Analysis

  • max time kernel
    132s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 21:25

General

  • Target

    fd2e553acffad0fbcc2d14e9a6fd439a_JaffaCakes118.html

  • Size

    156KB

  • MD5

    fd2e553acffad0fbcc2d14e9a6fd439a

  • SHA1

    9e7c92564b9a7468cbc67354ef27ec76fb1fe8c2

  • SHA256

    b7c5dedc20f097c92d5528f1ecab247f126874774bb1cd15b88757a925532885

  • SHA512

    14fccc1a05c776ffb849068523a36487f56ed9e4e011104faf22559d5cea13a1aeaf104ae9bf506b574de36804341b03fbfd539149354c50a1ff6d3ea2fc0b07

  • SSDEEP

    1536:i4RTv7ErzcBT5yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:iyz5yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fd2e553acffad0fbcc2d14e9a6fd439a_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:932
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2624
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1572
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:472080 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2576

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6d450193f4762736c97594892a911361

      SHA1

      a0ef50053f802a40eb51f61e1dcdb4091ebcba25

      SHA256

      27f9ed2252407cce8529d979bf6e4375777efd647a903fb22ac1b7265d2c7c4c

      SHA512

      aa31b7d4966c28dfeef8c4c46c26dc487381cdb584a6a80063aa70965d2d00cad9b3d146a9982b1e8a9752182b9b94e1541182b49f0780e39c08c740da1f8638

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b167be1a35e6c4b4203fa9eb00c3c44f

      SHA1

      7212d38468e8874cdd3c7b953ebf1c114fc031cc

      SHA256

      5265309defe8b7c30fedef705cec59eda26bd93437db45d19d08a98289d3e62a

      SHA512

      9af66f75fe772d2b01020ed12df600e71ff8642c8bd7f6dcf342aa11752828f5e0508a5407aa3abb43351e26353d6b2ef06cf19ad2aaa0ca2a4acd3ea89587e1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f6a2f3825e9ca801965226ea912bab0d

      SHA1

      d23d7a80762041f9745a2977a9761957e251adb5

      SHA256

      8352b7e4d6cb46dcab862356170c9068cfa9a00a7b0c48d87155b38fb98bf350

      SHA512

      0d3f227513e3c568920ef323773ba4380e3a2925aeda485fca5619390ca826232359c3096da13d431c8f959e807ccc68d5bb016ebc123848b074a05bd596aff8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1a2802dd5c76ed4229622bb95d8a3064

      SHA1

      abb3879f792007cb44028c5e3cc2a4553b912f02

      SHA256

      09fea0f0416f5c84c9515ec2c65695343e8e12bb7af8bf582bcaff9858edc9ff

      SHA512

      b77f25a54153aefa3aca215d0c0f213aadd84927e62437328564e6c2ce2564ddea7204723e8387c3bcc490cbfe501037b348e9b92fb50a7f35406cdfc276f346

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8b227b524cbefce3096e5d9e96ee0b6e

      SHA1

      959a343377b18be5bb63e864cc26a576c7f37641

      SHA256

      25438ee7bc74cc9b50f235ad50b0b8cebe6d7a5084fe025e9f8d5fb2fa7a7ae0

      SHA512

      1bd8d4662cc9a312323a38da40338a8d26dece7cdc4953a6d6293af4a71acce9effd52f7853de11aa74f3351dbfadacac6f6494132d44b7b4aba65f54deca7ff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3906a3da1ab553cd0201afa63e48f4fa

      SHA1

      31515ad741017382d0e02a2f1d8b0871c2db81fc

      SHA256

      e2132b7f688788eafb27035df6f43ab293351fabd73b002ed7a8c174a8c50a80

      SHA512

      28b44f22b3fb5659c596a642f26385e0f7432f4ca9940f09d6e0e617a36d2483bea009798f14d4e6f2d06c3cac30e09b4672e8317e13c820a8517f361af0b986

