Overview

overview

10

Static

static

5

JaffaCakes...a0.exe

windows7-x64

10

JaffaCakes...a0.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_407c4c5e77d98c4cffa488c393f131a0.exe

  • Size

    386KB

  • MD5

    407c4c5e77d98c4cffa488c393f131a0

  • SHA1

    0f0aa66aee65bf28e3ba66331f2cddb6951b4fd9

  • SHA256

    4588cd0a200af85dd66549b9fbe96c4cb159d0f24672fa30cccf88ab2ce6f9aa

  • SHA512

    f9db7ec6974a9d31bf42f704a154ce22673f27907086e93635ebe4df67a86ca12491c8cd0fdbb9ae1ac06c4f6ade6df3b5d898d488a1ec51b541a7d9cc38a2f2

  • SSDEEP

    3072:srSFhxp7xHSc7qzPKb/0at9ayXAVJlz0rpl:dhxFxy8qeb/9zaw+zyp

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_407c4c5e77d98c4cffa488c393f131a0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_407c4c5e77d98c4cffa488c393f131a0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1780
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1780 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2764
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ebec13bf92e22b11541907e147e4761

    SHA1

    6639c83ea1da6c52d0096dfd6f1a1b3f30bfaffe

    SHA256

    b5b7a32e392a026b4fa611fda7b87390af4bb1cd09954613802d9f2696706392

    SHA512

    13b20df16983ab4b979fce3314c8e35d5c455ab29aaa82c19c9565a9dd87a77df20caa50b1e6693cd25a4014de2f38e4160b51c979549ea8841f7c2949cb7ad2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d0b4a0946bd253675b91cbfe0c76cb5

    SHA1

    12c4b85b4e7518ef62c99d1367cc28485dc914b3

    SHA256

    93de1808066054d2108b734c3c0275be543e6112e59862c9c54d004420cbad02

    SHA512

    68f3528a6bccba98638790c0988cc404384e6865e0e67066867d4838c434906990bc9e74a03c432a1b0523a3c446bb06823127c5b9980da49d92defd88260330

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    778b08fb1bd897e399291980c21bc733

    SHA1

    aff486811124d0d22a265eb382f6877a738389f4

    SHA256

    c316486f4bf03c47a9b3d1afd3d4e2f70bb12da87f98fe87c6abd4549bc9eef0

    SHA512

    b3880c733b06a4503e0d1af30486065a1da665d223955b963355c6566c53f6e078e42106375542ccfa47f2aac442071a824755b871d0dc261bcb566dd7f07ff1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8972671208b945b6c8ab0c0d1fb9bac5

    SHA1

    c52bbd7d2ea992d5a4993caa0fd421491270618a

    SHA256

    2b380e23169b11ca5d5006ea8e5a4ee0415daaa89445962e63cb2287fc00a778

    SHA512

    3074cb917b3b7b1f7ff489679ddbeebac6b2c8c176ebfeedf8aba417d38b4db171b1d9c1d5d69adeb664c510cbdb2286bb54d117492d7e6796fb45a7acc30393

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9667d1d3513bab7c4bf0b277a5d43c34

    SHA1

    8a239aded3d74752797c5ba99f4dad8895e50eba

    SHA256

    fb97889f36ad912528797fc5b14a6dda79fafdf63bbf1b27c063e425554aa2c7

    SHA512

    d0aa736460a76e82ff2a047fe07cae965eaf11cddc5b9c6e08cfc65b275bf899abdbe5451cdc1dccf44849e22df576a65ae5477b8fb1082688ed3d500eb735d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40388c05ffa82b572066bdf98228b207

    SHA1

    0669d67351a4cfae2e345a39efac0dc7d2a067ba

    SHA256

    e5ec0c5dd6a76e5b17fb19fd59458b8dcc96b366d52892358f0eabfcc373c9cc

    SHA512

    9c045a41c5aff6a717c6416ec3ed493aef3c96d82c834f5d7f9df756dc5345644671eacb1c6077680a6ceb3074d1e34becceff8b916438b039e80f1b250e021a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d68ad1435d7a62d21955c76b22050b5

