Analysis
-
max time kernel
124s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
18-12-2024 09:56
Static task
static1
Behavioral task
behavioral1
Sample
fb1130ca7f99ba7cfd0d7a204f84fb8b_JaffaCakes118.html
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
fb1130ca7f99ba7cfd0d7a204f84fb8b_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
fb1130ca7f99ba7cfd0d7a204f84fb8b_JaffaCakes118.html
-
Size
159KB
-
MD5
fb1130ca7f99ba7cfd0d7a204f84fb8b
-
SHA1
d71061390e86307b5a429d14b802648b213b774e
-
SHA256
2ea33e8703ac36e2196f6d7828ccec1145bb44f268e795994cac4f84f4d524e7
-
SHA512
91b1114e6fc7a4c7dc62aa2577c9ec0b7fc63e3194d3a669cfda4dbc5bd09cc396237b2b87495502b06984f157b6c6fe63b7752a3759ec518967b6fefa2df487
-
SSDEEP
1536:i8RTINHw0K4tIyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:i+uK4tIyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit family
-
resource yara_rule behavioral1/files/0x002d0000000194eb-430.dat upx behavioral1/memory/1924-450-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1924-448-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1924-445-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1924-444-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/960-437-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/960-434-0x0000000000400000-0x000000000042E000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5CB71CF1-BD26-11EF-AAD8-6AD5CEAA988B} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440677663" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2936 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2936 iexplore.exe 2936 iexplore.exe 2956 IEXPLORE.EXE 2956 IEXPLORE.EXE 2956 IEXPLORE.EXE 2956 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2936 wrote to memory of 2956 2936 iexplore.exe 30 PID 2936 wrote to memory of 2956 2936 iexplore.exe 30 PID 2936 wrote to memory of 2956 2936 iexplore.exe 30 PID 2936 wrote to memory of 2956 2936 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fb1130ca7f99ba7cfd0d7a204f84fb8b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2956 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵PID:960
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵PID:1924
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:752
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:603146 /prefetch:22⤵PID:2396
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58fd5740afe21fb7ab1a66aa482c12fa3
SHA14c127c35868aee6776d87ab2f81c0764a803d0de
SHA256dd50e1d6a561336866598afe0ec572d0800066ab1a44eecbe7330bbf8042a776
SHA512898db29150ac372cbf5e048f79fa16bc6ed03e0b48a55deab13c9968b46bf674ddff82ef3bf1d6f714a8508be6cc820f1af17c38807c40ce73f3a4cda48eb741
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5836e4d071c50bcca2688ae6b490d44
SHA1c6a5bf937e3c281de1d5f395baff67e72b5e5216
SHA2563191da01d40e2990a638142f9e807cf33f9831d74a829e7f406fff0fe06c3207
SHA512239acbc587eb3342a6750dbcc910376cf8bc94c325aa5fbf03dcd6fe65adf9be44e50953f940ca9c52479636261c28c975b8629eedf200685d92104778455479
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590360ce661d2e37cc0e494b8240a96b2
SHA1001412e4f0074ee6841b93858f2268844d4e18ad
SHA256f4eed968d925c4700b02d143509ec5d353dd06a19b1b270c2080ff22e4cdfd6f
SHA512ff952a57550341148aac6e11f9b0b813a59a26397e17d7a15d330a20b644336093bf9e6d7d71e356428e141d558e4a91c6059d8e2db04ce9efd98254e37a9bfc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ffa54d053dc5a3b8781577d1029d49b6
SHA15de7f478120da664f691fb36aade81e07aa0d783
SHA256cefb1949247c9eac056bd0106289363b96a43d2b1693b8b9b14d344baff7e887
SHA51207be3634a45150e5facb89ebdc6b04df5b752bb21055e0bc2d1b2f657239311c8517e84b2448524219d1f97218b4929ba597f62e6259194fd90d9422f5dc037b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c79ee63c5fd40564aa389b12272b0bae
SHA138bb46ea529ab623899fcc799fbaedeb2b8fb02c
SHA2564b2e5be545419bf1db3172b9e95d2f3b92cdea9423cdf2398b7fa43f4bf8f20d
SHA51236aa23d25476dee7e2868d21fa7c1e36bab65636a115a1d31f88d90b8d144a801ff8ab88bc4ccaf0f8cc8ce4101b7ec1382767532f6cfb0870943a4f9127e24d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e2ff633fd605f834ff74c735acff11a5
SHA102f8b110a80c11c072f9f6e708f7b9b1368c10d1
SHA2568e4db54ecc7741669d36d95759e1a7ef8fc6230861f876ee4ae22ddb0c1af95b
SHA5127fb2c0b1bc131f89a5b1410c51717a605febec06a4e94cfaafc20129ec314a36bf902b57f6829cea3b7dc7cdf3f677ad8ec393efd3bed627654776a027d8c852
