Overview

overview

10

Static

static

3

JaffaCakes...10.exe

windows7-x64

10

JaffaCakes...10.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2025 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_45ee1a36449171fb2abb41a4ecc38a10.exe

  • Size

    178KB

  • MD5

    45ee1a36449171fb2abb41a4ecc38a10

  • SHA1

    af4e344281980bbac2c1cbb191df663bd55fb232

  • SHA256

    f766cbd8564026033e984d122f424371ca8963c3a7972409dd7ed59a52f5bb74

  • SHA512

    d661f1ea0a4a26cbd9b786e24baf6d7c3de005c0c2bb5773b127ae0e9cbb3ad16adf30e542023122a4af97687e6715487e291bf2581142eed35fe0b7dbea25a2

  • SSDEEP

    3072:akAwOzhjdRmSZiAqFbrnp+KsYGngDrSsi5LNURwM/0j4IJqmxOilu+jGvCsfe4mS:+w8h/7PCkKsYGgDrS1L2wDMIgmxBuKM7

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45ee1a36449171fb2abb41a4ecc38a10.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45ee1a36449171fb2abb41a4ecc38a10.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45ee1a36449171fb2abb41a4ecc38a10mgr.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45ee1a36449171fb2abb41a4ecc38a10mgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:5060
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4932
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17410 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4936
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1348
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1348 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    febff5e5b64433316ee5f116c5c14309

    SHA1

    55a533777edeed0d18304f073d59d5ca1e5c7737

    SHA256

    888dd735b3cf97e714243c7ecf44064128c4a97452b90ebbc66e317a113ef9a4

    SHA512

    cbadeca5bbd2528b4af7ad6d053483adac27db83bfcd8b75312a5aa4b09302f729b67a04bbb9af840cb3abd78ec668b5a6c8746685ba0f15780b5e0ea3dd88d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    e87424ea3c66aeca85a58b7d67df7e0a

    SHA1

    f8b8c8805a0aafb1d4ca2312a271c3c946f4cdfc

    SHA256

    4e6695e6ff84e12ac9c6087ed40c710beb4b2c7ea238b4ad96f46a93ee3f120e

    SHA512

    161cb651621a90f793332cb176047407c943cf3c41791790bccebc5a0090dda796f4783295289438cc951468e4ef55410b66602ac242577b021a029e30959b4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    7789eb1432d29cac09089fec2e26be83

    SHA1

    23b39136a6509c5cba0dbc60fb444d56f7e4d2b0

    SHA256

    ee24cb22edcb43fd83deeb4f12146ee4ee44ba70da3a6783673fa0136e109fb8

    SHA512

    d81f1f050ba651652cf6727607a171fad539b62f00f668a3d548cb4473cb4882ba5a4b74474bf249f33e74637584a3cbfdda5bc75246e8520ce79b9e44deb00a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A1F472A9-C7F2-11EF-B319-FA89EA07D49F}.dat
    Filesize

    5KB

    MD5

    51a31a260ce4b5951d8c1aad52323b51

    SHA1

    7adaea6dca20b32fa734958359db479e301ee562

    SHA256

    16072a07dfd38cd30988245138ce6ba1e07b5978f343bb3091578681d07aeb1a

    SHA512

    bb66217afefbdcbf7d62db8c30b3ccc711189973e9d65c2cff59632bcabd7cf02d955d2d113f9a9480438cddce156170d961df807daed25fdf849e073cd70612

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A1F93733-C7F2-11EF-B319-FA89EA07D49F}.dat
    Filesize

    3KB

    MD5

    77a1d706445edc4cdd32f3c9870763e7

    SHA1

    ca3aca89c8750ca42be115dbd1ac6f14fb144a85

    SHA256

    93271b5b2d141b944af8220cf28bfdfee2472226ba9e9fd485d94261a42d7f10

    SHA512

    1fde46efbefa2df1270d351dae142071c3a08749ebfb4f8eff9c0a67fd2b7f9565f6892f34288c29eff9e448ab68440bcd58c5a122696ce5d660cbe917f8a13a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verF58B.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8R55UT9S\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45ee1a36449171fb2abb41a4ecc38a10mgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • memory/1168-25-0x0000000000060000-0x0000000000061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1168-10-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1168-29-0x0000000077702000-0x0000000077703000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1168-4-0x0000000000401000-0x0000000000402000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1168-30-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1168-6-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1168-0-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1168-21-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1168-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1168-9-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1168-11-0x00000000006C0000-0x00000000006C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1168-34-0x0000000000401000-0x0000000000402000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1168-8-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1168-27-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1168-31-0x0000000077702000-0x0000000077703000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5060-18-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/5060-19-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/5060-13-0x0000000000401000-0x0000000000402000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5060-26-0x0000000000710000-0x0000000000711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5060-28-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/5060-5-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download