    SHA1

    6e28c029b1c3e45017badb1b18c6151ee5a4557d

    SHA256

    d1a0ddc1412891c414361ed8885afb6b5f1fef0263de83bd31ef133080662b78

    SHA512

    db1d9dd6d3899a492bee2efeb58a13a0ee9c1ae297845d54ca52c2445b2a45087bbe89a41161028edefd4dd245650431cdca76d3a16eb55dcd2935c40e45c18e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cece0f82d757865ebbcc1293d99e9f30

    SHA1

    8b7abda5ea8c996e44cb33d585b7ea53f2513dbc

    SHA256

    50ee4bc6a545cbbe640915673babfa2267f78302025fdf53791f2f7dcffa4311

    SHA512

    4e5fa926840d764e5269db855a8c6fe28622ccbbc38660b0219673a321d96eaede05c255eec01724c1705d5ba3626e9ac79934cbbb4ec857b557b0d921d2db51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b3be6ba30149e616533849af403ff7a

    SHA1

    c3c6d517fefc1d49d826ea0783baff6df5a50940

    SHA256

    ff196ce9ab4c8970d83c225eebae5f8b487eb73766f3013ea4af8f2336d491a4

    SHA512

    0a97fd2dabd741cb90ff8dcd758823c0b55816f42e2b1373ff589d860623207c28b4fa11f18ca98b93db1df9eac45d8df9409145f8caf99e9a0fe38cddd1dab4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4ebaf7cf07085f75ae64beece708f31

    SHA1

    a52c3a4362a90db7513258d05200039a32a2cdb5

    SHA256

    0df8230557409cff580fae19f34e52588235580dc19aa81f928708cba50c00eb

    SHA512

    433425520af480993e7ddc2ac167b1272da1f6945e09e293c368f2372b696646f4b6de500b164e881c9c5196fc7b1add73b6d0b0c784ad7b654e30e7f65bf935

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5608b60b0c522eb72662013de6ccdfb6

    SHA1

    f42bf98d97e5d267c93fdb116d6c71050cdf22fd

    SHA256

    40684d71340d93888e3484635111a7b3018f63770e504095372176d27e822675

    SHA512

    cc91dcef7dcc87840094644380487db65b0538173c303eac297e8925c04a604e4287ef9532b3837bc8b0d12e547d6dbf4be639b2f304ca0147dd98279a5120c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50b1563da4c252bef8ecd69ffb43a201

    SHA1

    e7bfb2c9f77e123fd53b6089d22a40ad4bfb799f

    SHA256

    1c641f4e4fbdc5de00819b85eddc1c97dbdd2d621456d8be0870e126be884700

    SHA512

    f5c427ac77a268ad3a0af0c8cbe4b7bc083592f03eb8466db05845ddf3e615f1e63798d42c110ee9ec40083ffe49d3db557fdf46d3512dc06c2fd69f1242717b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5db79b664b90e6ec97f1201b9f3209d

    SHA1

    245b005babb809afc6cfe896a955b45e713fa672

    SHA256

    7ef348d0ba1a9c3558592ac3c56ba0c65f198076b4de15aaa8e774de8eaf6528

    SHA512

    ff6afbf5bb8e510e738867d6d104840805bfb90cd228ac08e70b793583a6cdfdefd8d67f33d16374f64b7bedfda298bb7fb4cafb72e3f112fdaf17aa5cc72f33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebb0a01346dd5f48da75232fac9d4711

    SHA1

    4faac24100b1b6258631c19cf2f9534c9032d268

    SHA256

    75f90a41ed510a90264410336840af0c1b24cd50da984141236437b05ab6988c

    SHA512

    acca08c319fbb5febffd2972fd0e1a4020e3be3a5aff0ec0cc4c848c479a7897261e769d7c45a1e4fdfeb75ccb2e36832da20f9c944b242eb2376a375be3065b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b274dee8c3befb438f6449e0e8a13559

