Overview

overview

10

Static

static

3

JaffaCakes...e0.dll

windows7-x64

10

JaffaCakes...e0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 01:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_43145381bea5dd0f09a6554db77c41e0.dll

  • Size

    124KB

  • MD5

    43145381bea5dd0f09a6554db77c41e0

  • SHA1

    fe9befbb7906d6e1405bcb8af67a43f784f94444

  • SHA256

    2068ca44648ac310eb941834308e53e9f51be03880ed792de40a880221b533c1

  • SHA512

    d0f687f6adabcff55eaf2083cd4bb232086706d93f057f962ab5e9126c5848d170f9f3b19438efe11c4d735bbfa2f17d7df2902d265e6e466d576256f7960583

  • SSDEEP

    3072:FIvcjgtmXYtKD4lXdpSKt2KAIg+/vbCKQh:FIvcUtqktpSKt6Id/D3

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43145381bea5dd0f09a6554db77c41e0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1604
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43145381bea5dd0f09a6554db77c41e0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:584
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2880
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2832
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2916
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a1b46d695cffbb847c052adc5957655

    SHA1

    daa77252cfebb68660bfbe4e94b22dd9c213b85c

    SHA256

    de9a58fc03bcab874225aa3f2d6d0bb085e903bd44c56a296167e03d098b1aa0

    SHA512

    f16c5323b73c39b78d506642cddb69551b189d296742201b109f0bef0138dc63f18079e70eaffff8c862db4348d0fdba302a4549092640c6a51cf7686d1d524e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1698ead83b49b970883f839cf6db57d4

    SHA1

    9fa8c94e9239ac0391c7870715b2570b90949797

    SHA256

    a69572866a54a3af40f6f7609ee00393b7774bc2801491f66534d37fd58cd14f

    SHA512

    a28eca56a2a75836e6490861a2c56d6859bba3c9520016a8c21092264298a3c1d90669d3efc40cdb21b135110babab3ddcea5cb280ff2c0a98cb63198ea0c558

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c1c663982bc828ee25bd4daed5e25ef

    SHA1

    bd4c4909d284516e0867c750444e669c04e1ea58

    SHA256

    34a5d314b99df51f505e937fa8190f517352675c851937fee7cde770f886aaaf

    SHA512

    ca8d00e3c0b3631b7c67088d0826b36f63608f3f9383f5313341787f4f1893a9d5ea1885a5d7c5c10c2ba77ce5862e94e1a2711f7f1f013563bcc25415c9ff50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7df4c7ecdbf266e530961a55059de30f

    SHA1

    eb3e782bb80d37296220247af758ee4d4d096153

    SHA256

    c0002f7a646aa636889bc6654a2e55b8c246ec5ab2ab65473538b12baf1fd498

    SHA512

    5213d46b284a707c55c8fcc738b5e5b4d32fd967bfcb6f9fa563150aac977967a3da230e5dff9ea393bd1538d6319eeddc854ad853300e1ad6c129b3404b57c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    391ec221514f864e75e94b19c6b1ab80

    SHA1

    832d93a65a13fd93bfe40f9153eef6e3171bad76

    SHA256

    f0c83528708b743feb3ab9b821b5bb6108347a812d7e0c1af657ca55769cfa07

    SHA512

    b2d7989466cc6d3accd6136f397f4f2527215ce5118f430e0ed2a0fdab9be4e42380b3e1fe6ce9e47040a289ca85e90f3a8f0d2aaf3cd6cfd5a3a6862d57a832

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e34c2b396f974f2b602cf70010022f95

    SHA1

    b5e5318f15affa1446e12901b23ab793dd040e60

    SHA256

    36e756600cda2da140a51a269560678f35cc56fbe71fddb8a3d3772200796544

    SHA512

    671dbbe2adefd4fc22c769bbbac716d7e3fcfb3e63912a9c87e8727c09e434b616bb8d64c284bc224fc6c01c0168f27253f5f62c13ebd5d3bef059c9971e5fed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c9a0fc44709b37aba8af822e7ad2ef3

    SHA1

    92920d815e8cf2eefe4fa62f9a671d78c64dd693

    SHA256

    040554bb123d7ee40400762d8bd1a8fcd2785d6451ceb9bc38eb445c688a3458

    SHA512

    3c1695e1d28e090f82ff01aaeb3bd9478cbddf3e715e0f855f36523b86b18238357786632622fa9a5319d85827af8f273da8d01afc88b79b51be8ce9ad86fc4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21c243f606fb3a358be01a1733fb3d5a

    SHA1

    af8ff513b6b619dfecb3f53b2a2bf45b98e7985f

    SHA256

    5acc4951270b45259f147ae61f1d453bac5684ea8564927607846b2eced849d9

    SHA512

    5732927dd8d1a20a3f77675e076a6fd78124a04d63d6af77a3a0d0926fae236bb4ad76c2c38f439718b8c922df7e58524e0afb034afd5ea0a1e0ef99bd8aed8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    103e4f286d010622c6426c575acafd73

    SHA1

    b677e96c40504d7c4e8b216ee4296992c07b0a49

    SHA256

    716bffe611cc9dbc35d9b047a791477bf8bbd0eb61dc1cb75d8f0c5179369b64

    SHA512

    c851fa8b08827de974d754d0ca937b7c2ec00cd75f71f6880ccda2095087b1221ba82e2eaa7d50981ba6a5aec53dda805a024520a714e73465a81a610f7fb21d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94545b868a67332e57fd9f52ad6375c8

