Overview

overview

10

Static

static

3

JaffaCakes...50.exe

windows7-x64

10

JaffaCakes...50.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 02:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_436a67332036c52c431d7a6983280f50.exe

  • Size

    664KB

  • MD5

    436a67332036c52c431d7a6983280f50

  • SHA1

    e3efd7a20b7eeafb254b8a0168dadad71aea1dfa

  • SHA256

    5987c71212e26a3a0f825cbcfab52c1e17d5a53616a23a828a7d44a0991a1b5b

  • SHA512

    fd8ae6092a15672ab5a9be73c71a8c4d3a13885e3ace9ed24cf92b7639b89c39d5891324d1eec761998d26dd678980a391f45b2cc3912e57f29b8dec436752ba

  • SSDEEP

    12288:rDQNFEyqo3PlzYKXpdqUVTaRGisvrkEBuIlpjn5x:rDQNqo3PlzNoUVTacbvrkCZ/

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_436a67332036c52c431d7a6983280f50.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_436a67332036c52c431d7a6983280f50.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_436a67332036c52c431d7a6983280f50Srv.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_436a67332036c52c431d7a6983280f50Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2304
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2300
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2816
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    32fa3465988510a42e997478811133e5

    SHA1

    6397d0c3a0ac04727c090f77bfbb48822c1ec905

    SHA256

    c7be5abb4f0a2a67b8e4efe5e04196fe9d50394e17a8e3a8b833f491ac1179c3

    SHA512

    3ff3f21b630e3c79bffa714db195dd0da239fcfb93b29fe5a8014a3aea0b75cca67cd9ab66606cd801b12dedabe4b86182d7391de3e0099cc040a562c55c9146

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01b01f5a73382ab35e719a56e3aa1ecf

    SHA1

    706232b822a7558023e607f80dfa8d2bea1be5e0

    SHA256

    a5efdf36824e29d6f62671b6e452d7b8d1588fefd37729844b0ad2078c72c4b4

    SHA512

    7220dba057cb86100205a49e1a83f26cb415f4ee3a478d3fba2dd2e5a4368ac7e72ec52a70331a819188c856eaf509662fc1103d9bb812e9e992af7c652a43ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff646887c3f5019498069cbbf4f67cc6

    SHA1

    104e0e413a8d2c66967e41e576cf71d4a7b09709

    SHA256

    15607c67581fbb04d71be1388f174bd4b7832cb49eb15c5d2602aa6b2c8f16d2

    SHA512

    27e8e2c67739c373130638d5a4a6de8426c1e83cd7908bcd9e6d8e7693a9a529cdc2d5244f7659ea101bdefddd7404edb25ec8c81d45ebd38879db489b9ccd12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c1b61d2d55f523ed2036d88a0c1afea

    SHA1

    d25ecf566205d6743ce41212ae2162eeb7c335d5

    SHA256

    9874321ee3f6131b97daed67b8f045c0280a22f2ada38046af50f8c0ae181449

    SHA512

    b78cc4b307f028802c8c7e14b6e2959763194f25c88e0726da32eb98228a24950abac21f46474cff2fac2034d39c52364ad48ef027481d5c857125e79672bac5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bf22ce5242c57e3059c1d4eabaf5b7f

    SHA1

    c91aa71948f6c8f1e187247e7ac49026138ca2d8

    SHA256

    42c1a0ca62a5ad4e82e40c29842cc750c928f067d6accd6b10ed7333b2b29825

    SHA512

    b7ffba127b4b0aa45bb07a0fc1a17180d6709b673bd189bedcf0161623dcd3395db13e8dc31fcc08c4ce2c5e49ec2d82766c5dcc97303f01fbbc4889c82404ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7998481546e278a612db6d64f4c7de54

    SHA1

    dbdcd0e7b9cd8eea8bf5810dd033f282f13da5d8

    SHA256

    950139d19401b6197103c25c0fedec45eb30af5eed41131bf47129a592e7b20c

    SHA512

    39a013cc12fe5ff2358eabc713dae062f962881555cd338273b2ea305f4efbf98278f456aa025a9e08f75eee908798dfe24774d9957304708a566e08e101ffb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a129ddb3e4ecb0f8094ecdcd67d1c5b6

    SHA1

    77144f0a89729bc56f7acf0c6d6d96100751ae8a

    SHA256

    b7a29081dab26b109222f460c006f98c7a7a756ec5c5fefef11c5a80c6d53079

    SHA512

    3228fe022369f4253b8bb9b37121d347c44c104126ed7e0791e26958062f790423c1778478c557e1cb11b84cf5798bf32e8346e681d6cb00f529c3ee79011a90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4120a2fb35eae532927fd60d7f54c393

    SHA1

    76807894e31546412f4ba26ec01f236dd85b27e4

    SHA256

    b702a9272545a857cab7ac0db4ba4e85e76cde3100cef50ca3e161a64dd02bd2

    SHA512

    9f29f13c5beaa60be25abc981c4a3634ce1f4a8db876d4527db4f1f3454fde567722ddc1c4013463e2d6d1f9ffe1b1509e3ea29dcbfc356052568189d2c17af9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23745fdb5614891cebb5f386b283dbf1

    SHA1

    7cdd89cb9c283154882c5e6c648f8a8ceecfea4f

    SHA256

    1404453433f076c706977efec30a35aa5b0aa79b35ddf8a8f7f57cc31832852b

    SHA512

    d3053222874dc48d881d20ec261dd0326a58d51554ef08b33ee82100763b4fec6650d639ac685603136d2aa1e7e0bd8085527d97a4354052e5ca730b88ddae3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d77de23db4008214f51214ab63018adb