    SHA1

    9b787329a48cfe4fa6f25a3d08207e2f3e00f4d3

    SHA256

    06ea98bc6624c1984288013ce5825258ad72439cd2c960e984842ae8cd3582cb

    SHA512

    1ded741fb2e14a513778e867beee8e479efd7a1759dca25f7cb31584c8d2d9eb1fc024057582edee3adf0734e03d59fd3e9c38f38521b758088e5ee940a1ec95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    464406a3ee413b6349733922f5317620

    SHA1

    cfee7fa966a5258fb4df78a49a7399058cd7b877

    SHA256

    31e9ab7682edf97b5282146a85393a93c7bc11090458c5ed91d30a4ce5fada7c

    SHA512

    4a886d835787168d34e43d010898a780d5ce77633d3bb9fe9ccb09496b4008640631646508bab2ce2c643bcc00c53c963e1f65a072357c4bfa3751d9d4431d08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b514a895db2d924658e2c97293ae748

    SHA1

    ed9221ed8bde80e58c86e33a196276b2a646b1cd

    SHA256

    d709e9017618ce6d62584e2ef2b6f32b2e499782a08b5ae3b16eda4c8555145e

    SHA512

    8762ea416f76ca57d00cf8eef221fce11902f852b405b3405d40b2d028bd10aca0d4a239439bcddc42cb14c96315e31f37ed62b687ec3af9e41090efa399ec6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15b48db20a61c80d45017af7cb1a9f29

    SHA1

    58e40ccdc27f41bf473281ee4445524dcee75241

    SHA256

    b0dadf671682e0dbcd0dcdfdcc33b4690ba1870ac41d6a26ab6f5aaaa70f0453

    SHA512

    8af4e7f2e9b6843648e7061c66d81b0df31868261facd979cce6a7b2f723cd00f9f16955099bbbdc7ed79a49a75e97248d402a6e2400e70eaba5abbdbfe0377b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db2cfb0e6c7537c38ea804ff7000cccd

    SHA1

    d22bd9beea5721b549e388e0cf2becd8832f947e

    SHA256

    0d850ced96058b39ec12d9d20ded1d4f091a955999677509f67efdb288cb6d3e

    SHA512

    adbd27b6b43cfa544c0ec59ad7beab4dbc1b7f5b03403c99994d0d2b531d58e4b5fd75c3148c696c579648bb56d280bd4a5ade26ce5ad9584ebae3981de25703

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC047011-C7D5-11EF-AC61-4E0B11BE40FD}.dat
    Filesize

    5KB

    MD5

    7915cc7c4d5dda1c4e01209fb965acfb

    SHA1

    b526c540c2cec13f89c786f4ab0b885d491e7a20

    SHA256

    2f60f48e8023150a6b12b2520ae4a44685a1f7f508679c4bbdd825e15568c002

    SHA512

    f06c1570f13033acfc26841e7a0daa1169e2f189b90d2e2d318d5dce8477dbf86a7cc340dc1cede79d2ae77f0b6d4dac6018829b4dae1ff3a62569c92b4244d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC0932D1-C7D5-11EF-AC61-4E0B11BE40FD}.dat
    Filesize

    3KB

    MD5

    3b9bae932b8f8b1d289126b6cb72cf80

    SHA1

    42bee84fa542cc29ece53db5477dd58b9ffea2d3

    SHA256

    5f6f80534c38f8c5660ee75fbf6cb6f1aec0adc49d68c903fbca2ae960319278

    SHA512

    d71f06c2b9fc72d938eaea36d92804c78953d110a5af3715cdc78e4a16e24234186abdaf3659cf4786d684f01f5daa8f054388b19659a6511a8704541d6547db

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCEF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD50.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2872-0-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2872-4-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2872-5-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-3-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-2-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2872-6-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2872-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-9-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download