Analysis
-
max time kernel
121s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
01-01-2025 00:07
General
-
Target
JaffaCakes118_402faf19fd8a25cd39d5ea18dcc265f0.dll
-
Size
756KB
-
MD5
402faf19fd8a25cd39d5ea18dcc265f0
-
SHA1
1599ca89f7f1922ac3bcf9cb0cec0b8b21f9349c
-
SHA256
3b29649aa9d08947c21a34995dacf226e0b0b4059755ec761a1a73ad072304e8
-
SHA512
5f4a74d7009733e491d5731a21735e980126715a10e8b67bca8ccd9fa3c293eb8f8f5ffc7f050df63c45df0f0da5976f6f1c84f3642209c8023ca5ef9704779d
-
SSDEEP
12288:Codc1cG8Z3uu4Vl0coJFNnYX1NtcSmMEVYaLCl0E1mDriZSjQkEsfD+8:Codc16Vh2lvonNnq1Nt3mMExLCSEEK7+
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 4 IoCs
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 27 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_402faf19fd8a25cd39d5ea18dcc265f0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_402faf19fd8a25cd39d5ea18dcc265f0.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 2243⤵
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5a9bcc152c189564bb8b8269910887e86
SHA17bd579e4cd75d23b170e1f1fae7ec639c836c2c4
SHA2568cea428802051672aa36b730c5ce3a2c493d81d4189c4aea1cf74f5c5846ec17
SHA512a5518b25c71f4923fadeff5e914aa262378b5c070219125fc091829974ed006523b8972463c95f01c0c3464453a582045070cfe0677b37d87501cea653bdd207
-
Filesize
342B
MD58787d7ca187e354cee33680c9ee1a4a7
SHA19833a15ec4b97127dbc7b99f72c424b7ef360ee1
SHA25673f92ddbd943fbbaad476f03a85e9a1f4aaaa8894435227ff45c0d81ab6574a6
SHA51232292448a7df534c479fb889c73a25261fd5b938c48054ed9c1e82a6b7da8b0ed7f63c201fdd6f017034f6f7019cafd4cd7f3a4aa88623f235b90697add484b7
-
Filesize
342B
MD535e2dbe5cc69e9baaeea26fc073cd45a
SHA1f02477bed508208080ffa975f35adea490ca02b3
SHA2563fc6cabca4bc1411269d551d88ca3a469c28e4dd0b0f7cd761e765e47ed4ef7c
SHA512f3a17357e84cf510998824d9db717f6919e383727d5a6951adb0b832d6b995102933608b07a3bb5f4176367384584693e4927b02dfb3109a218592fed45ba47b
-
Filesize
342B
MD5572f232b9e8813d954d0a8365c59e62f
SHA18e6113272e739a693b182a6ddf99c301a334d922
SHA2562351630075c13abfc99a2b9400dbfc4c0065bffcbfd2c16f0ce05feac5722334
SHA512bb5fb271d5e716fd3200936a8558bdf8acb5e15936ab3d21a47447c97fe9a8b471141db02936088330370d95e1238cf6e8eff5fe7bab08e55b1ee14e3f76850a
-
Filesize
342B
MD55e7d6dabab00a4db36cc85164923dc7c
SHA147b99ca7312c3cb71bd9613cb7ec4922d4af6a02
SHA2561b1a56c44b2bae08d8d75243d6845db00e361afcfca624c6156d75a435fd257b
SHA5124cb5165572d941a01e3853e68be6923b7029c90046573eed75d53ac8b0077aa5fc17134f782955b2f763da6d290ffe26c5b895e8aad9967556b999bcb7b0ed4f
-
Filesize
342B
MD5dc2e1339edab07e1bdd552211270bf2c
SHA1c2cf157568ceb02994f08165ebe871a459f0788f
SHA2565137da8dbd934ee196b76f3be2df95cedeb0093b1aee29c1c33a8015342f8eb3
SHA512bfc8351d353bd3e773f5c2d1fde420c4c66b4fb4b51bb2829acb87b12fa6f0d6481d839d226bb980e797fb558c27e6278e06af19a32df48e38ed6d96c9557124
-
Filesize
342B
MD5fe08e257af5900575a7345f46d16d795
SHA1b1702760bcb82aa469f94482f4efbb04db7cafbb
SHA25639bd7ebcf34b15fda6396b5bb44149796d7433659deafadcea8606482303fedb
SHA512932d43190d6234a4bca98696293d640e5d87af2d9c7361c86fea23cad35cae2a2a1fe83f46432f4f542f3101b8f587506547cb644c367696d10120f87a2e3d4a
-
Filesize
342B
