            SHA1

            a816dda8094e4cbb4c4cf6d856809b768cc29bf8

            SHA256

            788abf4c8559b152ef0679caaf8f204315ff3171406224886ac7794a591a7a9f

            SHA512

            e8209355473c4504bfb7e63912fceb490d484bdc815173fae1831e37934760b1f72d0f423ce0d41f333521e15e30f2ece00c73eed0feb00e058348e474aa98b0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e02a32062938bf93aa5db8f22deef9a4

            SHA1

            8fe2109d37c0f68186f9ea8200f10279c3379fb6

            SHA256

            ccbcce35d595dd3c4873fd1bb75989e41ce66b96c1d6cb14ba039c62ed432f28

            SHA512

            2f5c90976bd7b79b3bfc6b468ca67caa51dc2280bb363a5f70ea6288de56d2fae5c249449632041538553db0d0133d1c02ec1606d3e2743b3102c74c568f7eaa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            87bdcb107a6ed074754f3c1d5479b56d

            SHA1

            b9b230a7bba5eac38d1e98eca31282ede3da27ef

            SHA256

            a0fa3f8d376fe102ba9e4e1fd864485c1856ae22e1122d3028c1b3efa32eeb04

            SHA512

            261ee2847991f13add5e94bd9f6ca80b480d544e434a07d56815b57a56b6e245b60fdfb9ce88bef7e505f32694293bdbce130b8e643c10f19721de7b9cfb7203

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            846735001d2eb311f539aadc5af74196

            SHA1

            74bcf7ac3df974b9ae79066c239a39afccabf980

            SHA256

            1517d87ee273911fd421c0e0f7f1f9264bfc6fad3deae7bce0ccb923b5ad5db4

            SHA512

            1b8b8631535e264c0f952e85faf5b21f8f4b090b4abc837069c604fcfd63c6abb71459edb51028cdfa27bc379a583bdd5d7d07d1377325d8add2b2cd91207b15

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a3b6a42238e5d381f314d84e69b54a3f

            SHA1

            1a27437720f384dc6009a7e0554bd03f273b0ae9

            SHA256

            c5807e7522a0fad1984cf2b4e78f43b19aacaf8a82586e10235d6c490d87f5be

            SHA512

            030bf0f1fe22e5583c517aba0ce6c74218bae5e80aec1e762fba82f8d36dac9d1424667eb5f898960703f69bc597002f7a461f68cb7bc61700b42799db5a0cd6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            5841cb1bf0e918e3c141ec8534a37721

            SHA1

            98833d03d9099c1ac019c1884f6f8feeda3d2d79

            SHA256

            555055e10873f78e3dc0eda986a3774835500fdaa8b1ab5bd6afe54630f962f3

            SHA512

            766de2ff5e5f6604b7e209f7755decb715c288cdb83317a701acb89cf26f6539396da6415184a38fe256d5c86853dc2fa2d2ba504dfbec6b3af76b769d050a42

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            71915826d2a4a0fbab49d48bb601388d

            SHA1

            a02d1b694b4e376fb9669578fa8f36d2b72ccd80

            SHA256

            67915cbc1c90502bb2742aedf96b370e37845760c551e69d53b09a905b11e8c9

            SHA512

            4b1f40d408ef3932b00814658b3f4ff1ee622cf3d3d611b7b988bda3dacb50ab8c208ab17163eefee8ccd668d40c004612068d074efd8990a6a2564cea5d5b86

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2836636488511cbacea7cb5756769e50

            SHA1

            af5f7bd330c3bd837fec81df00957e029d15b7f5

            SHA256

            96ce81e814e4b39d8cae3f6a728da5e5bf2510b7cb614fddaa5c7e03699c77a8

            SHA512

            dc7f99e613eb6119cfcc0684290af78d12b0f1e13201e5049df17bb27db2d0ec6b781b36708b9605fe5578ff6618d77466252849eb7aad1a33242481ffd62250

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8f4732c804864f8192bf51432e08da1d

            SHA1

            112346683b79564476049803376064c113ad8ec8

            SHA256

            2ba4d19174c583ff3d2757c6005657d0ae150e4bc7c08a90110a09b6b652aac0

            SHA512

            e4aee5ef529e36e22ad9e2c03768a1c201037ca433fdc65521b465cb2772c44d640a35fd6a15f32c09ca9ad204a5eac8a5d6c7ba980d4284b8f8cec9078fa562

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c99341a44b593d05ca1b5da958295e4d

            SHA1

            79603c19b998d863056b364b61ba9d17eb2b8a55

            SHA256

            4d64ddb3282a2a7d94bf9d0501aec34b183b48a9e7beaec65f7fec2d351da2e9

            SHA512

            89ace80d97562a2992ab07b0d901d3a63af2797f6d3e227651cdeb69a585f61398fa708d01bb46ae2f5cd8628393e9079b0b015198360dc6f2a47c8a4f98f800