    SHA1

    e59e8dc39eb147918c6c1925c6e372c4b60871b2

    SHA256

    84864f01b762cc007db84d6d57edd634f3eeacafec6d35cfedf00cf1d204d11b

    SHA512

    1130bbcd6838903979609986dafe321ebf62e10c5b0e2f3b1de74cb1fe82d1595a736bcee116057004117092fbfcb44ec401db7df5bc3e77a48fc6a5b280e17f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    617dddc676708bef172d14226ff00a50

    SHA1

    a5aa759cdc1f7efae3fe11e48331131b0467dc48

    SHA256

    f131fb62ce455675a735b697be314df1443bd6e87da8bd49303a6937ad5771bc

    SHA512

    8c9e519c1bbbe3213a88f93eab015ff024af4164bdcb42ff350151fd99076721d694681bd88bd3bc34a94af56c20755cb65413a536051f59f6d055c7346272fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48a7648123360ff4dbf581b964c9960d

    SHA1

    bca55200cba616ae3626fce37bd337a70afad94b

    SHA256

    dec7ca0644ba68cfa8663325300d2e28d2efb2763f8dba112a7bda3f7086c1c0

    SHA512

    ca578706a75e04d85639de96b6d53b98b7cc496f07660972d24c4f6376fd0935e04c74e7106383477e1889570b384e41559d2a3889f3ed12acec0d596e3b610b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f960c0085f1cdc806bdd37cc19c329b6

    SHA1

    abbac1b59401115357cbd20582f8b93f07496ca6

    SHA256

    23433d85a4d491eed841825a121bc5e9b0838110fb81d5256792754feaacbd1c

    SHA512

    c215e66403a9e6fa1acb3cee8a35e4936304bec43a66a0b910bbce9842a05dca75b3ea20bd4e54d52b447ab5ddd29798f7dff859027e2bd8361e685010dab63c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a4f7803854eabba437d6f15e18e4975

    SHA1

    28730783e82acad49d4d0bb26b4ba911012cad0a

    SHA256

    d87ebfe1ece06b8757a95577f1fccf1b59c9ef9e151e7a96c6754671d61ad6f1

    SHA512

    80e10d60bc29902a3c0a62491d4194b10bf9355317f04ae5625411fdfd7d211202d180b70c6e34ab915ee5812d723bfb8489505a027670fba16bff2a3ef34c56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d288e1f6eddec4ef80033ec78ae4dae3

    SHA1

    c7421d722da74a727740d02b79ac5908bb000f36

    SHA256

    97ef5d820b9453c2ec4cc4b8f9bfd5b4e0893fde6dc13f6691520111fbcad1ef

    SHA512

    55b041e924908f1bab2f18423f9c40658b4b57752d5c357314c375a07576f1477c69cdc974969bcca487a28a2edcf850bb131e7d79cd95e2d6e33d178e9fa8bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    163ef3d02843f323eaedda83733d70cb

    SHA1

    851722cbd158538cf5f75ab4fb533ab3e0fde8cd

    SHA256

    974b819ac7cc60e4f2ab98753101171ba097c9d376feb43358aa9cc06957a536

    SHA512

    e2d4194db6cbbc3038330608bc3153517bcd63dbeaed671d59f1d5e6e1096e8c2e6b92f1a4a203e445b1ae6492fe036f86152dd1bc25b3b01934a8ac95b07a71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5af69923690b620734c5fdfd30d0399f

    SHA1

    d1d0ec966fd970e0c2c308217bc95fe404417bf3

    SHA256

    e14b454f710795ffdece04057d7a7b8e33214ebe97744ebaf2720320dbda9e43

    SHA512

    92d0701398e78e45241e9cd8996d80c726dccb9bcf28fd95b292ceeb5989d398c47a4966d316a6d15c105ca94423ca2913265d06e09bac138c53b207ae35769d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa6503b0a4abc89786ebb49a66974b72

    SHA1

    6751b2ca42cb77fbb4ab852ca0763a97f8f3e676

    SHA256

    f1a650b600cb6daee46e1d7f17a3d1b08564f9dbf3438342017a60a2c6834975

    SHA512

    9eb64ea8ca0ba875d16eace10d2c635b576184a51cfc9a9c6355b3f0ada99a92f9d57275fe0790a16afea39de393ea1ee0c4376c67b8a8d9c90244ce162533c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c3824910cc97ea334e1ffeb2049ed24

    SHA1

    78815c22cb74992e417379023ed2a1835b3c3238

    SHA256

    18be008ec902834ca4ba8422ca15d9421b5608d9e3482e432e2e8163d1eb8c62

    SHA512

    c16955001943c1d44a2cac042af239fe1199312ee5de06299f3707b0d1cd79cf7fc758d6ea1ea493a14c5489142171102887f1dddea0cb3f6ae05d884de34db8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68c295035135c0c004887c5189376872

    SHA1

    0fb68bcee5b6756f1dcc67fe13a3fa5f99d6ed08

    SHA256

    2539964b4ac5b3bbe1950bf6948f51bde7a41b44f70130d7607f88b7d307e8b8

    SHA512

    1ee995550308449a127dc41f24fe42f9bd76d442d9a8c3f219b860a06d0ae19c5be6f464a336d59f91cacad54f78bce0ec7cd966e9bb5d5e781682d0252b6fef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC093.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC104.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\JaffaCakes118_436a67332036c52c431d7a6983280f50Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2284-27-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2284-5-0x00000000003D0000-0x00000000003FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2284-1-0x00000000008B0000-0x000000000096C000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2284-0-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2300-26-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2300-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2300-24-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2304-14-0x0000000000260000-0x000000000026F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2304-13-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2304-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download