Overview

overview

10

Static

static

3

JaffaCakes...70.dll

windows7-x64

10

JaffaCakes...70.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 03:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_465e75f5428e625a6c96e93d531fc170.dll

  • Size

    128KB

  • MD5

    465e75f5428e625a6c96e93d531fc170

  • SHA1

    5cb5b19ad8d86577c24071cb474e9e4a16238c00

  • SHA256

    ef63ee388dd98a6063a2ee13698034f6bd59f88a9d5d5cdb51305e3e1ab98599

  • SHA512

    90bb69cc9f60a735e22a88179e87af3917cb9d503f4c809e6d3fad05949f75294f1ae7af5c4cee33f4997c4fc196a0ee14e96f90658386c6507ff66a78f59ec0

  • SSDEEP

    1536:C6zZm3J9T8DMuxWtwN5+SVoZKfXYiiSD0vGu8nVnBU/OmtH3aPv:VmZV86oVoZKjtnVO/tKP

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_465e75f5428e625a6c96e93d531fc170.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_465e75f5428e625a6c96e93d531fc170.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1252
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1432
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1620
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2332
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2171e478e11be354369e1ef0fa9f2cf3

    SHA1

    5ac9adc38e99f7f079ff22f73accb4acae7b105b

    SHA256

    7a29dac0268400c05bed58a58672a2165090ae05c7b4b26e6d86da4577cb38f1

    SHA512

    86c3a637dc4e4e120d92487066516c020009c242ebbc764601b613d78f6979c2685b8d8703e64094677fe99ed4811c2e58f03c62a0ff20760e10944a9e610bd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    867c1d233f2362c8bf5831e4d3e3e143

    SHA1

    9bf52a6b919cdb62cac68a135b9f7d2de468e5b6

    SHA256

    28ccc3f73fe0c2831b36b499a925a3719de688b08cf04e4e859a736928247d47

    SHA512

    96b1a13de8434fb6401848ccb5834978bcd2e9ca9034561dd7bba6b24261c6395a22de361f68696327f025f2d0ac3be6b4e398d814cdf5add411a8a4743a030b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c972c686517daa5f0a77364eef4f4583

    SHA1

    dda7c981fd821ad16373b79d4990dee399c41d2e

    SHA256

    8ecbe5e3106a38c1d183afa994e036c544f5689e8bcc1621a093dcc361ed2ad2

    SHA512

    138bb9059b691f0bd6cc5b7eccce02fc0fd5b68740256f356036bc597b3f9c762cb94924142c669fbb12182819d7b1a16cc7e21ffffc73572f04de9f1434d776

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f7b269fc9ca00d654a83e220a6bd95c

    SHA1

    bcdf11bb623156f858f04b765cfe5bc66f65b90a

    SHA256

    10eda1600a7927d595872481d6bb4ac3a928a0e5f3edaaa58ebfed2cc2970715

    SHA512

    2ba0c477d75288889bf8c3495b6b277474dc7baab2e43f813f22f608636589249cacc004efa656c4a3926a007f0d96b95a41c3700ebb4e8642ff9cd8cb1cc070

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6feba652b4da547068329978966c191

    SHA1

    1b4633088fe0d2a9af59e5ee232dc716cea6faf0

    SHA256

    5d4e8c51031206f3f5dda770336cae72bf3ef29fc47282c4b9d46cf4051cb052

    SHA512

    80a9cfa00dd5c325c9d8922ecd6f7108cb5518b1449352f7103460196f20bef11a3f5358fa22816b4a433811e09f785940ad2711884f7680894ae2031b1e3e6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7faa580fcdad44bb2c6e1b99a7e3a730

    SHA1

    ba4b0be8b20f4d7b01ce25016fb9208373d6f96e

    SHA256

    b09848aad40dbd368456d7e233e63a5d304845fa69e3ecc1d31a9945c068a55e

    SHA512

    3a8bb8830cd992efa247811d22599c50b04d18713a375492412643f6553e8816f0cc0748c0c008d7e75c6a3969b4524268509a1e58b3dc9a9619ce5400aa011d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3101267355ec77b68769e258529a127e

    SHA1

    e30de7e2990247eba09a37ad0b3ce49636d076bf

    SHA256

    5bbdbf899de82b27ee714048dbaf25b404598e8e9620f607c1fb8c5398f161ef

    SHA512

    ba54fb0e5ff41615d8ec72842dc4bff5ad647b46d522583293e4c89a8951ed036c0bdb2f9de8ffda7108e18364c54c8cee91498a5924d68cd7129c128159f20b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5826f0ca1044f1c256b5cb4b5c9df6ee

    SHA1

    84f96e09cde8933c25b786866376cdcfa954f36e

    SHA256

    cf2fec1d58b51a74986270b9a125c53b04357986109709b54e1eed0b700a879e

    SHA512

    e1643279eeacb254ae085b0e18d223b695c8a4c77224607bb74813270d19145788241a7573b029d9df62732eee3eaf9b8cab1219fa6477fd4aa438a4fc03bec3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34550232b448ae83446a17e7b27d56ab

