Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 08:40

General

  • Target

    fad8c93158e87d079b8b69773b26b421_JaffaCakes118.html

  • Size

    122KB

  • MD5

    fad8c93158e87d079b8b69773b26b421

  • SHA1

    1d894c75ed3a4d8e547ebfcc1cad71c55131f1db

  • SHA256

    9b64d4b191f14b5587be95c2129c4f54c4d7b6199dc61de2236fdce406681ad5

  • SHA512

    8300139a764ae19e33d98693b40a70a8a4333cf7f6e9496d1ec2619177ce250802b58b9606b97c0cadcfc26db6a34f8dc74d01ad63f614967a675fe940455ba2

  • SSDEEP

    1536:3HLuAbyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:X3yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fad8c93158e87d079b8b69773b26b421_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2232
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2524
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2556
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:209930 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2532

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      87f513d3e75f0e8ef048ad4e865edcf4

      SHA1

      5e15fdccd00b5b93b33f5e04f1cc3eb6800324d5

      SHA256

      2880fdd2a8ed3f1d86e29ac575302563253cabc2fe4c20ba756d1dc38f1bf669

      SHA512

      1e7568582354f2031c025a629fd23989b1158e270341603c6fbdeafcc97dce01d7579c30887a2babf6cede99753f4a92faacc79d69248a6fe39ee475cef082ff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6cb55244dc0a808f54abb62b4fbc604d

      SHA1

      02a1328972f06afce221c314a4d74b3a6eb5ccfb

      SHA256

      6163cb0f95512f0c8a23b6136a31017b02978aab6a1f6a360e681fbac7983a61

      SHA512

      ec343e985abdbb9c349714df824a32fbd6f377dff6d8bfff9e5dccfa3b13ecdf9390b1bbfb7a82a4091da6ef1794f0cc5e47c3e0a3118e51a280b06c94e5864a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f15e6b33ea804076c5d1d55b1a47d5ec

      SHA1

      88ed5672974e7f6ac5093130b031ae4731eade4d

      SHA256

      aa7dd38d140eeef32055ead31c4bd0140aa0a9e05a3b8e74cb420a849938103d

      SHA512

      f4f44ea1273845fcc4988f62ad6f1f3b5bae176d06a119106ca066955a0cc8a31dea54e8559c22bebb8eaebb582044aa57be7bb5395fecb05ffb2821e9e97ccc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      79565c3bb7a901324f88782d6c989c20

      SHA1

      c0a9094fffe274e05fca5806c333172d236dd7e3

      SHA256

      a81c5c4de7353cc1312a88ceb28a5ab7936cdc4b9848cd851c3941027ad693a7

      SHA512

      46666993469a3373e2202f0cc856d36d8be56ac3d188857f5e15774d8a7b7dd487556ce5a8bef093cbb1e69381fc22ae309dd4904e3b4da369b059e3ab31839b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      edbe64e604d78a43812e3d566cecba82

      SHA1

      028020761f578d0ad2ead33c464fbaf5d8a2dafc

      SHA256

      8ab78da8a7f854edd7c32b96fd3c8d77aef7221073263b4a16ff4c78069329a6

      SHA512

      67c6baf9e9caf0a2472a3d10e8fb5bc799b1a7d2b25e70148a4010fc9baadeff5c5d07481c5897b49a26c1901ed4fd63b927bae621fc0fbcd737670fa2c36e8d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      828c845f168d2ae20aef6f0f5892c19a

      SHA1

      c092b6170aeff7708965fb7f31add5e77f26e82a

      SHA256

      e248ecf1daa2950a5530e85e4190eaab168d03c1eb52a4cdd97e2d55e79106df

      SHA512

      760ea5348cb2b54c417244807fe2725fdc93f3a12c954c9727098706f381b3e4bd0d87a8f60e86291ae9ba0ff59cfc304c8e94dbb650667c9d9f5f359544a631

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ea3b6e08dc29e7ac4cfc2badb75be93b

      SHA1

      03890d1609233c613c762fb47790b80348065fde

      SHA256

      5851059d093b9eb7c03f24d0bcc0419923b7cf7a3cae564270ff5657975849ea

      SHA512

      2b2021393cdeba3f244b64cafc2811e02ac79874665ca3393a33585014ad82c5f59cc50a203155b409e5cf68d4a7b95f91ae3b6edd2dbf83e5bcc295c943dbcd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8cff5a1e0d2c930412caff00681afefe

      SHA1

      0f58f5accf229bd8c2424f636afe5f69e3854509

      SHA256

      661efa212d7d4fc8fd611c05f3c9762e65df111fa07ba77fa7992e31faff16fc

      SHA512

      1d971eb58f28151b61bbc7315f19a2960b14a39f5dfbb3d0d47dfcc73930e7e19cf8ce45e87c46a72ce0afda1e75f9f79e273d00ee7b3a68fe783f8578ae6aea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      897824645947da8c4f0595e480979612

      SHA1

      8bf010ad9ef9a67c5891bc47337abcb672a5b909

      SHA256

      0f91f1a774641d99873edf588bedede53b05778e15c48bb98d523dcdb13b2c91

      SHA512

      60a4622e55d906f57a301a90bd5e3bad2244d3770f5f4463dd3b5555ceedd5a327729c9d628aedc44f6dee03c289d56aa8fa71c6028a896fe11fe1a71d1dcf09

