Overview

overview

10

Static

static

3

JaffaCakes...b6.exe

windows7-x64

10

JaffaCakes...b6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2024 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_08d77f3e3666bb7079c2262145f782b6.exe

  • Size

    236KB

  • MD5

    08d77f3e3666bb7079c2262145f782b6

  • SHA1

    9394ec98a13a5172d68bae96dadba829e684c548

  • SHA256

    9fb13640a8e43b62905100150503bb61313d84701b9f752edce2e8c78fc3d169

  • SHA512

    5f23ebf282cc1b81bd9ef968b4854d20b64d9e7f7e05e022921aaef0355f30f4d0364cab0f0f98adcb65f56d43ed586c67455b5d8686aeaf177c1b6d2e53621f

  • SSDEEP

    3072:okAwuzhjdRmSZiAv4QZiY8l5tfhbwau4yqRZ3fTnzY3QfzZqrt:Uwch/7PQQZ5k5tfhbhrRZLzVfUrt

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_08d77f3e3666bb7079c2262145f782b6.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_08d77f3e3666bb7079c2262145f782b6.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_08d77f3e3666bb7079c2262145f782b6mgr.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_08d77f3e3666bb7079c2262145f782b6mgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2996
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2756
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2608
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1044
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77e7aa3c47d076273f05af85f3c3e620

    SHA1

    bfee6760ac015420c457df570b55c45c5c71665c

    SHA256

    75e8c79a733263b350fd52baad5a3bedf39f47ca8c7bd8bd30651a82fc3a31dd

    SHA512

    bccf5fd70b2abe52667ef8a92276bcc83680e269bee46c483369b999b9fc63c20b70372398e8db9d586ab2717071c733230a1d82fc33f52d39ab5792bb8496b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e3591d6343902816a8241ff433b5769

    SHA1

    7f675d3d002a503a50f8a1235e21b0d2279ef43f

    SHA256

    45d1863c3ddac801dbc55c0bd127a842427695fd135dcf014b744a0c6ecc3752

    SHA512

    7c48afc003f598b34bbffeb0ab13f461b0001461e375e3115a3a8905ea59829baf811198bb71087315b597e21b7d00709a4f82fc5cbb0e4b156f5cf26dd80aa0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acecd78045015d6dcb2426b56b69f83f

    SHA1

    f2dfd09f0426095db4785d86e93254f4fdd1cf28

    SHA256

    d7508195936e422c024c395c8b4983cdc4325aa6df8d311885c12ea56e56bb05

    SHA512

    3844fc84acd46e3516c8422f9d2ba43dec918bf06fc80cb207b97b74c30dfee2b9b65bcff666998a4cc13c11a21c60d0173b152eb1fe6b9bbe25c39b22731685

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dcf0deb9f6aff2b894b56b447d1dd73c

    SHA1

    5d78e55a1589de7a6fd214618a07a563de366500

    SHA256

    7aaf13b585cfba706218620297972cdfa2c9697fe0f107fbca3045c4087bbe76

    SHA512

    e1dbc95a20e87062bfed13ccf34293c21a457dad4b81e522b2606e6c7de4f00e63b32e19b8b483bef2ebfaa472b8d366d38f8cdc378150b366fcfd685fd13fe9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f86f51eaf4647f13a5d981fb472e53f5

    SHA1

    118295e510088aee8581a68b01e3fcbc2ab3040a

    SHA256

    e4e7ce1a4127e4ad6e46458a856f4e5094d5a31ebf358a7985caa4044aa22f3b

    SHA512

    82ef05dd19ac64fa6c54b92bdc9eaac19a09225a6c2dd55a684aa718a3753ecda78f48b66aabf0c8e82eb176a91f5ce31dc0f2f0bd396f0af1d589d2ebf3cfa7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b3fdf10578df732f6df5bbcdca1a075

    SHA1

    c28e8a4157f35cfc220d9b8ef6a35bfc1d9c4140

    SHA256

    a05b8d96d41a9e93115630d7124192e1802b7f52b292e97edf1dfa4d060a900f

    SHA512

    77dc4e64e1025a4e0db2b1eb3e84d9592175f11cf7c415e2ab2d0462ebf10e068627e78f873c0d32565a6b27fde86cd6056d70e42d13c198de7ece66ed1d9070

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f6a08d145626ca040d3ef0939878471

    SHA1

    33d6190f50efa88e92deb06888fe623ba63c7ce7

    SHA256

    452bfacbee199a31c8e82fd6db2379aa4178f3670a490dcdf1e0d9647bebb49e

    SHA512

    e6163e8856f9b22affc8f03c6f0f349df87a813b9efa263dc64401b2314783748542f81669b4e27d43032d708b584586e7604ed729bb2e2a2092470612b70fdd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b46113def36f3d2f01ea11dc1fa7d015

    SHA1

    4b2b1a9ce9f66f9e7b26c561040e6221837e347f

    SHA256

    74bcecf0bfdca3ec5f886d794ddaeec4452e49a36ac9c927e52e9bd0d931262b

    SHA512

    695b03f39d979299f0d71b11068bacd528f68a0e6bac4d5db864992ce0c67ea5d67642d8b71c937d29dc54a4cf72d7ac3c85a63f57a5a435253c947f6ca6e796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    947a8c8289c4a9806086e701a924ef54

    SHA1

    2639f7019a37dd2434defd7a34ccc6fb53881e0a

    SHA256

    39e006d0843013756b45cef0f7cd91e9a74f638e34c412bfe706a7a5af1fa63b

    SHA512

    82181b0ca0cf13903208322ea698562d575a3406c32781a55c8469a75c1a660dde94b8bb1f108408764125b2a9c21d0fc4b7a90949d6f1595ba71768f1dd1dc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20d1a26c7f343f7ad02f76ef8988c756

    SHA1

    f15f9096b8fbfef599cb21dbd4e615af0a8c7344

    SHA256

    70ab0f0658bd6777a9db73d5ecb84554d853b6f82a4169520b27d4aaabe20766

    SHA512

    afd6d722bc4ff2df657564238263956905fadc7d52dfd7ee4cb8e64ecfaaf49e0b7dcc40aef01a5a712b4860fd78d8061139acaefe34ac54e6479a552586caa4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b3b5d05009b5bc33523af7c43ded2e6

    SHA1

    63e57554d3852f4568e31f86a54e18f211e4425d

    SHA256

    1e4c2b5b7b78aa58291d57a9604b4be0997c73ca3edd23fc3f60fb98cde6c100

    SHA512

    0d25fbadaedb034fe26412665ece2adb350331bb7f203d9d8ead221867f786fe15359b684a9b1769f9eb9bc7288d0326bb2d5c60dad3b4454849fc06f0a12a41

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E97ECF1-C741-11EF-A1E2-7E918DD97D05}.dat
    Filesize

    5KB

    MD5

    6f6c449fb14421f6e89e3bd29fbf36b7

    SHA1

    27397627fe6d9bed679633bb7ddd1be5ba83dfa6

    SHA256

    1f566418ff558be987ef9f3be009f590ca92a79677be51ef84b47f1879400584

    SHA512

    5fbecf5ed1b7d3903c6d77d7c91a919327ef334fb6d0107236d3cb0422797c8a06e542c3908f7c65c07c3cb14cf76957bfdd575721c6fe358f35a13508bef1f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E99E8C1-C741-11EF-A1E2-7E918DD97D05}.dat
    Filesize

    4KB

    MD5

    4331fce894cae969e0e0b5dd9d17dcfb

    SHA1

    6e194e67c8a42c93ecffc5350437895622ee0580

    SHA256

    74e4f64bb3e5fc5fd9b4a2973d81d85ca07401e97ccc9be2d0a777faf08f93d5

    SHA512

    324e6df78c5de684ab6c8069c7bbbc04bd20e1268fce92dd4e23cb5296934780bd379aa9b8b613806ed09f26cc0e24c7ab086ee26bc396afe64624b95abf5959

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC72.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_08d77f3e3666bb7079c2262145f782b6mgr.exe
    Filesize

    117KB

    MD5

    184e48e7865d3222f69b9a40997e460d

    SHA1

    2fa5f268eda226baf32c75e638b58d408663ace3

    SHA256

    ca135fc17d829cfd64cb9b43ebd25d009d10220336e849d87c5dc05aad7a7989

    SHA512

    927a588ac0d6ceb292be98ca8d25f1ad3e02a938ddbb747da5c1b52526dc6863445db099c75f421d7f0fdebc3da8eff894ee6138f57e68ad79a75a729208ae08

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCD3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2068-10-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2068-1-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2068-9-0x00000000003B0000-0x00000000003D1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2068-15-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2068-27-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2068-28-0x0000000000410000-0x0000000000419000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2068-29-0x0000000000401000-0x0000000000410000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2068-18-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2068-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2068-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2068-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2996-24-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2996-14-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2996-25-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download