    SHA1

    b8a570103bc4aa78bb0eeaadb8ff896fd5dff226

    SHA256

    c72d6663b7f99d11cc2bd7c7698853ebfca88961f4c61a4785c4377ab86a9dcb

    SHA512

    677efc9253e4a5da47febc1d2a31b8a84be18c5b8108dd94e8afac744d98e57ed5cbfd984060e87950b5696ff336b481628c7a2f84262cd0f94cd527e8c14ae9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2037b8c8408e11efee1bfa2ed14f5a97

    SHA1

    fd42ed1a7f9fdf39edfb86835b0f2d4584f1655b

    SHA256

    681e0b4f6f602b4fbc6fb5fea899a51d5ee3f4f0040dc6bc4329af281547f3ec

    SHA512

    130e691c0473c70e374d2bb5918f8e19109ecbc8bb4afca61ad49311bf49988b7295e748f99c28edef3e602499bf3b4dfef652e2173fa46e80ab30ee0eb09611

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36b21ea64118d721634ae6276e4641a0

    SHA1

    0e7e79e23515c543c546241589aed99c0a329c29

    SHA256

    7b2b28236522439f02d65c6691e46acc869af5d429cdcfdac70ca8532cfab19b

    SHA512

    6550731e31aab9334d1a833f54a5c7c1ae6de60734ce3fd5a7f69bb1b7ef1d237dfa71c599eb2146882ccf93d02f9b63961ce476cd285c6f8c462b6ec9a00461

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f0fe16049aaedc50ec86775bd90ca40

    SHA1

    997b4399982dd55afc8e86804b7ad294920870ee

    SHA256

    d17fd035cda9928b30af91ea7deb8109dd3b0b5238bf635fe8cba64d65653486

    SHA512

    9924a263a2a5f8b6849d68bce4ba13f9c53499db33f4d58e86b8487cabc51b55cb44ae3ab9a2a008e17cedf60e883eea256752ef33677d18651c2b4a4aaa27f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d975915d6c93321f22dba69f18b73d78

    SHA1

    3e0c040d3420e14d9c597d0765f4ab70997928c1

    SHA256

    201a35f79b9c5ae74414b56096ed8743b353fc4d927557bde2c44c6ed0434ae1

    SHA512

    0f5579d9fb46770ad766b1f410a83d2b04ddcb3170e47f1eb6858a66f88dd77e018384e2e42ba6b50c3250ac05b2805d6eb5541ba3aee692b365b3f724510430

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a58c28afc9442d1811790de8285c183d

    SHA1

    dd8a56783bad06a0dc05cd0a853fdd1b03d2a762

    SHA256

    4ff590bb5ffdd3710073bfb27989957dbbebeedcf555f133c1b897fb4e422c28

    SHA512

    63d3a2cb804064fef4ea98136fe9e78c2ae34f2940a5bb12b4200cfa291c9a8871181aa6723a945021591328e88252877a02569e9449012943da1cacef6b696e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96fc3d44636c4b72230927a2c052d294

    SHA1

    31862e3f8c2a6624eeffc4c3d9752731151fc259

    SHA256

    7cc6984eabb9a4f53d8186c988de5bd4b261e8dc825b1a79b4013e41086cbe9c

    SHA512

    1e77a261b7dc62a8fc25a7aef4db08b0c65cdedbac7569f23021e48b046f3dfc2d58f9d833a2c14c46e987f7903eff8b37cea360e64e03f598694f82b84d0a11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68bef8421c2b63dc1703b560a1908110

    SHA1

    bec0b2fbca6fc57f3eab505002a588f0c94ec540

    SHA256

    a3f9ba4cdf9d92126f512ab1f98413176c95487806b7f5827bd2f858cd83fd8c

    SHA512

    c05891444c96b7d98724ca3dc2bbfb8463e8da72c6906b85af6b449c08ad17f870402c93aec606fed1bf57bf5f14edd4da29085d7dba294f3faea204efa8916a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6abf1e63264d36ca65e297a38c5dd6a4

    SHA1

    4f19b73baaa4ff46382f20c01f60814f27baf711

    SHA256

    e43deeefd7444ac31acb67d6cd4336c84be0c5f4bed82942d75dba3fd3c7e161

    SHA512

    2db6b56b649de6491217587f40c60e659e8decce1d762e276559d2b89da660bbe942aa42979455c1cf3a2dff58a970c8695cfcaabb607d083843c4dfcb2599d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f21e229be16c38974a4d0f1f09f224ca

    SHA1

    f78a8c6915e479b0840d9651996b367069ddae91

    SHA256

    ea90260d65a20eb86d0e58ce5522c7ddf41b87adc9e620d71134674d150e1dbf

    SHA512

    7e32b559dcd6e0573dd47f4ac2f16683e96832054828161c8566a30427e1a9a9f460ac4ce05bfb9b72e5735aa138a8c3df106715b59c538c0de19d5895de5379

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB03F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB0BF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1252-5-0x0000000010000000-0x0000000010025000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1252-6-0x00000000001C0000-0x00000000001EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1252-1-0x0000000010000000-0x0000000010025000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1432-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1432-10-0x00000000001C0000-0x00000000001CF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1432-14-0x0000000000270000-0x000000000029E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1620-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1620-370-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1620-19-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1620-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download