MD5cafefc1ffb1378cb263ec1a18d4f5378
SHA1ceb178f6f8cb2d23572401c8e03e946292b7ecb3
SHA25672f393cec63ecdc052138b9761448eeaa53fa638a24c5a496609dc7895b0c981
SHA512925cce7fe8584fbb5673c5fa32eea1e2ab16ba40bcfdc2d691821425a64074efcb5762b115bffc008e08c9c789f1e671a442e82efb981bab91fc603b75de06d2
-
Filesize
342B
MD5e06909644db8a19b92c3be3090f971b8
SHA1c301fd16a9a20886c6cb010337c7e96142bb4248
SHA2566647cd39b8dea20ad0aeb4c37ab19a0e36cd87816ee81f7d8b4d945bdb3a43e7
SHA5124904cff454a0fb66da871a80ac92b519a4059336135e001bc1ce40c6e3fa00dc73889fdf9a7fda83eab6169642f5bcec57220dc28c5f8641541ff682f75730c4
-
Filesize
342B
MD5db93f75e1d82167a6a2bd9ae7c92eeab
SHA17bd9e8b2a60177e3e77c2fe3f441b753234a8785
SHA2564341eb817a20d4109d69909c5dcf59e2e99043b27688bde51ff418e7be597b5d
SHA51217aa20cb7eb710dc4253fe680d45cc607f77ad1c91082019c7cd0dd9f8174a85f2f8c28af6cc0775eac4f7e2f47fec66c53f0816fdf7e48892f4a4e974a83512
-
Filesize
342B
MD5edcf6548cb80782945068fed346200db
SHA1b0fd9f5f56dd0846cb0eeba9fd5138b2d692b953
SHA25666dbca0c10f9be4d59e67009a8188d0256a5269727592c79d40b7437a1725be6
SHA51222a8a52687c29ebc7359325804843eff5c241045574a030c8c66301c69b103a71fce64914d4b339caf6514c200c3bc328a5676c20caefe5656e1b098bac9c94f
-
Filesize
342B
MD5cbb70ca556dccb7693dcac8b9243ed21
SHA12f82aca99f7a1bfdd55af538b2bc6aa8eb2a7204
SHA256415b2b3aaea156d3bfd0d30abedada1856be391e7b65141f740c1970cc2f1601
SHA51232bfe3a50978f995eb708a14366617134ab9e1cf78dbda08caf8ec9904dd12f9349e9314202be785833824cb8a169d8c96cc674de644836490eeb0f3489897ba
-
Filesize
342B
MD515ca78883f821e511aeb8ed2a4217d67
SHA125b1d5f51aacb14452983a7d729473cca8dfb359
SHA256c9156841d316b9b8a7fc0b09e142c1d6e1b413928a3e93c7f8d422ec05b6593c
SHA51298b8b96524c533022acae797533a1b74ebda5a2229118973c11748ad976f7755c64296362343646de2cc2648547e79c2264fe7b9f28b8689ee17a710c45e7c69
-
Filesize
342B
MD5c2bfca9e6b149b52ec978a56dc77f3a5
SHA12f01a6fc5de2dafa1d3219634cd3a997a5764864
SHA256961149fac1428997fe868fa1899cfdd5d3397bed83db9639ad66b5680ec351fa
SHA5126987d0a2c720e5ace4e6f4dc2cf384363072d24d5bd6ccc7c4f6a1d44727f96a0e62e15a3d2d1ae6c5a15e56efd9a610613fae7a250242270487d246327aa962
-
Filesize
342B
MD56ec87b0f6e0061c42fcc1e06b62b0662
SHA1870410cfd033c05361fca5a4bb4d56b07fd3872e
SHA25681aeca59639849eca82e5a63be4ee8f0371e6b4d9e538a67ea8ab2c165b646b3
SHA512b9b8407d0e3965670c7d6e90436a2ac8f877a37ec62619da5d99e790c36ef33c1baf78efdad1942690eaf1f1a253ea759d6ad4a70f8bca4267c51320476f0988
-
Filesize
342B
MD5d099e9d9bb762d2a14c2f8052a4309af
SHA16e9c91aa81f9e20c4ad91c3b586e19d03e7cd0fc
SHA256b477adcb863d8290e4a6ae66501b9502e80f508e77f3f9f2fad7d1a3cb89e150
SHA512d448b201f53befcc4bd13fa08f3dee3b80450d96bd3e49f234d37416e77f9fb51d5c18bff2fc7c3ccc9a2f4376f8d9c296220ec1d6b2ce437a0e8b2d331302f2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
52KB
MD517efb7e40d4cadaf3a4369435a8772ec
SHA1eb9302063ac2ab599ae93aaa1e45b88bbeacbca2
SHA256f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386
SHA512522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450
-
Filesize
8KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
780KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
4KB