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d4fbeb0c016453f6595a1bcebb18bef
SHA1e34ea7f0c9f37349d2d2ca0c7ab888456026e634
SHA256bc82341b872a95d605f2214dbf949de5fd215910d766b44457043e17eb65213d
SHA512cfae48b7deaab4b39967d50cfac4c015ea1ef20e9af0ba5837ff4ba8baf09590d471d9b44687a00a0561bbdc559ae9b521c1e4f80b76158bfe04fa75a1efc0dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d23de078116debf68fcc028ac9fb83ed
SHA16fef4fafbfd6db470f89d4a30e07f713b5e0478b
SHA256ee5e076ecfed716683c33cf4902015a516357e668663e9bacc81955a616b613b
SHA51285dd3afd49ff1a6e6851b615eb380db6394c57a9fd7f7799deef3359db16c306b0d96018464c57ece556ee0f775dbe9f3b166815ce94766b1d4333c9a474205e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584257ae4d39f5b6e22382e9480d85306
SHA1dbbf41ef5c5795800cd7dfeb648e776e8cff4b00
SHA2567992b0fafc27ac01b44537d64872a88ea4c552d78d7c8e6a7e676625c76bffb9
SHA512d7d893ae44bf1caf534d6f26227797cbe17c3f8c12876341ec60a3bf1c92d13f1c216ea27e9e5a5ce4fae8ff730b0df1304ba127b93bac33bdfe5a5ac73c89be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56310e58ad3d23b06ef850f5f9a9a1ae7
SHA11f93ed64bf8f460c4c6346879941f0e25d9ac7cf
SHA256e7fd933d06b3fc330c623238ec2fbdb420f5233b50a9d546dcb24adddb8c9e97
SHA512ef82cc003d059431ca6cae3b23580a1b60a83bc24ad82ea177af30ffed20e70929a3473eee4ed3c08c82ec103f182bcc58f52350b4e99f125dd20bac50f25265
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5937124b5e7cb7159fb6ca867a139f9c2
SHA151a40a2c19e2ae817d1576db51c64603cea06fc2
SHA256ef60eec493d42a8dbc113e22bff1f5986f6770f92a250c7dffc6f3f090916b42
SHA51288939eca5101709dbbaba84bc49777622ea6c9b72337cbab8e77377039e585c766af3f065be859a0e60161a1f0e2cd1d6aaab17e4ca4739705f14d3e7dc53658
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7a2fb354ad7b6fced4c673537758bb8
SHA121c4b092b551cc4237ac2d850104f3e993d45c4d
SHA256de6c8eade772510fbbc30e56dd0bdd084baeb36f486758fac7a31e6e1d11b219
SHA512ca9c7698670ca757183553b630b4deaefb5ec1e05fac9baecc616fa734c75bcb737a3da884d1fb5d96fcdc8e21baaa2710b3fb930735c1f8fc40d12fb8273e20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ba02dc5244d50e961c0e29c588da36f5
SHA1c93030a95711e404c6538539cdaf4192163aa1e5
SHA2568ce00fd1863a2ec2bc5269b67b826247bcfcfba01777439c4079843beb5f41be
SHA512fc1eedb91eabaf3ac450810e71e7bcf4c938b9a0dc48493d0540cd8f15c939e0cb8c3e530c7a315eabd2984d30d6f16245594783eae2bab2c58f12cc773e80b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52fd7753f0de51502a04c7ce249c0600f
SHA1f547bde9b72cd6e0d6e3ded9f9024acd70b2c1b4
SHA2568d82a6a8b2a51be4210fe7922a053c893e0a0a2420b362b4c77fa3daca84b74a
SHA512a2625c4ec08a09fa23ff5b315ca37614e0fec1aa512cec860d3f44374847292e593530ceb03d64f68b915e3966aede1de2771d2b7e825783e56244409f46484a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56deeb92c5cb052b3b091a8b7d84ee13b
SHA1abcb64e4d50f78ac18594e36a8f2ced13972a846
SHA256ce43a342020b9697280777f01bb4eec03aed5c67176c7e14a3b60754e7f02b21
SHA5128aee5d202c82f923d87e4af667945af9e45152fac07aa734812958cab347dba0d70d724fd1fe3531a4f8d997a2a92f6ec128f83b00f8d59d34d19c898db1071c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a3863fd2eb0c9a10020a90497583708
SHA14ddce138f3242f3cfc1398745a169704dd64c57e
SHA256091fe23775cfa887fa944c478eac1b5ed4dc2a29fdf293b1bbca56541d9b9fdb
SHA5125489ff2ea61f1f5092a55bf6c4647e702ca2e65281e101663ee68dc5db4b70de412bdb0fcbd1b69a844fd67ed79b2b2064f495c7dcf22f6213278a75d839bbf0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bae5d9b27fbd3ae7a544a155de9b3151
SHA1a0365014fb4c4962b19ea53b1813fa23e96059b6
SHA256fd47d63133fc4bb977ee200ba2cd726b2c79d71f4a5a13d2555f27a9b79d8510
SHA512797b61bd302d0d54e8488c8299ec835bfbada795e61e71d15b834662e0ce15ce496f937df85c240548838917f99b7e759c89e32c8fea68dd7a426f0e541ff303
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b39bde315de48482991531d02d20d83
SHA1af70f62010e4aa4e8eb6e260813827230219c051
SHA25654f38027068826e51879eaf55a69416525b05741962118ddcf3ec14c9e5a9692
SHA512d45e1f417e8bb0661e89c6ebc4d9db3506fd2828e1465769b0dbbb4028d96aa6ce4dbc5afd02151b76c0b41f3cd551c80913f0517216df62d58f78d293995a46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a5e61fe95c0fca73fe514640d9c792f
SHA10e08a48cbb94b928178003e4d65a9215d4534f2d
SHA2563a26df53572e3f1db9f80348767653162b707e6aa4879de0c00f52b0b96e4e69
SHA51274fe4b85d4f46f45ec4226ecac5914857a6f0ad6fc85bf862c41d192bfd81f0a90a1dc7eb3e6c2f93511c9d19d7054df58a1eeb76c29061a16cc23a250cdea0a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a