    SHA1

    e8b463d68583b6eb52821ad252e2a08d6323f04f

    SHA256

    0a6b59d159a9dab413e5e9c74cf94ae71e0c6997a23f8d7e1e63e157e85b188c

    SHA512

    7b16b580723f063eaed4f7768acf443678ac7dbeacf853dfcdb43d36373f63bcb7dca83c180d15e22d626d35bbd53329b5ad23b1f555d8fa41e57048fcadb349

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be726c6b0d0d5a2b0baa6522532209d7

    SHA1

    9ad28ace3af96d4912b0ba52088829624850df99

    SHA256

    65de6b67eff7a95687b23971854c264b85d636538d53da71b224471cd338bb58

    SHA512

    1b490e814c06c968c635d33058e62679a5f0796c6afffc7e78d605bae8215202f866cc0fd0fa006b6d23d2ebc13db8a5c702705f652feb7b260e1a197156d031

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42e1844fc94f08ca67880fcc8cf3e87e

    SHA1

    d982aafda5780442682065d83e0119468752d9ff

    SHA256

    95d8307de75080ae9990459288dea9c7fea75d113085e2907ff1412b10f9571d

    SHA512

    5b2f0fa3e88f00d53cca4a949797292543cc556c42bfae370ab989e17426e52e20c2726d25be4a5f9736166de479a577187e2975276d344c8b8c2310c23aef37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be907a1c769b50cf06e632c923d8bf56

    SHA1

    81f6f8e84f6338a0c9339df4fa8054a321bc2fb3

    SHA256

    7c0ac8bc60407143f61e04d4e056483c00fa502bf7c5b674e7749b80bca34bac

    SHA512

    1d03842bdf886f86a063bcf764eee602abefef9ba2923a5571af7bf10e88a24a3546f7427cd9721c07e39b1ccbfef57f0e3d8a55f7af3d975de5ab635a4866b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec1c7a1686843dd085ff2bcde814cb06

    SHA1

    236a450921542d5484c8306ba14fda91d8819f75

    SHA256

    8a34eec82e694190f9e70f87aacdd0f82cf824b49c5c02239c2167682eb062e5

    SHA512

    8af76d3ad34e190f2f70dba5154df60a85332d91acffe1b56105bdf97cd4da1047abd30f88e6bde8b67f4d7f5601fa778ad419262ac77012d5dfb1858ba0ba08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6418327ce03f8e339115ec1711bd018

    SHA1

    7640eea2495a413e958902a12ef4acd240fd01a3

    SHA256

    7920f2223c5a775bdc0c104cc9ef5027e2d6316852897a60a294eb1e5c16da0f

    SHA512

    c95347621ed5492cfb0e4bf2e913455785a04893e435808ccf036d1764cd65b100eaa03690212e44544ee88132eae85bbe021d28e71badb1e335752487b1ccd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa32fb4d44d1a9ffdd3ce00ca8deb991

    SHA1

    f885e41e6aa57f4fee784275cedf4686f56c6e1b

    SHA256

    1e41c54efeea0bcb7c5d436cc5805520e719a393c86db1021ce2c6d4cbd88420

    SHA512

    2ffabaaa839248275cc4aab00204c908dd7dd5cb41e62c0c9e99eb671d07b0828c13585c235b4f7ba3862e47b8feec92786a6d116f1e5714878b85dfc3be161f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea19a9427838ec253c65bf2d959a926a

    SHA1

    f65f1179e3864f887148b62135c01af6a32f83de

    SHA256

    90706ab965f7bba07a04aff8b9d72112543b96d61ed85a7f1f12e4dd91776a84

    SHA512

    f4f51b83ae2f400050a448783e6bf6ef5661064e6bb1c0b59f9b03ef3793eb87cad334abc241143d39438de71706d2738cc815e21e3d96a6b0e732784a7c9f36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b1e719ad69bd5e5cc342e0b776e812b

    SHA1

    b85cfdd7752e898896d551574561613c271dced4

    SHA256

    c181291d804e6ab5c4313393153583c2a5ae21c5ae32b84d3c59e12aee148e1d

    SHA512

    a8b070317dd604416049db9dd30d67e3e7b5c19aa71a2581827641abf3462d61096ec965e404d7060e75cf561b5fe129abfffe2a37325239b92babb391a5a2c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5fbf2944a96a2c7fdc6ed5e847eadc4

    SHA1

    f4506a8f3e9602e3e65d2a10452b5d5b0a99ce0d

    SHA256

    f7d5103dd96a42fcf675867abb98b92691211d2b9bc0d491961fc8d42e2645b7

    SHA512

    89e6b89ef02caca65267ef3ec16ae0267a8ca624d3756296b03e59ea87188f41a03086e29dd54d939cf23a6940d339db29a484aa8608026e61d52e33d1acc41a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8A86.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8B83.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/584-9-0x0000000000190000-0x00000000001BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/584-3-0x0000000010000000-0x0000000010020000-memory.dmp

    Filesize

    128KB

    Download

  • memory/584-2-0x0000000010000000-0x0000000010020000-memory.dmp

    Filesize

    128KB

    Download

  • memory/584-0-0x0000000010000000-0x0000000010020000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2832-25-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2832-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2832-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2832-22-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2832-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2880-15-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2880-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2880-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download