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b02e1c9fce743725340a7d0a995dd737

      SHA1

      4f4a82c4006e292d94d7f36ebd9f5e6b31963652

      SHA256

      f544ba5288ad77d38c8e77a97caef5f8755dd5569222e365a7a00c5ecf5f8bcd

      SHA512

      14211264c5d55b78d5b5ee41b6b55064f4ffd93e7e548de2d711a1ca71f99c15e74bb639336cf1ea50cea2dd8a7aae2f6c8a5eaa648c54550d6173454f2a8740

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      90ced124758ad51112a2993bb9bb2aa3

      SHA1

      deb326ce74db0a9694f1834a741b710e93c1cdd7

      SHA256

      07ac2b9d6aa5869faee44266fa90e8d90adbd3599a9f8c7dc6ba86f752336983

      SHA512

      0142b2b5844b35d2f6523a5493fe34a579e68dc9741110f3f9b20a13ab9074b913e84112366944c163685ca785777c9af2a41c4fb3a1244e39aa3399742ba435

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1c12c5c360811c56655a6d96ecea93b2

      SHA1

      6eb0b41320b5f5e4c20d7f18acfe80dbe9a14e22

      SHA256

      9b029f722b7bd5a9981428345d6c74acd9183a865b71c3b5a44026807503a643

      SHA512

      e5ed2712bddba9c946ea31920609799fa75317fda1b7e81f7f136252c70d5b9d6ddd44480bf5c850525ff28c4e362060e4625b3f7ca0f100989c1030e73173a4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      953604869a1ca6aa358beac3160ce160

      SHA1

      e8a395f3db7027fcd8fe94539b992e0653b6532b

      SHA256

      d5084f48f9ecbc62129fa392d3245da4ce7ee268e1afa524583967b0f1bd70ed

      SHA512

      4deb2e917a5ebe042311e5cd53bb8e0ffad20ef0d5215ab7f30b3533d7b416e85e0373ce85fdd291514358850e09ba016ce9fe9004b0d5d33f15eef572a98fd0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2c952dfab411f0df1657f66ef52aa321

      SHA1

      7a719a951ea8e485b4cb404f292f664907881696

      SHA256

      79a756056117e07382a111109548d2ebab5f369f29b7645142794e616183a9b0

      SHA512

      c4d48e01e821dc6c2a3c203e93585b82c3f7522e26c5dd88543bc3968d2d1f0fa99895041a86992fd2f216feac798acfe9a090aec6f12f215995598910cfc0ef

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c3078f891ea2991ea79a7a6702ecd4ee

      SHA1

      7f0cfa14bbb74517cc8ac7cf09b954c07e37d206

      SHA256

      0531b57398b76424a5d9aef9015a0a25bd1b849ca5893e3f9b7c9c82ed9bf54f

      SHA512

      087a4ee4b87d1bc32e2cc1ee7f03dc3cfd1dfd977632fbdab846075af32b319124d9249feb28eb35a2fadb72dde03ba96d4fc8faab73809cae3529c6145c2779

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5bfa5cbaaf9aaa9e819e0b0a7cd07895

      SHA1

      063be51d072f26a4e93ecda28ca06b7b86008468

      SHA256

      6c2c3963d5df59e2cdecacf3eec6b9e03c412b4659de73550ea30ceb1b11fb13

      SHA512

      69fd48b90661bf5562f03390c565d305ddf15288c42b1eb5d88cdfe84d496bb26adae6929d0bcda4c9c4f1fe0cd68aa08a52f4edff7895e7660258580da2e64a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      84e07e2a0b7124f62ad6427dc840be1e

      SHA1

      9408ecd49f6a9fdc0a4dde6f7ac56e2117f43011

      SHA256

      f3c70cb027937cfa6d407b3c9af0ee4ec3b4445c55eeb5957eed4eae78b110c4

      SHA512

      c3f82332b9526d188d7791a2406073cd0b4c509bdd1bc1a15a97e315c7fba972588868cc4ab6d00353f66f69b8b2b14bc16adf7d3d9655be77b19caa09cbb72a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9d9512623c7601762478d993d6ee9082