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            11b6336dad427bfa6ee93781bcdf3f23

            SHA1

            f6e99365914a61c44e3a643a5b4b13aee964932a

            SHA256

            fcc0cd2d4ec6af94de952a7e077e16701f863bc0b5eebf7b1f1480a5dde91c15

            SHA512

            632fed418c7228401aaa9f11db2e8c2a07a73a76555a5afe3449b165dc3518a5ab50afb064bc9b12f0a38c6948dafc24a1fef15bb5a6993a7481ee55f54d491e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c1e86f34b3e6cc3f4d8705ee89cbae87

            SHA1

            4465a6b4f3b2b54dd2988f0f233674ff3afaaafe

            SHA256

            e68fb78c057f606be7a3fcd0e3520f6e73d8763e6c30f2c37afb22a5dc504b68

            SHA512

            52090f065c207e1d330948302f36cfaabf3c3826bd44bcf2042587952e266fb839041cc0a40d13f34fb8aeca2d04d63a7a9d898d6e949a32c6d93cc64d0fff42

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            56e987f5fb287ea16a37da9b4da06967

            SHA1

            229afc3d1467358d4a7e637ec150d02bd439c327

            SHA256

            298b956a6b17455102ce0db485fbc9ce9a0f0123615d22b6882deca63eb8a9a1

            SHA512

            b043c2d210e220cdeb7ed4c09d049185655438536c2b8d795e39896233f205d31c3d71c656245def7e5c27cffd74cafdb83412fe7d1c6ac5d17c0d3e007313cb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0abf98695f901379883925cbd811ae88

            SHA1

            44892e14b6240688bad74e9fd4ebd2657fcb1bb2

            SHA256

            ce624f13a1782cb9b748f00f827611fa843467be4330a9e798582b36d498f2e1

            SHA512

            9949e69b4c3be71a35d68aba461e0c68f83ec5dcbcd3e0f0ac091b3cb60d57ec19915fa06bbea47a4a145486199598d365ce157dc41eef8ba3bd64e2dc2e3d7f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e1ef2bc78134f20d6b880c7222c1ed72

            SHA1

            e54f03f2b6f55a3ac1aa5e370a38a3e84ba40498

            SHA256

            c14c5e5cc10643eea8f2dd3eaad76d46d9b49c44c3f825b9011bf485bb82fdf0

            SHA512

            f53bc05b8a5137fde7f6172b9db29caba502d7b09e969f13a2b312eae4e1962910706a563a5f5eb869b452c8bb65f83d633ab4823c219732e15f6d3bb211adaa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            06105cd5e054a92bb861bc851d4e1d2a

            SHA1

            40954641536be4445607d31fbda3fbe8b10b97cc

            SHA256

            5535aa4cc3d719f478213277cb71f53185031eb6bcb8c72da9911d7e2bfbc80f

            SHA512

            712e9ad79079477f4a92919333bb1e1f5b23ac94025994172c362880ca037f15fbbb7c35f74796cf794cf78e49355e1304ef0310eb1a821c4a8c6aaf6255e466

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1fb9274d1f53453236e6febf79470531

            SHA1

            43442cacd3a9d63dc1443421cc721af5de35117c

            SHA256

            276beeb88dafd04890033ef3ad63474261cff745c5b4f6ac1d47a3eb451b61c3

            SHA512

            ada40ec16d1f81bd769f871d63564c9e1a7e2fd2aa97d04e4060b3dfdc66825bb1165854c3f62a9e0124e1b5bda75ab7fcda70e6974dffca38899249216b5ae3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9083fdb702d06a2832bed4d4b3b87e31

            SHA1

            13d4979e997afcd105d90d0cc077fed5cf0c342f

            SHA256

            b13788482720a13065d204a00fbb240708a6ef26ab0779bbd09b783399cfa535

            SHA512

            1478b29edeba15c00a1c540adc77c6a5d6d265a1a01d04f3f4c59dc4dd28fbc026e43ea9766b9f52815ad50a5b986b6a573ac6f4f18413276543c7c670f56334

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e76b841675a945ccf291b6acf5fd6943

            SHA1

            acbe7ce7fba274707a7d90d4a5e66e4d7706150a

            SHA256

            21fa78dfbea40ed8728fe9a14a9ee54ee03fc969bc5a9bca4dc292ee0b968bed

            SHA512

            de0ac6779bbf46754715aae2108420b81611c847bbad8ec4318e600a7cc42401eb5b925dff2e645951f00c679407fdca7745f74eb7c0bf05c775ab2db1bbf288

          • C:\Users\Admin\AppData\Local\Temp\CabB0C9.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarB189.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/800-449-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/800-445-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/800-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2300-446-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2300-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2300-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2300-435-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB