Overview

overview

10

Static

static

1

JaffaCakes...7.html

windows7-x64

10

JaffaCakes...7.html

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2024 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_2ddbadf695c569733186398f1cada4b7.html

  • Size

    134KB

  • MD5

    2ddbadf695c569733186398f1cada4b7

  • SHA1

    ae16a352bd5876ea18ec04c57056ab5bf6a3f2c6

  • SHA256

    652b3792978c600c9061d5af2ea6755c6b3488ceb91db9d57f0d3c616eb76c8b

  • SHA512

    e0678f1161875862b973bb9ef97b2f5044cab974d4ced27afb8fe019af27587507f95945d3072de4ac3ce2cf3a709ca5701da776f780b447c44ec8d03ae5cccb

  • SSDEEP

    1536:BvjKJLyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dj:BvjELyfkMY+BES09JXAnyrZalI+YF

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2ddbadf695c569733186398f1cada4b7.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1912
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2780
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2908
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2804
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:209930 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2792

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      63a139392f7feb4ff3b533152e3e4beb

      SHA1

      11f985ea1d11068ebf1f694766018be4955578d8

      SHA256

      c9af86bc6c471b915424e7629c786dc4f474b2111e17254fb63a0b6eddf52091

      SHA512

      17cd35688eaf2dbcae18670db767621ff7a968dda6ea3f4e1fddbb7587249a433d24c87fc8408fa1efe18b05f8ea9a02d898d6af820837aceb3572775a67648a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      318e2a9001d45b99a04bc5bd76ac5935

      SHA1

      0ee4a9bce95ca7d566de4da4ed9734c983c8541e

      SHA256

      145891e74d4d295f7a66061e1193eb2c24fdab9e2a35da60ebeee6a5fe397dc8

      SHA512

      ac3dbb731685a5e86e25996c89bf5e70173f72999c7edde19cfb482bd03f90b412b3d18a61eff738611cc95b32243e91cd6eafd83d040e6581f3023093daf5df

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a531c05456b295c402c7ebffd4028cd8

      SHA1

      b240c5f411463aa4291f4c2d9be790ad7a72e7be

      SHA256

      d20707f7540a32fb5c6643a8a0b60676e6181de849774f2a4a53fbe192ce287b

      SHA512

      f8d51579687c5fc5526d05551f45eb796a424f36bfda2cdea9fda74250c5a6b31600a95e17d9b76df4902cf4f4dc19fc90ba078342ca3e4fd6e3ed7af8a9b732

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dbe6044468be83554cd53cf74439971f

      SHA1

      84904f0904654aec52729b1ea33e1688eb9f9d51

      SHA256

      4a9a414fd2f13462e7cae66e96b904717be70159d4261cd51f623370a8241bc0

      SHA512

      8a247cc35541bee6584dda66546b447d189ba28a1c88b06c4de9f92bf0ec4e7f1b3b8ea91b86aabe32d1a2a44c089e9a46f3c4142373a59a6c4a0b38f820a780

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      443957b999d8757ff9a228840b972d1e

      SHA1

      6d242c5b7ea17f63613887b3c5dd8eb3bad223c2

      SHA256

      9cbc68d33bdb7f725d1a5ba749d35cef96fc5a175555972ba82b6d61b0562f96

      SHA512

      256fb0ddc3aa015487622bd647fc9eb443b55d08839cff4d08b61f7163f5758d2bb9f2fbc00921719e470728f77a3b642de3ddff7a02b64d2a21291e8d697535

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7ffe0628512dbdd1b41f6f93f60f954e

      SHA1

      0eda7928d48988136ce3f2e2991d6d38b4df45ec

      SHA256

      a02e1fd145f2b12de4121a25d19b2412308c2cd1298a29f9c27ee68f1a4398fe

      SHA512

      8c5a4593d7eb0485a4b4675724bbb5dcda0a51618015c29d571f0d40a77b192c110ce653e37871bfce992b5790da3071e2b842753337637b59d8d08204dca3ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      66c0b4aef31749f67c83f623b3f1bdcd

      SHA1

      b2945a330cc1775a99d34d19c9079e4c9c40c520

      SHA256

      5d1528375871e3c5bb5d83d5326521e79cc2621c523a19511e0a7cc3fca20b8f

      SHA512

      74467f4e99b7ebace2ba6b1de511456dc7064300c061339a4a6700f1466ed301a14872ea60778378029460cc422cb7647be05155ad4be61b631d202796a4b7c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cabeb2753beee0f502c38cbe63a31f5b

      SHA1

      e2862582a8b6a32f26419898fd7b3ec1fb05782c

      SHA256

      9fda9691472ef01a739389328c0f51672d6e1aef0a8fe09f60895055fdbd1a64

      SHA512

      d1e3f69c8824fc3553e2150ce928753dc285f77a6518c6dd4626a42f23a4dc069a5dc1884d3408fdf7f72e3b5ce46432013105d4bcf74ba457cd094ad2c345ce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6ca5d7c25cdb7ca60afbc4da1ba2fcb5

      SHA1

      be928a78c0cb33e6d7f33bce6ad71d9c63fb5bc1

      SHA256

      eb93f2051b015a2c2621c9566007c39b28cec507c37b27b04e137f6b21fe3686

      SHA512

      c7e89c7a0887295aa1776ad51c9b58d7377fe2e04b9f3ebd712587fe8e3b684422f1abd600ab84dc6f69881e2c554821673102fe38ec45fc69007c5c25d62bb2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b99949d322108be7aab9a58ec3a4c1fb

      SHA1

      d5b9cf49ecad662369d7f0d0cb31e05ea4ec2f01

      SHA256

      6a8aa983847c4b0baecdad87e309eb2f4fe37fc4cbf5e4b4f5095977b7fabc5b

      SHA512

      234670b483e93eab4aabdaf3a02b40aeb042ea78965172afc59b3a6ebf4ded8e29b1bc3197f09642b95f4c8942374c79d133bf95fe28a403fc366b01b15199e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      636ea219a070dd144fdcfa11636de0e7

      SHA1

      9877af64e99b6743533363f91171c5ca5e4bb826

      SHA256

      fcb0a6bb04a58a40868472b10db034c103a78b00c3ca844b407341fa4600af43

      SHA512

      e6f5196022748555f5ff48c2651dedd5475cb4008a6495fe9ffe1d515453679b84ff46d537444b2fd8f493c7f9c35c0b097ab891186064b697b36a98d3f078c0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3bce886bd0736e7c30889a97c17fd0de

      SHA1

      ab47c5ea26bf131466ef626cf52df3ec621a47ae

      SHA256

      761754dad80f5ab9348459f3ce591662f6baeccdc0ddbb8f4e5f7a4e8a0c3f69

      SHA512

      16588bddc19db7c0998d42af302e9285cbde808c96da81de4bcdd0be539c1ee068fdc5fdc882aaf23125e42e158366b98d182dba17d64e04c2cea70a230af096

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f08a6ffb7c4abffc0c69c8d992d200af

      SHA1

      5c23f777ca5df94ff002593c90166f70b662e782

      SHA256

      c6f683a7910549b75c958a4d5aef00a151f3809acbc41d5c1859f5226511c1fc

      SHA512

      a6ce1f9ccc69ee964ca14facb4e0ba1245e2cea0de5179c753b94e24b9af75fced872d6b0d9d918d3feea2bd1fbce7db54db2b9f28c670fe0bc91b6f72ff3446

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1552047cba06574df51a2ffeac152b9b

      SHA1

      f9b71b954ced9ae28ea5bcb74de09b7cc7d8be1b

      SHA256

      c468fa733d93336f308becc74298c8a1ea4184e5da01e2b1e1808969e36d9e1f

      SHA512

      af1f652cd5ec5e0b79c1127a0d8a278e487793b78d8ab27b63c8121406a8b0e5e894c3178d8a639bda97042ec6f8d21e1349beab693e808cf6081f56b48ea8a8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      57922f131a578fca69634749f2f71c56

      SHA1

      ccc0d93820dadc5e436018d7853ca7d46e6a310a

      SHA256

      52165fe8614d6649564e01034b44af094f7d5b97f1d78e9c005e3bd936239add

      SHA512

      bb0dc5cd43fbd4104de28dc2e0ebac5a38c35e35da3c84ed4d6ac9df50939bb241b4b8051054267418178507fe9ea74af0b7f5e06050317ae2f77571b165c704

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      be1aa190ab50a81fbd4d59eb05192084

      SHA1

      f303398e75456efd6953bbc404f29de0eb880948

      SHA256

      7112fb587ec662647a71e887d2fc8f8f9bd2d950e83b2a01e13f2c29a88d9242

      SHA512

      67622fc8b1bfd8ee46309a19c9f4755afd8513afb6d46f5402586955e420adede35fdf7593f7bb51bd5a7cbe4be0b6a653a5decebfe520c78167cabfb391ac62

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b847b0e43c081bd5bfce7f033026dd1

      SHA1

      598aed32c67c5e433f6af9e0870efe687363b695

      SHA256

      dfe720845464bf6570a2bc259d03dc95f526fcca428dfd08814a7276b48d0b69

      SHA512

      4821e48a12ba5468d7f80b40fe6076e7c68ada1d6a1fa310a0da98d987352cf1af0bdf0fcd73550696ac964d0c8ecda09211f5ef472702c6b5a6f61baf5af3dc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c279287b1eceb7c9b16696b764bb6e55

      SHA1

      b02d07e978e8be5951f39c86b3b06e4a9083086c

      SHA256

      08281a8e0e1444be06aa121c98ee92f6cbe909f3396aa7be0b1badc076c7a56f

      SHA512

      88a5741da493571f93c120dd3c5558427557475a891a6c7a005422aae1e9ebd34ffd0ee5c7cd99ba0fcc3c28d2bd2e4743b6de3f1fad18e227e46d4cc223c728

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b103dbfc9c80e252311c6df5d8f07e86

      SHA1

      14be16c241f12f43e19667be8d74545e1713456f

      SHA256

      bebc0040bce0fb1339b9b808dcf4ca4507626605c1b72906bd006c4c60667523

      SHA512

      dcbd824dad62cada57de01a4c11ed6ca86f32fbd09b2e31f3598ddc5a94f77cf495694e3cc30390d23eca5f5516b9d23d6e7dc5a0ccfc8fb4c121ad713c6dd65

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabC545.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC603.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2780-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2780-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2780-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2780-15-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2908-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2908-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2908-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download