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      caa02b604c43bf49ee578ce73e6d3033

      SHA1

      89111a9162d82a5023184243f692db620e5176dd

      SHA256

      272fb4e36be89012f7f07ee691c437abd4efd402c6f40ba686f03c1be1b87303

      SHA512

      ef221ff3810b0ad40ef214d2fb81c37d0266a06585b206c978d120c868d5f5cb75a32e207834e518b46c2d8c025f24b7ca52333952ecabc757827473bbe06de1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cfe3ecaaeb8d1251e82ec05676ff6d26

      SHA1

      4d32bf603179587b197604d941a130992a91f463

      SHA256

      c9a42fa277e7061edbf7de7623f17ae7b717ed585ffa7da5ce7192939d00ae3c

      SHA512

      75633c174994096837e24944b71a6fe06d1f7d400a60f3f300716eb916e4f280409352465eff3d87662dd4eb83d336b8a4b4e8851e45a5ce957781d5030dcf56

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      20a22a646b7ba98c4a36e9186fd47aa8

      SHA1

      7284c5fa6e705df7f0518ba7fbd1d11cd3ccdff0

      SHA256

      57769c2f37d3bf41f838bd0d4ee30f5bd7f3de3be37891e023e9eb4b1a303e90

      SHA512

      451428837fa778cce999f0da02df1bd621fb9342ecb6f3432138658fa4a91ca3874333640d47514a22a0808d20325be7a39edb2470ba73f58b1bfaa945ce4e1e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a7ad896fd30d70fe525df6c38a4bc357

      SHA1

      9a60f10eae60c1f25fef116dcb261fe8059095ba

      SHA256

      88fa0a3a8afdd28c3da337a3bcc8a787c9ab4ef1042756774bf3156d4fa0f38a

      SHA512

      0638bdf62d50abe8fdb1efe393c820ede25ceb78c9b1bb24e745e49e2943777b3810414017278662ba8fe952cf46a9c5f7cf353be9981095c6dcb93a4288140b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3a078681bd205172ab612d8dceae2721

      SHA1

      69d3edc28cd7f0d57989e6df6f7bb12b0d2d8af3

      SHA256

      ccdc67a5fc24e0b8e491828b2a03c835cc3d493bc3807f7b6aaa59996e86dffe

      SHA512

      8130f9e450cb381491673ced4527afc8ad44be6ec2b2e38c26709810c0fe8a0b32f897122c2b67ed5515ea3f6f4e732bd30b6476475ee37123d29f42113f4fda

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      19a83fa5c81d079ae64df0c7742b4567

      SHA1

      7849e4f4b70b32a4780f7d009c706fe1bbeb477b

      SHA256

      00b982a484f29d8469662b897a49aa69477be05d468fe8a2b078331f0a759e5b

      SHA512

      c326f945b9430d80ba1e274f2cda953387f0140ba8c0a52727f79edd51d241e1cf9b7fc8dde9fc61bc582c591fcdfcce2bc92628036fc43a2ad0084b9fcb552e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d88884fbdf58e212c14b234358a11210

      SHA1

      4332475f165f786521c9821c822a47a2efd18b9c

      SHA256

      a37dd4bf1b824fe6fe50e3784fdbad772c585abd55b1ff85b945e688c4fab133

      SHA512

      073267770205a2716ea20a0c02c38f608069543e257d6dfd4fd47e4f7afe3e0ef13bca21ce3e9245ca410d8ebce4c80ba0620bbdd3ec0c7d01c3b3fd807619b7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8d5e640b745a33ea2d59c0a1f5a58237

      SHA1

      6bf437f823e98dfc5a0ed86c282c6b3cd827f40d

      SHA256

      f49fe3e3204af80957273af3b5f56deb1b78924d480acb74af335caa460386de

      SHA512

      90893cecb6215d59bf1a9f108fe6c9696d572ff3d45cffec21ff17fdef5f18ed22ec65eb2ec21016be855f953fa01b1efa9e7a6691f994b15aa6ab5ce42a875a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      897f61cad55303a92ba6b1bdb7d63592

      SHA1

      b84d9fa802dd16a3f47bfc3191249d2e98006e63

      SHA256

      582f27fdfeaa014748444f2d263374cabcba33288cdcfe00bf4e95ea86e4e986

      SHA512

      40684a25d6ea12addc732114e8c5f4b6bec406e20e465eb5bcd026a429e7303f7ca4ea3323b5bcf250c6f28453836fda179e3cf822b120e701c83683b0043724

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      acc5e79fe6f399733fba66840ebbf018

      SHA1

      af6dfdff678458932d1efe467932dc91aa35bd54

      SHA256

      cba089c7f8898249676adf88f103435903043a1d0225be93f87eaa5dadbb1056

      SHA512

      794a34de34ce109e720f4a538f579d0a20541663ebf534250e3f34bd4cdff5313a06a3b566f014abb0c65020408cc8e8a0ca535e2cde0eb79289f628b8a62345

    • C:\Users\Admin\AppData\Local\Temp\Cab712D.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar71DC.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2232-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2232-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2232-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2524-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2524-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2524-17-0x00000000003C0000-0x00000000003C1000-memory.dmp

      Filesize

      4KB