Overview

overview

10

Static

static

5

JaffaCakes...80.exe

windows7-x64

10

JaffaCakes...80.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2024 06:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_085cd072d918905d3d43580733bba080.exe

  • Size

    99KB

  • MD5

    085cd072d918905d3d43580733bba080

  • SHA1

    ada4c40e4d1fd2df3557deeda38eb994f1509986

  • SHA256

    900f3348c929b07191fc33f2cd0eff3a2ee5c6fa6d0ab2a4cbeb420565a26d1f

  • SHA512

    61c3b62d55b059396a634d8a4659a2c590d8a6c8f1b47dd0e039c7fce91faa4a53218ac1b30bb0816106ef353dc172c69d4a3eb3b2fa831bea1c6d6275baf898

  • SSDEEP

    1536:CmI0pGA9QFZOwv61HW1LItmK/+WLPPyKN7MWpqX4a7prh2ZVJUELyoERrKKlr:zIs9QBv2HWBImgyKN/4FAVJlz0rpl

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_085cd072d918905d3d43580733bba080.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_085cd072d918905d3d43580733bba080.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:464
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2548
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3060
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1852
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1852 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45e14827e037c3fb0d7b7ea44f959b97

    SHA1

    beaa9fd28eb04b2c59660eae21276afdcff52334

    SHA256

    dc91be27486133169a3338eb287a1ec738a34a6850a3eb0f3a4358ccfef2363f

    SHA512

    2eb9515b29f00e53272634716cfae8e85ef2fbf62cd0d3c32e08245739feb0c1fe556ee253f8ccf8954297721b5f8bf3d86d89f46b95b71a37a2fdad11820265

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdb88a6b1eb605061a2364e374217a78

    SHA1

    2b26aa09ee49703d6f922dc5943f6c7894e2dc9f

    SHA256

    281f26628852b1244e9af87bcfee42485f5e29b72962d54b418a04f9ec9ccbd5

    SHA512

    adc9196682889bc6a954142bef37c83af174709d83ac6b3ce59a041d453392f1dfdfdd6be2cb0c12805c9e41d5840dcc327219894ac7d2270378744b4bd91c6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f10547bd43fa51b1529a49c3a6e40eb1

    SHA1

    3a0b2733639dc551c65ab50952ecc043d0ea889d

    SHA256

    0d415e298c7afac90601b73b7988c4508228cca0f679d51b40a9b748e92f0380

    SHA512

    c317b9f420ff6f443e20badec497ffc89c162f79811c73d1d8748c82803acc458d3d2f1b76f9c6469b8248de46383531ae71a96fbbfb4d2756ae4d89831192cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11e665c854acfbd95aa162a9c685e957

    SHA1

    686036b16ce49ec4fe69a9aabcf5c74f3b7de8fa

    SHA256

    1444e1ab5ccbd0cf225fe1f672a37d08b4398c4e8c21f4fef04a1ca507967a97

    SHA512

    e0b100b6157f5ef2f39c45a41b0cf5e08cadd656d9038395874e7d9e108def8ee607fc651aeb056be7c26686f4e019f44d7728ab4a0e9869c7fe6cc89abcc77e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dcdeb1a4318365ed8caacb8fccb253bb

    SHA1

    30001d6c88af71e1a1a8a2038289df2bef1617c4

    SHA256

    06d0a489668d86a37faa12a191d821038e6c4b35457576806caea38ca0fae046

    SHA512

    dfa66b88da04f72ef7117bae0ccc351ff194c79325e6ea2dfb15ebe9e835cfc95bbe737220838a8a9dd6826afec09961e88facf90a050a73356b95a9f5e31f1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d62c0a0f840e651cd263d0a128fb618b

    SHA1

    5618cb8b3dd937763d63578aa9bc2ba038319ffa

    SHA256

    ff561c71c050bb09606ddff52a8d184072853eb210dc6c13f48ccb5b718c7131

    SHA512

    4160cd84e0fc3e0a106e81362ceb5611194fd41fdb5e9ba53fc7aef39be968e60697cce3ee59a2e258d471b11b150a958596fbe9597dc5df79c95892dbd227c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8aeaba7131eef524e0cba0554cd92bb1

    SHA1

    b5deb6bf94ee28a04a7f59d4dac82610957cb252

    SHA256

    7bc1353ba65184041808ca17e2bf495acc22496fef038d6df35551baac218fdb

    SHA512

    45cc970bdbf897c399c47a5f481f68eb6d9334b3894ca99d3591bc9cb279cfc0891bee60919d4809847beaeb5da9713ce5f6502fbf44d85f8d7174324c17c73a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5038d87a99bcff2c0ba3aae085bdb209

    SHA1

    39419b0e92dd20219a64badecaf6bc964ff733c8

    SHA256

    b1cf3d6820654ba09e4fbb0234020e23dfd6e16e730856f514e377b6f5eeef49

    SHA512

    a0ffd6843418c7e8c301e04eb5186fb81b212e339ee958216d1069ed551029b69f08dcdbb9931514760d8792274ff74d8783ca49bd17a9ec8ff3b7fdea7f153d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1001d3ba2992f18b393dbda47fcebecb

    SHA1

    a27680d415122960865ffb24b86596840a99f4a7

    SHA256

    3a80e555b0d9fcd27082bf55ecfd19ee0bb8bf22eb24ec5652449eb75083ff60

    SHA512

    5a80e0516cd2926a21e9f301130a47bfd56143982ba35cc3af630a69b79feb7210262b15eb1417ab450decbf78c80a08a5b00cc2c28249e710b491e62da9cfd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d97c1b1ed0629f63ce742dd4a20da46

    SHA1

    47236e547c7f0723359935addb1d1b86edc9d359

    SHA256

    97f3dc9de36261fc895fc7f8fd743997aba410e815ee0ff22b27affbc08ed10d

    SHA512

    ec118a8debae12520e6f2ccce7c5f3e4dbb07a74e3153b13e6893f94b5af5ea7d4148ad9f68fdf33bd2dd72d14bc0da3bc89cbc921fc36767bfdffe6c4a68416

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c98b8a1861af26e6b513bf409512a0d2

    SHA1

    ad54f22d6d6f95fe3d60412797e983146819c3d2

    SHA256

    5ee30729df229d72cf2cd9634e40d08c0df6c65c35dd9a44e072c55137271526

    SHA512

    d4c83c6c7f75d6021ee44d6c5a7af7f3b97dd325a745bf2c23b72c7a21cc055ea5b218575026107ea362b6ac3de70df5f066037f3af93defe756d495894a8a1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0494a927b8b824c9a2eeacbec056fb5e

    SHA1

    648b0483dc705803443a91298661420b98b78718

    SHA256

    3448a2bb7e8bc3cf6948dc6b2e35114939ba6c43f82200bc46d250bd98bed4a7

    SHA512

    c201be9caf9057094312339f17deca8a4b1a337f479a9961734a313ba90ff343c226b85d4b372c2cb28c822acac9e86151e1fde2f9a3892630519e108d22d235

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84605462823ea7def2bf55dbb9014721

    SHA1

    6254cde027d4818cf947109cfd533c80f566ee94

    SHA256

    1099075171c4c5379f7ab08eb93b809754dfa57a3f1c80811f329d12247bf2cd

    SHA512

    db65993f1d2f34a10669a9157b84b83c1b0998c09d3ca5fb69939d5a3d38638351b7d339a27a0095ee0926623226ab6a9a434382dd90750ad13d2cee010f8b7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75d1daf6fcf30f32baae50faf8353cd5

    SHA1

    f0be2841152c9a919a9a52398e1fcfa0740f7d38

    SHA256

    44f2a5eec95dc2b97d779d0b49dae708e4e18457f68a6d688fbbf564a11f4df2

    SHA512

    aabed8ce43e720adcd0bf5839fc9ed95630e78c19701e3ad6b81130cfcf73d406c439014c8f17159ca05163a1133b2a5c933bcea4f166dab3c0228c73da4c5d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59f881e638c2ef042a0608bf7d799251

    SHA1

    d977e3b0bc086307a9f99841521906491c0c4633

    SHA256

    80df4b176551397a2f087ad2a71911e42a7712d4ffb8640fd0c825cc58f234e7

    SHA512

    ebd1b55d0de206bb1a84e26f5f91363ea183088082f21055ee9f6d57a75e25324620cdb2cec9cd61bc20af004a481976971c62099ee8658bf2a5bd3c32e0e82a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a928dd8fa056c5d0394be1e3b0c5eb5

    SHA1

    c1396d157e0d2f5fbd05ad25bbbbfb8a2678a0de

    SHA256

    07162a4e120bb14782877c382bff735a03a5fd9e73ab093f3184e68c673e077d

    SHA512

    d200b1d00f8327ec480c99f0e5be922cabaf40aa9fca2df794a43536a4f0131b365f1943a812bf157f1d194e3e12ae541bd00577cb5be6842d1b43652be1df50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89f7b041799e3477421a0c4568a7fcb4

    SHA1

    6e647e4fc456e7e1762ebf73f32ad4b2b7df01cc

    SHA256

    4577c3f55c288198f58bade6aed32dc802764fcea6079f7ee3f0a92553abfb5a

    SHA512

    b0015bb624948a0dbea39a495e072a5995085966cb754ccd1d1adf783b82de23486f2a1efe162c86de1c7fb29784aecb8128da7a5b51eb43497fbcbc05ea0ca4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6441a55e850bdfd78884826cd9370092

    SHA1

    a5f3463930f41850a4c08b12ec629511706d278c

    SHA256

    5c0f1f7f36b9b2c0e63abe3dceef75c1120c472174a6fc487ce5edc2443fd673

    SHA512

    e700521aac552da42f7f9aad695bb7ab0766ffac3f2b35ca7d9a24917e3e7b6dc164bbbc95a05e156360e31dbcbfeeb39cc7f03df886c0ba933778b514fb9cfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    963d2722b7cee9b0289cbf345f58452c

    SHA1

    7ddf7bfe1e1a5c0bfa7109b4d07c04898f1608e8

    SHA256

    9f6ac609ad09cf7744f07d9ec2a00a07165e6b996ce20fcf664d1aaf97859c36

    SHA512

    04109b9787f38a106f1ccfa332c3c060feec2a0ae5032ea77fb54161f621c0343dc5b08ca040009ea96d5eabe2a3364f426f17b138ec59ddab1f2ef800ac1b2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f9ef0370256c126282007e877e83fce

    SHA1

    27ad00574b864f057b4639548073b0f48161f8b6

    SHA256

    fb0d2cb49f6a1ec8b4161dc240104f6011b3eb0d705e79c06d1cb8bceb321c1c

    SHA512

    9b8c08f3ee6e47954e5c0c31716bdaca5f9f51ac20ccaf624b0da63f6e191f9b8d610bc5b74f61e0548b61389ba843ee4545c474682972cd80f3b374db2effa8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc9574b08b920b18092308a424467372

    SHA1

    4181c8e2f8b7ed03aa416aefa80a82528dcf91f2

    SHA256

    bb508bf7b264b772858bb14ecfaeb0f2f09ff81d544ee1994a91d8c006a8fffe

    SHA512

    5ee6f7bbe276c27fc9ec346a057b8ae5f1c251839fdfc895467b3b8fc84eb17e3805b909354751ac1e968bd0626b8e751ac8d6956aa927c8bcfc8bfba11805e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1719cc85b09308084c05986cc41d352c

    SHA1

    2c9bf16e9ae036e5e631a5a0bfb89ab883b47a98

    SHA256

    689652505df90cbb4d88cb11076ca60f42d37e0c3590095416c26c5c0fac2dbc

    SHA512

    3e4b4d3d7953dfa9aa84b179d4b5204a448965cb9c1ba5c7eb6c180bf9b34534f453ae73d6bc7fcb08e2ca5871b2c4f3e5752c75eaa642e23bc335e071713efb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40dc4fa7c9f1c3c3359fbf5dfdffba54

    SHA1

    e22d8084e26c9d0eda45377bcf95fb9ca24d1731

    SHA256

    7365f7e03499a03a294ccb230755da0591f65e28a67cdf8d26aeb0907cdd285a

    SHA512

    429ee878e4be9c220b0ced4e04b19b363537e29ef226d144e9a03e3f060798079f07f6a23c62d501fcb4d42002b3a96e665eb8501b1c9e47174c205f930a6750

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34CAED21-C73F-11EF-B467-D2C9064578DD}.dat
    Filesize

    3KB

    MD5

    91255b0bb3617ac041a46085f6dc6b5a

    SHA1

    50e060c2a35425ae6c498665a0093862029c1505

    SHA256

    54488cfefa99b457f0cbe7431f014a3def5851348490fa17546bc30289397a1d

    SHA512

    6d99503f8a061bb1a7fff2a1d805c223aabc42a86b4874203f1237e4c39107685f796bbb1b255ec9582941fb4904c1614bc7842695ae6856d678ad1653690f7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34CB6251-C73F-11EF-B467-D2C9064578DD}.dat
    Filesize

    5KB

    MD5

    f86c5ebad633898860b8c5349bd887b1

    SHA1

    ecca8a8cd12040d37efe0a797801796744764214

    SHA256

    67fc9c648e5c5b239a02e97ce40d1f604da63ca7147211f659183c7028361def

    SHA512

    ce69bf9fd8940ac4ec4fd908eb5e885542edf278da958491f68aac83c13e58e1a08ca8bcf150a793a31a598ca6df37f7af2a674be8b54c63a8140b47ab38d181

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD33A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD417.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/464-2-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/464-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/464-0-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/464-3-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/464-4-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/464-6-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/464-5-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/464-10-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download