      SHA1

      2c7900b9285de4e68c210ea5f04ddb36a9be0588

      SHA256

      a25c3dfa81c60dea61288c35e156e6d21bf8881edb4f4753f117b3520ce61b74

      SHA512

      f72fdd4d972e8add34cd2236d923139361b0c23c16a42251de1a9e87c91e13ca51d17c66e2fddfa3a964f741195a15d871237e02550c92c27a6fc00b06e7abff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      375c6c66c4a6ac4aeee31ea488d76952

      SHA1

      c91a190d3965f8d750011fa638122abf75443738

      SHA256

      2966d68b4601a8c173d4bfdf3ec70558a3b77ad2fb851f458b41863cee3b7c3b

      SHA512

      106557935ee1c3682dc1ae5b5b804c280a1ca25f7a23e98968c6c3d1391b462e4219d4c33f95883f551f9e209753b633ae7c6ae53b742824b2995ec06932c682

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f4da2f5aac719acb7ad691fe40febc70

      SHA1

      7c5f24b071790d524f946520a6b262f69b6f3346

      SHA256

      8671d4a7e3e778d92e6a976d70007ca1bdf46d8477a1b908d72fb0bc90146d1d

      SHA512

      f271bbd258635c83b3f184c5ffabf1aebd9207d7b9814215c34e7dfdea14018d9eb5ed9073094fcaf229e94ffabbdffc15e0fabf2158237cfc11d5b7c7d3b2c6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c94e40b9e3ab9949130b5ae983fd77d3

      SHA1

      04d4b6c082dcfa38428be04d64c1530ec2f347ed

      SHA256

      954ee903babca77d5d40215dc8e85dc5c713320afb30ad29eb36c4eadd57dbf3

      SHA512

      bef1246548679cde7f31a33dc140f73ba98978994ed02a2fad89038f275d5520e1cb950339b40f81900d0dd8ebb2a0362daa145e7e5295c6708490120df09d87

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      87c99ed05acbd0af59e01df85be6b6c7

      SHA1

      5b729a24795a2abab4753649ecfed4348d01230c

      SHA256

      2c797cd4a09f8dedeef9ee5a56a6f24a303d15b55c6881ac8367920bb9c192af

      SHA512

      ae66729ca2d1df10893779d9b4f46cf28fc7ae52a474733dfbbedbeac8dab0c6314761545e931a5320935b345c279a1a76721402467557a8f31e4ef94c2041f2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      737afd58f8cf208d8271a17183a02828

      SHA1

      601a93a77ef0e4f743aa8549f57763a53991c334

      SHA256

      1bc704109ddd843534599506c36a09889304cc69b867870e6046a9e4a5b7fea0

      SHA512

      8daf8e6928364119df4c67907a4760ae22b5e0f1adde146a931ecbc4ea4a6cb12bafa5780da98910d0f7fbbe9c9d62a3a9299bb43834d9b3cbaf350b57148cc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d54fc66d9fbf76b071d5bb218f3e5adb

      SHA1

      5de602f5f41ce3363801108fb943e462827424f5

      SHA256

      ec3c403be0ee4e2bf3cf699a47d84c58cc29d26a11460719ea73f6ce21707807

      SHA512

      a1fc134df637b0f4807aa608c6159d55cd3ec4fafdf46149d4ccd2930918c57f4d431e0166aadfad7f25f8eeb928388e496852a4d0e85e772a87ed5f0b35f357

    • C:\Users\Admin\AppData\Local\Temp\Cab1EB8.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar1F77.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/932-435-0x0000000000240000-0x000000000024F000-memory.dmp

      Filesize

      60KB

    • memory/932-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/932-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2624-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2624-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2624-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2624-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB