Analysis

  • max time kernel
    124s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 09:56

General

  • Target

    fb1130ca7f99ba7cfd0d7a204f84fb8b_JaffaCakes118.html

  • Size

    159KB

  • MD5

    fb1130ca7f99ba7cfd0d7a204f84fb8b

  • SHA1

    d71061390e86307b5a429d14b802648b213b774e

  • SHA256

    2ea33e8703ac36e2196f6d7828ccec1145bb44f268e795994cac4f84f4d524e7

  • SHA512

    91b1114e6fc7a4c7dc62aa2577c9ec0b7fc63e3194d3a669cfda4dbc5bd09cc396237b2b87495502b06984f157b6c6fe63b7752a3759ec518967b6fefa2df487

  • SSDEEP

    1536:i8RTINHw0K4tIyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:i+uK4tIyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fb1130ca7f99ba7cfd0d7a204f84fb8b_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2956
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
          PID:960
          • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
            "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
            4⤵
              PID:1924
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                5⤵
                  PID:752
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:603146 /prefetch:2
            2⤵
              PID:2396

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8fd5740afe21fb7ab1a66aa482c12fa3

            SHA1

            4c127c35868aee6776d87ab2f81c0764a803d0de

            SHA256

            dd50e1d6a561336866598afe0ec572d0800066ab1a44eecbe7330bbf8042a776

            SHA512

            898db29150ac372cbf5e048f79fa16bc6ed03e0b48a55deab13c9968b46bf674ddff82ef3bf1d6f714a8508be6cc820f1af17c38807c40ce73f3a4cda48eb741

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e5836e4d071c50bcca2688ae6b490d44

            SHA1

            c6a5bf937e3c281de1d5f395baff67e72b5e5216

            SHA256

            3191da01d40e2990a638142f9e807cf33f9831d74a829e7f406fff0fe06c3207

            SHA512

            239acbc587eb3342a6750dbcc910376cf8bc94c325aa5fbf03dcd6fe65adf9be44e50953f940ca9c52479636261c28c975b8629eedf200685d92104778455479

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            90360ce661d2e37cc0e494b8240a96b2

            SHA1

            001412e4f0074ee6841b93858f2268844d4e18ad

            SHA256

            f4eed968d925c4700b02d143509ec5d353dd06a19b1b270c2080ff22e4cdfd6f

            SHA512

            ff952a57550341148aac6e11f9b0b813a59a26397e17d7a15d330a20b644336093bf9e6d7d71e356428e141d558e4a91c6059d8e2db04ce9efd98254e37a9bfc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ffa54d053dc5a3b8781577d1029d49b6

            SHA1

            5de7f478120da664f691fb36aade81e07aa0d783

            SHA256

            cefb1949247c9eac056bd0106289363b96a43d2b1693b8b9b14d344baff7e887

            SHA512

            07be3634a45150e5facb89ebdc6b04df5b752bb21055e0bc2d1b2f657239311c8517e84b2448524219d1f97218b4929ba597f62e6259194fd90d9422f5dc037b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c79ee63c5fd40564aa389b12272b0bae

            SHA1

            38bb46ea529ab623899fcc799fbaedeb2b8fb02c

            SHA256

            4b2e5be545419bf1db3172b9e95d2f3b92cdea9423cdf2398b7fa43f4bf8f20d

            SHA512

            36aa23d25476dee7e2868d21fa7c1e36bab65636a115a1d31f88d90b8d144a801ff8ab88bc4ccaf0f8cc8ce4101b7ec1382767532f6cfb0870943a4f9127e24d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e2ff633fd605f834ff74c735acff11a5

            SHA1

            02f8b110a80c11c072f9f6e708f7b9b1368c10d1

            SHA256

            8e4db54ecc7741669d36d95759e1a7ef8fc6230861f876ee4ae22ddb0c1af95b

            SHA512

            7fb2c0b1bc131f89a5b1410c51717a605febec06a4e94cfaafc20129ec314a36bf902b57f6829cea3b7dc7cdf3f677ad8ec393efd3bed627654776a027d8c852

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6d4fbeb0c016453f6595a1bcebb18bef

            SHA1

            e34ea7f0c9f37349d2d2ca0c7ab888456026e634

            SHA256

            bc82341b872a95d605f2214dbf949de5fd215910d766b44457043e17eb65213d

            SHA512

            cfae48b7deaab4b39967d50cfac4c015ea1ef20e9af0ba5837ff4ba8baf09590d471d9b44687a00a0561bbdc559ae9b521c1e4f80b76158bfe04fa75a1efc0dd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d23de078116debf68fcc028ac9fb83ed

            SHA1

            6fef4fafbfd6db470f89d4a30e07f713b5e0478b

            SHA256

            ee5e076ecfed716683c33cf4902015a516357e668663e9bacc81955a616b613b

            SHA512

            85dd3afd49ff1a6e6851b615eb380db6394c57a9fd7f7799deef3359db16c306b0d96018464c57ece556ee0f775dbe9f3b166815ce94766b1d4333c9a474205e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            84257ae4d39f5b6e22382e9480d85306

            SHA1

            dbbf41ef5c5795800cd7dfeb648e776e8cff4b00

            SHA256

            7992b0fafc27ac01b44537d64872a88ea4c552d78d7c8e6a7e676625c76bffb9

            SHA512

            d7d893ae44bf1caf534d6f26227797cbe17c3f8c12876341ec60a3bf1c92d13f1c216ea27e9e5a5ce4fae8ff730b0df1304ba127b93bac33bdfe5a5ac73c89be

