Analysis

  • max time kernel
    128s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 16:12

General

  • Target

    fc3d590ca2815bc36f0f39fcfd946e07_JaffaCakes118.html

  • Size

    157KB

  • MD5

    fc3d590ca2815bc36f0f39fcfd946e07

  • SHA1

    0ce0b3b4b6de893abed9c8b788c5d0a3f6911ae0

  • SHA256

    73baa6b0f0ef8992320a0b2f263c2dd55c97b37249338b78721523f403b34416

  • SHA512

    a0453c61c7458aa2a5bf076144fdb54f7741b1838224da3630d29561cd05baf167f8bf875303630197f58128e23385752cb6da574a015a4301d251f6ed00901a

  • SSDEEP

    3072:iNJcLje1DNryfkMY+BES09JXAnyrZalI+YQ:ibqEZOsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fc3d590ca2815bc36f0f39fcfd946e07_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:924
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3044
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:668677 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:876

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d42471dd93a95cac2195ed1d3944b0f4

      SHA1

      bcdb47d0b8bd2d485b06e0e8115524ffd5dc30d0

      SHA256

      23525623a56d8e019a2aa647765d15960ca161c9ed9e8c1800c8c526770efebd

      SHA512

      f55f3b6cced9ff6881766c624ac52f6cc77ec42c8bc98b9e8b99805ebaf239fd64a64f29945ad065951059d259da8f2ade6f2cc8da3ec9318da9efd2552be05a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f4e674350657d776b9f29ca8c3aca95d

      SHA1

      52cb92f545b981f28978de52d0fe8667b14e1feb

      SHA256

      231d6500edea6a0462e40d1c4bfa23e4245bae393fedb4cc0e17ae3309f097ad

      SHA512

      d4cbbfb28afd3a76967522e83e224d1e8ba87426ab431e5a4d10438853b43677cfe76f9412c095c1ca644466f1cd6115460d85f51e0b3518e7d59f19db6176c3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      708b6d3cfab6109d30862ef37a620ffe

      SHA1

      10b645d06fbce1eed3cef459cb58d3553e78967e

      SHA256

      b894ad330cceee75f621d111f6c5ed0e42a44adc823b5d5b64474d62e82cf38b

      SHA512

      5a82a824c6442d8037ddf9a21d2e8e8097f499592c09131d613f707bf97bbf9cd2e059dc0291a392cb064a95be130643db934f31db31a7e6cd44618934a1a7cc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      72a50c2f29baf428d3b69be965fed6b7

      SHA1

      824a66df4909ae288df8160b4ae9f31e35fe0745

      SHA256

      61b5c66620b6d02899eef3281d33af7782f0af6c5d2ebee781562a6043ef3a9a

      SHA512

      5102eb03be6ff8a7e634ad0f917ad76b6d35b7bd05857f0fef8127db2d4ed6413c448476c4aa272dd2e135b3d28005b3e78f5467d2bf36caa02ef80aa3a86d90

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f3dabbe8561e1279d2b5de08fc20b1f9

      SHA1

      75be2b8894e5b167608cdcb9ce15eb5ffce48252

      SHA256

      775f1d6b10a70939e37d0cb540390442dd62e942031474c33d6d78895cbd493b

      SHA512

      bde383c36bf10701a792df35e102d3d3f59449aa1f93a4fea082a871020148b1482b55367db079838ebeac9fc19aa41a6e5cba6d8420f9f013cb327e0fd713da

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9796c424c8577f8642a9cf7ca4053784

      SHA1

      11d9fb0678fed588f42ff3bf0cc42a5f93612e7f

      SHA256

      ef9e7639ec1f8b3e18e7f4f2f284943d4f6f33649ca73d419575e0bc84b2a83e

      SHA512

      f397ee4fdb06332b25b149951a2f3ec1ce5121c50dcee53793504b585ba6522e0ebe4c70b308be5fba27908a0d847da00c730a95627f5550f968c910d9338cba

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2e949e17a21ba255098f059572841167

      SHA1

      f2da8ff8f6e08e2ac87ef317eca0e4e831fbd704

      SHA256

      7db344b3f57c67e94eac542122d2c1c37faf72d63535d3a398a6508c071d1477

      SHA512

      5572a89ddec680a61d930e04124c9a5fa026b9dcbabcb7dfae61977d59a4034debf38a5b1f0c12a53b5faa8a16e1b7d6434ec29caf85f9b623cdb5732973eae1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4ac009352b148827864e51ee7efdf86f

      SHA1

      8be6359f6d937f6df64024221f8a12c90db5ce0a

      SHA256

      d9395012edcd7f4361d1859f87f14b744dfb3387b3a44b1f76b4ec4b0e07d807

      SHA512

      443df01379796ac8a53689c8619d409330dd3792b79edb36fead437c17b93087b42f42468ffe7cff0ed00da98ae6362a660aa307da94d0d458e625b71b201bce

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      31d29994b525764b254e945732cdefbe

      SHA1

      2244649321cd45e947f1dc78024a10d555bd84a3

      SHA256

      504afa1b883bbff50317573cd5f7daeb544b5069a8553d1b3de690a24e376cea

      SHA512

      69bea56f2f87efd9b5cd0e9fed34ef3fc6abdd3b959329e6148019d682c4d76c9af1b58f2e0c2fcaa3850adaa349ccb43eb8e5072ff9fc3b49c3acccd936ae7b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      24baffe5b74fba5ecd954584ed99ca59

      SHA1

      b05401ae72786e45b809b7e25e662b9fb65eec29

      SHA256

      a22715c214d27223c3ebbf2fad01c8c661f709989a5cfb8eaba08d6881f0901f

      SHA512

      3e5e819ed44297d97bc4854842c7ba4b9a36eef38a983ad5ee582419d103a403e6a134d1c38d28eb1048b1f5cba725d7b06ab79d11c6eb2eeec6799519296e4b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3fe39077c75d960ce396110136a32ddb

      SHA1

      0b8d65b48c387e119f99fa5f77c226d61e0db01b

      SHA256

      c2e2754625130fa35c3177bf622f7b10790b866875be8e93de56cb9d31d63dae

      SHA512

      adc7349a69d18b2a3a4660cab8ef3908f378e13e7134647c6f8417c2ac13cd6cd2e4a170a262e079c41411c225b2ca01902f2a8c56e67c4ced8b72737229853f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a93559ec2f1e8ef2d2b416cb7d638f5d

      SHA1

      ccf576b72193328ed01e086dab45ce2fa1abf5ae

      SHA256

      cf876bd2279eae6f31874770ea7117779641d2b6b3670e81fb8ebad271d6c7b4

      SHA512

      8e62e21fe5eecd704f75f3a52a6741c76d7730ffc21f8d8b1ab92fd35bc3f9e09cc8c6fa7645c3f8acc7d22efbe5e1811067016e756103c3e1fb87ce6693e74b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4a6ab68b160d3d705856dcc745a99b7e

      SHA1

      53d0e649fcc7eefc1ee29fa56dc9c8b8b6db2712

      SHA256

      2ce133da0c5470f9cf9abe093c33d3865a7ba21084e917a60c20f25e91c51acc

      SHA512

      6d91aebc754950ad286abe7fb2a9db0eb1e6b62899197919f044dff684d5ea07f7235d859d61798b9974564569df66762aa0808885fec6398084c1126a5beb14

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      10dc0230153cd16e7ebb509aec471d03

      SHA1

      703b1c729c6e8a53f010f2e3f8100060bf9b4388

      SHA256

      fcd030e1c95a7996f9c82632504e745691946aa0b8eedcaa93d708121260c09e

      SHA512

      d9ca98f05f89b8c6be9a4f413e93ac81819898ffddba803a53ac1843024187b54f54126a0f329d79e65523e2c1e183b803e14a2784b436850d955fe0987fe822

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c9ff26ca45c5bf1161825e7710a0c8cb

      SHA1

      d17677c8f02cf1bbf4e09b814277474c615e7e61

      SHA256

      693043960533c3d78bc8eb2e7306fb384bbf51758451b712d1a571bbd5bf1d4f

      SHA512

      b287f28c5359ee35fb90b3be58d15baf20a1425124603a2e9dc0871eb3cb28356459056d80edc88c34cada1d37f6c02b82fc885a2abdbcebe7f004a84158fc27

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fc15a77db26a66cda7512594a50d7d48

      SHA1

      ad26fdcc26bd6f0e8d614d97ef6acbba9fb7b320

      SHA256

      47ef5b8d742fc9e6c3a3624cea5d2f50a24bba10ab076f9c0a2756823f797ffd

      SHA512

      76027b7ad7436a6f2be49402b0c429269d9bed08b20fe0109b8e6fb58c3d44a65ed408cf6d19c6f0d11ede0a8ecee9fc0d7148c9a26e6bef14375fdc477a7e0b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dec17c01b58c7a4c24e327469754de99

      SHA1

      61722edd5945334f2a4b849b30d0b672ec5037d5

      SHA256

      532c697811411155a0f4b5f1560c188eeeda95b219b629250661cd28b7e2871f

      SHA512

      c81002a1bf6875e9c638da644d0ee59f90b56d4cf5ef8b438fa2d70a65a81ce912d94c931986d7f197438066354880a681e799c7e77a440ecc7e13af55f3b8e8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a4395ef856368f29a7009b7cb90ccaa6

      SHA1

      bf59344dc53f7da30cd9618cc9af4752fb816ce2

      SHA256

      1aa1af36a48dd079f6a8e45a6a2f51974a56e9489e10c936a7420abffe3b00f9

      SHA512

      d8d6a23f0d35186519119c3b862ca297c2dfe1fc2e38f0df4eab64cde3d343b7cf615faf4ab0308241f66721661c471f7c6d6e33f108ca1c94054ac17a80aaac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      18018c0720b697b989aa68f7a308a6ea

      SHA1

      2ee9b77de620d0ae8a80034a2beb22aa27d2dad3

      SHA256

      94fe19b0f3d7ad4b29be3a53b557c93745b6e522358b2a2131d55e698106e530

      SHA512

      4f98993585288280cf91cc1dba7f4ffb1361b176cdcccab99f11b8a9bb53bc77606cf4b7a5a75f426e021f6f022eb3e064c93faa420c9476052ddb2e59c831fd

    • C:\Users\Admin\AppData\Local\Temp\Cab74D2.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar7573.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/924-435-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/924-438-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/924-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3044-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3044-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3044-447-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB