Analysis

  • max time kernel
    133s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 10:18

General

  • Target

    fb23db71c26b7a7da8e2ce6bd2b11916_JaffaCakes118.html

  • Size

    156KB

  • MD5

    fb23db71c26b7a7da8e2ce6bd2b11916

  • SHA1

    63a0ae90ad31abb521909b65dcae7772efd58911

  • SHA256

    1f3e60ad2fc82b8c028a5ee15fcecacbe7d19dab8151d7f543743b24d08f3352

  • SHA512

    1abaad730e75b14c8b6e6f7572d699a1c5a280c3f6f6bc18911980970b1aa13f14bf026aef7bb57c59f05fb68af380ef3c921b6c25c77e50229a732ce2573292

  • SSDEEP

    1536:isRT3MhZU5jX72yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:iuJ5jX72yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fb23db71c26b7a7da8e2ce6bd2b11916_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:536
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1052
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:884
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:406543 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2404

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e8623a36351a97e12eda43e3a97e4540

      SHA1

      e58980aa1196decb98987c462f01cfdbe67e2f82

      SHA256

      9cfd1d334d0a647fe1084d5450da66f2f0720feb2fea9298f17473b7b7b6417a

      SHA512

      5e42bc701139f5edb53c81e200db08a2eb816ade6e6a7aa386c569af949891afbec119f0d8c0d195b5bc1bfbb4300bdba8adc5100a3b9f1b36c891bf59addc16

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0b1942af1a3c8213a3e007bf1ee3bc12

      SHA1

      89b96e6c88e6162ccfa67ec80e962ef213176924

      SHA256

      4437f5c80c06bbbaf699f979de356f24a18232df16ce6b58132ef30ecc42c19e

      SHA512

      ba7a3f4631b7d8246c303799f0447a9d10ca9d2804c42f55423f801b5f986dd9c29211e318fa4587aa10e1b26a2f1108aaf80da17227eeddb77bed8a20620f12

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9382667e7ebf6f792d726ca5c9ddf910

      SHA1

      878f9683763223efe496f5b1d39f2e8676813da1

      SHA256

      b251f7bb256df5311ee459e4a183c3756abf443c318035a6b32c43423e39296b

      SHA512

      cf320613c2ac5b4e3880eb33f96981702143c86a0bd0e38315a61ac743b9a643f514ed7eb5600ddc435567bf0453f6d60260f6935f59e1582c68981f24f02579

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      826058dc1712449f4efe52ff7ca2d886

      SHA1

      2c71251a53bb88ff231e870be72c695dbe835a39

      SHA256

      3b838bd7fb6adeee53b72dcfabaceffa538424dafa0e47592a33d5469605dea5

      SHA512

      5a15cbd19fd39552795402a18c0de106a1551e2b3760ba46231560482f724375d3498b23fa83edb8d04008fa8fd64c0bdb72993b1e53bd7b51b71d8c462b8c0d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cf6a8706cfdaf99cf9d2931c8fd9cc7c

      SHA1

      c3fbf20104a77551a73e86515368235b46c7a5d7

      SHA256

      20ea1cd08f8b43ec29d79d5b9cfacf764cc1edb25c532bf3a7aad711d29744c7

      SHA512

      eb6cf22c33cda1b3fe8843df22240926b3c51b480dc453755ddd4f7c112873995dbb570ce4f749e6a8f9cd24ab5c2497fa7e38ec3f6c1a41361c6d743cbfcb73

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fcb8c947eebf44fd1932fc5db2317fb8

      SHA1

      872af8b711cb13fe3cea7508afd0b4068664789e

      SHA256

      fe1042aad6779793f830ea26c286e3632fe030ab089ece7cde791e0d07073242

      SHA512

      f0fec29b963935fdf17af7e545b2d98815fb218cba41c2dbe1de69135756020f373f9a294c29a0595cdbdc7fe32c521bd434b721e10d5ba6c1b8f03a20e8c667

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      09509707eafee4aaa96e63e75895a3ba

      SHA1

      90ead6bb4dcd303ccbd81610ca4f03cb54aa1288

      SHA256

      e266ad9237c1322b4c7410ff80cab85bc76cd7f67d676f162403d2f0a91386ae

      SHA512

      d775d33e76f3148924c4c79469ace15fe65e9f741da99c86b852679b38aa7c7a74518f4bf093668c51cba902f0d6349b35bbad93ca6641e9ee0c3ffdd41d4dfa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      227c72a866c3f7fb6ea446803112722a

      SHA1

      a564d1408b6fab305d42c24c76c7c414a18ff2a2

      SHA256

      ffc0641b4380489501c262cc64e88e23f4eccdbcf2104129a259c51a4e189d79

      SHA512

      4cae92a617b56e3626b4ce0bbdbca9014309fdc22312d58324085538ea735e45a0eb4936b5a066fe33d8500b7a06721312477dc93ac4fd485d0d220ba2eff257

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6627b1446f0c4b414c7d94155b762fea

      SHA1

      7ea3b6a7ae587e1bbd46badf61c3a024bb2bce3e

      SHA256

      c86309fc919a9938953c7d043df63a186713bb02cee4adb9c14273a0a353e6f3

      SHA512

      7db5b4df485dc06d09b321582297e310d13612fd784bbadacb2accb9bd521110a5f1e9fa9a677dfc31fd4f5445bae3f282fb05d1ebbc68650aac5a320ad93aea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      94ba2e08b06fd45108cf719664ac769d

      SHA1

      0291bb9a7d2d49ac0c839591fdd1db0acb02f892

      SHA256

      6301fa2243c2e040ac0f5cf1faa8723e0dbf49011928ad81553918eccd894faa

      SHA512

      329fad0bbb59b7a0e18473954ddcd8074f02c76e231d35d21ab1f16c369836d41b2a2d6fc14fe0a10ff69752b6ad2303b5bd50b5e6afbbe75c1baa2ac1946d2a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      454b62eb0abefac41f8166b0dd13ab68

      SHA1

      0751263104c18251013285d0f4a8f85d667f4d38

      SHA256

      02797af60f30a76ad1e3b82a03525e0a3c2973c258f6b81428e655f06dc24a40

      SHA512

      e23f69d15ec87569d13de0956b4adfecb1efa861bf401df644e9ea28d02fb6df34feeb5170f942cb27ad6a47099f9e2ed454c20959a77e2855ef553021145bcf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b70a3c5368b6fc13a24244d5f2220685

      SHA1

      d9f510aaa1f76f25d00daa0ab97e0af223890235

      SHA256

      25632e5a583ee2f445a6ff0f170a701c1f7924b02a7ddd9667d1764a7d976818

      SHA512

      9c8a06a71106afc25bbd8c88448f7df6c34fe288203b1bb29010c3afffa2c0bb097ffb0209246348538a2fa9b15ad0a66e66978c6d2dd0c721e288a3878c70f6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d816adaf36771a6cacf344f58ca33f98

      SHA1

      b3b9dffed2681a95fe6bd62b8cc336e79e83ee80

      SHA256

      aa948d34631e501bc613a237e17ec5dfba67101a63f3b6fbc1f3ea2d9abb4285

      SHA512

      024132e1d38a12a77483499e23d5985c706e308f2f374ec1ec2ea3dfd85b81ae86c9527dd9cc9dfc4f03b095de5c366ea12140816ff971446aa75d4e98787c2a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      aee58be7f2133d48b857e86c9377fbb0

      SHA1

      21bb5e526d66073812581904d9566a68f04ac9dd

      SHA256

      945697178847a1a1836c2addbad586163180b4523d90706711af259f0d0c6885

      SHA512

      40f32629e1667815db3acf10154ba86d07680ced2478c81171f1ccedc6d72a274a8c84f7448e3ceeccef6fee48f35e239c91eef553023c5993e3138ce071108a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      80e03486d504b7948d073251d25aba17

      SHA1

      dfce3000263a3d5f94402b68ffbd6470417cad60

      SHA256

      0306faa12dea9f7ea378eb5cb17b76a425f3846bd1600196e87f6c401e9998d0

      SHA512

      b1dabadcd2db10d6bb0de316f7b541453ada1998c8d69ced63bd8235b4ba701120c03e7fa561b3843ed678d8038c1a1ab4e122e49000fd2717d935ab0f6cab19

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      44ff86879fbda2972052182b09a93383

      SHA1

      61e6a2ddb042403932abf7115e8387028ecd0fdb

      SHA256

      4838f7ace898b40e48fefcae384f771cce816c99c567ad911cf823ffb96f8988

      SHA512

      fd38fd1a882c817b91cd53f4a53a805a483a7458922ef7707a33aa17ed305cc542fa80fce7033156cbd60215f8866449542521f3b56a027bd596d149c090851b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f3d36d001199fd359d91c42f71963790

      SHA1

      08bac94822fd2e6e8a2088ac7ecc330f2c8ac47e

      SHA256

      43b9f40917c61afe17a25af6987074d7dfa01a32f067c05c2e0bbc54881aea88

      SHA512

      d2e70947ee370c80248a17433a0bfcbfd7f7f9e00657a4da171251bd73acd869b319b697ed4be1377efe1330a5ad991e045dc2ea552c7f2c6c91bd39f66542ce

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      85d2ae25d1b695b44fb7d9f39b78b10d

      SHA1

      31cde89992bb1dd18a88d2420543c804ed81d10f

      SHA256

      1175d0bdac77e1e631f6dceb878d21c6fbaaa33a4538f1f2dd1f089573ba2ebb

      SHA512

      07f37c455a60d6c69ae0fb7dcb5765cc4bbfc601b547bea268466dfbb650decdd21dcdf8568336a5f4634c6156fcdcce1fe4004df8adb929d7418c7e978d114f

    • C:\Users\Admin\AppData\Local\Temp\CabCE97.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarCEF8.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/536-442-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

    • memory/536-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/536-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/536-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1052-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1052-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1052-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB