Analysis
-
max time kernel
131s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
18-12-2024 19:39
General
-
Target
fcdb556364d7542e7d28ad2c4d93ffc7_JaffaCakes118.html
-
Size
156KB
-
MD5
fcdb556364d7542e7d28ad2c4d93ffc7
-
SHA1
7c5ecfe3898338b0d78e166f3dfda01a363328f7
-
SHA256
ab7c165d045887025bd15f013d51aa31a5535c2a393e985db4ebae3192d03a06
-
SHA512
3cc8cfa17d9863aeecf94067898dd00ad53a5770a3507eb0c267e5384435b3f3a50049146aaabfb4d4d21c42b526675e808d04e68e81d223b4bc3192e259b82a
-
SSDEEP
1536:ivRTzIhzP6AZ2AyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:iBXAyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fcdb556364d7542e7d28ad2c4d93ffc7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:603146 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5f89509a945922c06378f9d0f03fa8da7
SHA17bf916ec3eba400423fdea8fa666140bc6343d84
SHA2567e15b0a5974ac86d68c7c4dfe1c1b33fa1fb020f823a6837edaecbaa9a12517e
SHA512f4209bf72b4a013794d9c17673b395d6d919698bd9456d77fa71e1053dc4c4eca1167d4b093797a3d73655374543b3c33616b1f38ddc76d70a4ef99151bc4393
-
Filesize
342B
MD584c234b86020372f6cf3c449e0dba596
SHA1c687f9d255d78d210e6d0e4850dd9a8aa9ed150b
SHA256e6e6d55c71918cc6f2516096ed766f6987868954d97cb419bce2f62c1e8b4a42
SHA5124af7b3490502691c993aa514f15b1a981528c89b5e7351d78499cfe53160b2ae05bdad185c1231c95c913c2cc7154b32de3e438e0fbd3f426e3a1a444c22514a
-
Filesize
342B
MD543f6154833ae7c083dbc588412e4c2ad
SHA1a8d745580db996201568dc16520f6a9022514e76
SHA2563f568d2d405d115927a059876de434d9b256b78ac36e51cae3173960622d2d54
SHA512bdf1e51f2a98400d3d01c7162a084fd7670146962caa63fd64d00b708cf10268bf4b80e4698653d236b3c59e9e72b58837a6bdf1795b9d8f887c6349e648b20c
-
Filesize
342B
MD5eb9c19429c24ecf9c478a3e1b891639f
SHA1904efa71a0f4a38741970b0c9c05c1ebfedd0604
SHA2569310ac959d134873571f6d0fea2a8195cfee015f83496a8d703642e0fedaa521
SHA5127b63595312a2eff3aefc5ed7929b87f45963b23ea3fd18acaa231a0f8a9fdfd11b8b68bc3e00991328d25832c4d1177545e4608634875ea8faa4a1b7153a4d0b
-
Filesize
342B
MD5de17776e7ee7697e2b2e0963efeb4f96
SHA1fd3ce7eb676b47733f80715b2c7f215a3b64d998
SHA256445791b9bd64251dd9a4ab61923c29ddd37b69bca8a0ddc4063a8d53a66f92b2
SHA512cc73b79737a77dccd07ff4600180e0a352262dc552464d22ab98498a316f0ccd7bfa6ef869d1904c20e4bb6ece8bc4906c0d948a649ee76809bcbb9d2592cd5c
-
Filesize
342B
MD5fb1b478023042a57d63143647d33eae3
SHA13c6b4dadab4939d85cadf6d2cfc7284e40bd6178
SHA256bffa34be7298229b3a5fa2135983b4a32aa7cfc9e4d35d3990ff4ac7072fbd8e
SHA512193b7a21915300ed059285414cffe3c55f328757d01a0ec1dd7980ae8c6862b9f3782d911fe7ccfedb98aaa9cbb81de0fb414491986a61b7e1ff64b7e67f2c76
-
Filesize
342B
MD5b6913aa651b549b84e29e07b06a7dbdb
SHA1932085188ca3d03e3999285b9096461cdfad0656
SHA2568e23ae8d38c02b3ae985619ebe9ae3a37a7b5d79c6627d6c6d64fb2892b00518
SHA512c5b1969c768bd95b3ce49a06a817a20bf5d13ae44ddcf34e583ea3d0f4c91442c55adce55ab8858c44042564696d45905b6fb4228c9f900ecfdc7277d2e4f289
-
Filesize
342B
MD5f9388bc90626eb3822cfa4c4f96e7d77
SHA1523d8f1ffb34ef454931ae270a3e2dc7deb847ac
SHA2564b02abbcf682ceca8b8435426b1b9f8d21139a7389d98166aec048f829a6e3de
SHA5129a7fd2b9d294c7c770b5621577cfc87e0afbcab3d148580e855a3224180d6dc8ce503a65135af9c99363b780df0ea3460393d0296ac4d459f107b9a5ff6e87f6
-
Filesize
342B
MD51bc8a888ceee1d15da8790fbc4431ead
SHA18d6de6a1c0cb355f3244f7a189c12907a2abf7fb
SHA256998497a0b68164cda40e316391fe57589ced504de73332ab61f01a73ded659c8
SHA512299708c746875b3cb13976f562b0a85f98ceb4f8d98bd4c0cc331c93f556b386482e0919ab808db4599bd3f3644cdebf319d3e901ad8bb5dcdfd3d361ebbf148
-
Filesize
342B
MD59671fbc971d8a4fed4fbc05120670215
SHA1063744b7d71b0a0432727c63bee4ead296f07075
SHA256f2fbfa9f14027d16ff71ef5fb9b0b457bc8f67bb06eef016b8535f8d6ba285c9
SHA51219b218469e7ce6941775bb4483a1a48374bc04f6f58d126396e621895a9451aaf764506cf9c3193cab59be46a7a5d68865ad9eccdb09339a9e64c8294bd2593b
-
Filesize
342B
MD555d0514e0b0611f32c1677ed5447fcf7
SHA1f949f36172ce046f68d5c3aa5e7a52986098331c
SHA256771937669c35719e2711e7b6a737926192320f0c1fee631fc3d22dd451a086fd
SHA5126e54293eef2b293f193023fb44a82ff47f087168ce46bb8b64639eec190afe28fdc7c74914bfd75e32a396c94a8e609dff1dbf910c7652bb262841c1befca4de
-
Filesize
342B
MD54e6f0a329367dba3d7c0b7f831d3b632
SHA1be2116f3f985b2d7bd14c883a04a5e821c660849
SHA2562d8bf160094a3cb851ad380c27026892dd610028489011e633cee3ae78feafe1
SHA5126165be477fc8c67f0dd44a3e2a1544ed72e68a60543d19991b14cbdeda0e7674880c578d921d7d0bb8bf2a43ddf6dea71b29fc6c88e60bda538a102b90131a30
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
60KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB