Overview

overview

10

Static

static

3

JaffaCakes...23.dll

windows7-x64

10

JaffaCakes...23.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2024 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_029cbc64802dae15d6ded5e295a7e323.dll

  • Size

    359KB

  • MD5

    029cbc64802dae15d6ded5e295a7e323

  • SHA1

    d68e2006c01b08bc8f6cd9ee3d40077ab94959c1

  • SHA256

    0b696bbab11d388e64ac725eefaf902388c366d0e16e831adb7fa94df04578b5

  • SHA512

    8dbbbc50725909108b199b9e4ef996b68c8e2ccc3caaa85bacb71fd7f4c3934268e045d9b13eccb36bdceda4c802a1775aafea332f1096e1de8cf6e28caee450

  • SSDEEP

    3072:EOBOLWXivHYMzv2HvP5YeBTEEP2831Vr/rF8QOSta7WeKwkB5fK4MmC896KA3wc+:EOp8HpzdQOStKpkB5fMZ2lJ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_029cbc64802dae15d6ded5e295a7e323.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_029cbc64802dae15d6ded5e295a7e323.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2452
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1440
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2204
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3068
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2416
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7536d1d5b7fc4721c461b13ff4472d9f

    SHA1

    59da63a4c3620d10612d272f206624b285c976f1

    SHA256

    0fca9732d5650e6ee2985d625da92a02168b0a04214eed1d65b9356d0e5b4652

    SHA512

    67f5f665d051ce896356c267e11b5ffbdc583f98150c6ac3f022b15886b869f83c4e94d0733033c68b387c86307cd9d3dc7a371a872f9bbd981d66a74326048f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec0c271dd7ce76473651b5a2af3da874

    SHA1

    24c0d685b12e3c5750c46d60c7af7fc6061d69ce

    SHA256

    9fa5e6a0b8f2149c209075d1b4a54edc39b2b583aeb971e02e1f57aca2efd6d2

    SHA512

    4a97af29a4d8ead096d5e7051f713e122e6ceec5ba11670083fef6a1cb373daf6904a7f9882c791e4aa726953d279cac1cab315c4a9875d17c4b8040b5c13f5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2b4203c22c3b7dcc9eb33d18f70d2b7

    SHA1

    30f1aab8800acaac0f9cfd1c9d1e00991d3b09b6

    SHA256

    805fba7aa45a279a72ad78d8884be2c54d011d2ea66133db29d15ad6d486f6cb

    SHA512

    784ba338fde0706238725900f984f253da973699b6ef3d590287e6a27bf23ab7856510b8c19c87a9b53bd96ee48e39d07af5eb941e7a3b048af18128e7975a36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c15f8bbad5de23d69afafd9dd451a2db

    SHA1

    13ced8ea33b48e1a40b49ccafec2ac72aded4f91

    SHA256

    2b728a1133192fbb3c006790060f7b5a5e7d078023d1c0111b35f157e55a7bc5

    SHA512

    ab1d1cf340e8be05d0499eea9ab9576830bd91c190f6abc150d738ad452590a94cb262dc9991ec589b3194c2a35b1cd71817d4ace9095e1ab0bb5015820ab4ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e6061082efda43d4d89f5f3429aa17b

    SHA1

    54f116477c75ff81d10f455d8ff7ab1970cbfbe6

    SHA256

    642a330cb7fc50dbb9c97aef776dec0c81ae5e0424721c771b030f775f85032a

    SHA512

    4557cfa52cba419c170fd26cede978ffb5039b39426f0e165bbea5378b2ab0c9ebcc8d06ab8a2086e93a805ef6be83a301b71f199233ca57b5e8e4f0be2eb42a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e973e3b7fdcb957503e6a801493c21b

    SHA1

    d00a1c2a5b54db47d46c0fb6b33877f318a4b790

    SHA256

    a05191ad6b667326bbcc4f0bc2b1082441b0b22e69a42a9b53fdeca46565220e

    SHA512

    c82281a50cd10cd612fff8fc6f495356297759e16e37f844addaa51546292a44f6bae5f04b26e56432ee668977c63a7a4ec07161791b26621b7231c17bece0a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f486632f15acb5befdb1df917456bfeb

    SHA1

    7ff0eedcc00a1a77833d1001ab04ab345d0d8aec

    SHA256

    57851d4d88b5e9b0f76ff5da96ae35431ed3acb674a442a139e3e624949bbab6

    SHA512

    b2a05e45a1ff829a4444dfef57263357a4e333f316ed21999254e54ca854d0a00da12db0792eb1dcdd5610135dd640225412968cdd11caacfd7960fc2baac6c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db80b400df751b8c8d8dc62f21e56195

    SHA1

    51d7aeeb7efa4babe86c406c22a50111c56772ed

    SHA256

    ae4eb2e18f0c9892d8f4099f19816b87c74696ff97055122e6b8d9bc77f08817

    SHA512

    3a43f4494b3ad3a83d5bf05ce642fa9e3290b5da947e1d16c94c6c595fe3dbefb6285c2c5ca56d7b5348e5b6fca43db18391e37ad4ce8a3a471939a58605a9c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a552fbaaf491b6bb9cebf889e41fc853

    SHA1

    6d1d00eb476561246dbfb847c257e145c564feb7

    SHA256

    479c8ce2bd4ba82f14d606f43cab5f1783570495272c44c308b645a7ecd27a70

    SHA512

    e8077b7e91450b2ceb05dd35a7cc41200a0a22ffb5bb758b6c9eedf54c838dd8a0a46514d51eaa5936142ac7090e74d4ba6dd36ea01f57a19237c8e1d45524f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4d3b13525658146191a5c44b2108771

    SHA1

    3833e22d1062f80e5e460bfbddb04680d0f12776

    SHA256

    8aa9b899d08c7d7d8c1897835de37d1845a6d466040a9b722bd4862c1b531a4e

    SHA512

    9f02abe833a66866d8aef5933b468bf57e8b952258b49b6c166dbd1fa40402a4ba93ddc3107fb0d75c412125c96ab0eb60eb89a05fedd52140a5a990659bedb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73898f767048ede649e2e6b8d1e91e58

    SHA1

    c5b4497b8666e79305adeb2a28f89814285ac6d0

    SHA256

    6785cb43b296e6a43d391795bb99f05f815f880c8e2348162a7f5398af525eff

    SHA512

    07b4359a79e4e3fc643572a5573c55728a2a92d53a6c459d97343c7cdc7a3625954a23481d03f23bb59700c7a1ab4512b88f6f92018bce2515917a1a23e3658a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3558AAB1-C727-11EF-B59A-E61828AB23DD}.dat
    Filesize

    5KB

    MD5

    228f552eae986d92d161aa51ad2a407c

    SHA1

    4129f35f5b784db9057bbc4c0e2be0e63bc6291e

    SHA256

    3cad31bf43ee59be5ade16c4e912196ea90da869a754c1ea01dbe45a763c74c2

    SHA512

    aae256645ba7cfc90c9d7ce8f40afde4f5cafbb30b3e4fbc68cc4caaf8dcf03c9766866b6999ca40340eb57fccfabc2ddafe4ae0ac9a359d4c96553d24ef050f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9C4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9D6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    260KB

    MD5

    38d0789db4ebd651202667a393edda52

    SHA1

    93345be068c4cee6f41f0dd01460161224e1290a

    SHA256

    1c90372a12e36fd370126700cf4e222f33044ca406e88925952a236147ceda61

    SHA512

    91431aaac4bcc3ab3f3d68f3da7a54e9b880f245a4e4ffb573351fd5d74c6894025c373c57eebff50ffccd3aa09d4416ed20bdf8d8e4c6c309746fd7940f4dd1

    Download Submit

  • memory/1440-17-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1440-22-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/1440-12-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/1440-18-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/1440-15-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1440-16-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/1440-14-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/1440-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-20-0x0000000001EC0000-0x0000000001F58000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2452-5-0x0000000007000000-0x000000000705C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2452-6-0x0000000001EC0000-0x0000000001F58000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2452-0-0x0000000007000000-0x000000000705C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2452-1-0x0000000007000000-0x000000000705C000-memory.dmp

    Filesize

    368KB

    Download