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6310e58ad3d23b06ef850f5f9a9a1ae7

            SHA1

            1f93ed64bf8f460c4c6346879941f0e25d9ac7cf

            SHA256

            e7fd933d06b3fc330c623238ec2fbdb420f5233b50a9d546dcb24adddb8c9e97

            SHA512

            ef82cc003d059431ca6cae3b23580a1b60a83bc24ad82ea177af30ffed20e70929a3473eee4ed3c08c82ec103f182bcc58f52350b4e99f125dd20bac50f25265

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            937124b5e7cb7159fb6ca867a139f9c2

            SHA1

            51a40a2c19e2ae817d1576db51c64603cea06fc2

            SHA256

            ef60eec493d42a8dbc113e22bff1f5986f6770f92a250c7dffc6f3f090916b42

            SHA512

            88939eca5101709dbbaba84bc49777622ea6c9b72337cbab8e77377039e585c766af3f065be859a0e60161a1f0e2cd1d6aaab17e4ca4739705f14d3e7dc53658

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c7a2fb354ad7b6fced4c673537758bb8

            SHA1

            21c4b092b551cc4237ac2d850104f3e993d45c4d

            SHA256

            de6c8eade772510fbbc30e56dd0bdd084baeb36f486758fac7a31e6e1d11b219

            SHA512

            ca9c7698670ca757183553b630b4deaefb5ec1e05fac9baecc616fa734c75bcb737a3da884d1fb5d96fcdc8e21baaa2710b3fb930735c1f8fc40d12fb8273e20

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ba02dc5244d50e961c0e29c588da36f5

            SHA1

            c93030a95711e404c6538539cdaf4192163aa1e5

            SHA256

            8ce00fd1863a2ec2bc5269b67b826247bcfcfba01777439c4079843beb5f41be

            SHA512

            fc1eedb91eabaf3ac450810e71e7bcf4c938b9a0dc48493d0540cd8f15c939e0cb8c3e530c7a315eabd2984d30d6f16245594783eae2bab2c58f12cc773e80b8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2fd7753f0de51502a04c7ce249c0600f

            SHA1

            f547bde9b72cd6e0d6e3ded9f9024acd70b2c1b4

            SHA256

            8d82a6a8b2a51be4210fe7922a053c893e0a0a2420b362b4c77fa3daca84b74a

            SHA512

            a2625c4ec08a09fa23ff5b315ca37614e0fec1aa512cec860d3f44374847292e593530ceb03d64f68b915e3966aede1de2771d2b7e825783e56244409f46484a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6deeb92c5cb052b3b091a8b7d84ee13b

            SHA1

            abcb64e4d50f78ac18594e36a8f2ced13972a846

            SHA256

            ce43a342020b9697280777f01bb4eec03aed5c67176c7e14a3b60754e7f02b21

            SHA512

            8aee5d202c82f923d87e4af667945af9e45152fac07aa734812958cab347dba0d70d724fd1fe3531a4f8d997a2a92f6ec128f83b00f8d59d34d19c898db1071c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7a3863fd2eb0c9a10020a90497583708

            SHA1

            4ddce138f3242f3cfc1398745a169704dd64c57e

            SHA256

            091fe23775cfa887fa944c478eac1b5ed4dc2a29fdf293b1bbca56541d9b9fdb

            SHA512

            5489ff2ea61f1f5092a55bf6c4647e702ca2e65281e101663ee68dc5db4b70de412bdb0fcbd1b69a844fd67ed79b2b2064f495c7dcf22f6213278a75d839bbf0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bae5d9b27fbd3ae7a544a155de9b3151

            SHA1

            a0365014fb4c4962b19ea53b1813fa23e96059b6

            SHA256

            fd47d63133fc4bb977ee200ba2cd726b2c79d71f4a5a13d2555f27a9b79d8510

            SHA512

            797b61bd302d0d54e8488c8299ec835bfbada795e61e71d15b834662e0ce15ce496f937df85c240548838917f99b7e759c89e32c8fea68dd7a426f0e541ff303

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6b39bde315de48482991531d02d20d83

            SHA1

            af70f62010e4aa4e8eb6e260813827230219c051

            SHA256

            54f38027068826e51879eaf55a69416525b05741962118ddcf3ec14c9e5a9692

            SHA512

            d45e1f417e8bb0661e89c6ebc4d9db3506fd2828e1465769b0dbbb4028d96aa6ce4dbc5afd02151b76c0b41f3cd551c80913f0517216df62d58f78d293995a46

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6a5e61fe95c0fca73fe514640d9c792f

            SHA1

            0e08a48cbb94b928178003e4d65a9215d4534f2d

            SHA256

            3a26df53572e3f1db9f80348767653162b707e6aa4879de0c00f52b0b96e4e69

            SHA512

            74fe4b85d4f46f45ec4226ecac5914857a6f0ad6fc85bf862c41d192bfd81f0a90a1dc7eb3e6c2f93511c9d19d7054df58a1eeb76c29061a16cc23a250cdea0a

          • C:\Users\Admin\AppData\Local\Temp\CabE062.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarE121.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/960-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/960-435-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/960-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1924-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1924-445-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1924-447-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/1924-448-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1924-450-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB