Overview

overview

10

Static

static

3

JaffaCakes...80.exe

windows7-x64

10

JaffaCakes...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 05:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_48e2b9a209e37d4a29a73b54b7e40b80.exe

  • Size

    104KB

  • MD5

    48e2b9a209e37d4a29a73b54b7e40b80

  • SHA1

    cd7e79e504bd6388c0b1da58b97a4c95ec80e269

  • SHA256

    9d9daa3ba9dac36b2db52ad84de1a38d7e2cd5f0937577b4ab5dddbaaa15432c

  • SHA512

    2009b21dc69ed6f4d5a90a8f53131c5a619e4907306102c44bc2f672ad2f3aa71a5598f21295bdf4b4384413a54d3b6996f9f659a243989ad1bc2d93e84055f9

  • SSDEEP

    1536:OtZpUvt7zluttzBCKAL7PZz+5dQAPY/Dk9WPzw6PXH:OdCvlutOKAL7hz+YD/DSWrNP

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_48e2b9a209e37d4a29a73b54b7e40b80.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_48e2b9a209e37d4a29a73b54b7e40b80.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_48e2b9a209e37d4a29a73b54b7e40b80Srv.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_48e2b9a209e37d4a29a73b54b7e40b80Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2064
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2420
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1864
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f2b8d172dc43dff11de164f58e60863

    SHA1

    0c4240721158f6603a31b1a48fee550d6a7b4e6b

    SHA256

    9164359c1af6728308ba5612ec4661a58a53672b70d247caa684bb20c8296490

    SHA512

    1a09678312344a1f8a22a84d75d42b9ae2e4fec22fc8645cafe9173a01b211a6a6351f680dc9d963cded8f6f683783bbe32f48a8ce04367f59903431e68e509f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72880441d3e599a44708b59a3d9936da

    SHA1

    ebe0fa0a5ca8e9a0b10ab5cdd3474de2bc927ca8

    SHA256

    6de583d0ce42422a02d82b3bd332d7b63bb78f22978ea49f9e628b4d8e62fc04

    SHA512

    4c525d145cefb58f32d8e534b15644de67af7a63370a83d807b8d8d18db3062330cd56cddb6f9ddb2a5b04861e14f4ad54f934793d109fd3e14a3ba26ccacd5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26affd0edabc6b0bd48b9c6f274f0af2

    SHA1

    0c2ff037a246b615daf61d82e126d35d4ff52d72

    SHA256

    8e3608a06228eeda5f0a6beb01dcf2e870350d97b8794f37302f352958d034db

    SHA512

    1e32bae93432a2553548d1042030bd31b50ca588b7796a6035d54df230bc73b3686c712911cfc706f9eea79c43d90760c401b975cbdcfb5f772536e4be30e4ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b3310c7fad047171894bbb41c97d102

    SHA1

    7c19163dd5fcd3764ebe15ea1cb9d1bd0e511b23

    SHA256

    f0ebb50e06521db5e3d56da7a747d7e523270072374407726cb515b909c432e6

    SHA512

    e9d3671b324efa6edb7838e17032fb233e4477d3889b39adb5bada4f4f2f53d2fab2a89b8a6d22a06e14f760e790c10b8e5480bd5261e6dd8007924f52f79a99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86ac8f98f79a45c0cc95e4461c5c897e

    SHA1

    7a0e659163ec252e128014cdaefc011a9570f73a

    SHA256

    f58533b6f434c83024843b8b05783c533e05fa716e4d6d69f89dec4f4a5b07a9

    SHA512

    74ca804e5161fb7b3502c0376faa9a83e007ddad34aacc3193804fc6e683056e1470c98621487248556f33852c45f803540ecca7e1fb2211d2636c9b297c4e35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16d3bffb2b42daec977bab635b29c91a

    SHA1

    ae8fc94da091426dfa8c26443105d4eb76e392ab

    SHA256

    1350e90e4f760ee1a6940097e9e259cd1fa03fd8be9151bb25ddfbc346c8d86d

    SHA512

    b0ffd5a30d793a57b57c4583a4c883c4bba7d0adf98861a754f51d60783622241dd6da58d0593b1c7c3857eb1d5e72b5bbc2e35ba8d2e726f850a68777427a29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    749c2d2f504c2a1b29f6579266ba045c

    SHA1

    429af69cb54131d9450c61066e79ed768dfe50a3

    SHA256

    b2faa4ced61465213b6c0f862090e1487c6667edcdfe2382dcca41399098c7e1

    SHA512

    8d3ec28ac098531a0845347e44674cfd7b68279dc36e62acf267bedd9d2833ba0840cf57e8278411d38dbcfd48f0cb40da713ee234a34cb1c8cb3749e16a3e6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bb2f6bc54c0d5819505ba75ec1f553a

    SHA1

    a30b48227087131e8f409ecd1b3b909bec2d0919

    SHA256

    f2dabdec9bab6dc1cc16b9b03c2318a3608819522c92b18415baa861f31bd7d5

    SHA512

    f3c857d21b08f53b7ee2914dadc1692d0366fb0a99fa3687573b734a12a456a78b71307d0c2448933e4d152df1801ff5cb6447dad2acbdb5ebc1e18301071343

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4181c222cd55540c18537470ee91d32

    SHA1

    c062baa0b08a996a4c0e45f265abe4a91868d613

    SHA256

    9c3cf245716167ad3c3dd7fd1819af54371acd414e84b079547be6da6fb716cc

    SHA512

    18fab9d2e39bef8da84e7d5cf1ea20ff4ca2d68e221cdc9beeb1a814e5c981299b07719a18a50938ecf3d639141c8d98d1ff54203a2056dd1ac49dd13041d3ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18323962f2d39cfce7561e19ef3cd9ad

    SHA1

    47368c5856f79f2fb15d41cbf8a7129f67b488d7

    SHA256

    bef9f2f51ee84938286c59491234f72f0ca2577f3292f843464be4bfef2404b8

    SHA512

    e8995cc911c16f928a7b5aab4b8d7ce12be9dc5802f7fa5316cd53ffbb13e8ccb8d5c57941b0084251a3322164ddcf8f7382417c674d738b1ae1db848222bfb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f09b9c4487432e51bd312cd301fb1ba7

    SHA1

    7fe888df07b7ad570c091332568a6e34ebac8fc2

    SHA256

    01402ce94c19dc7bef4e278b5a27e777ab07ef3d29382d87d17edd75ed33686d

    SHA512

    a1b0e36ad480e0c38ee5c9c962eaef66b3a263c9e2fc58b9fc41876f02a568f4fb72c02c2dacd9c76c673d5c945d9e1c702a52c74ecf478af76617c3af04c2d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a26b2ae9ceaa2a81ce8e001ab05b9877

    SHA1

    7d69e003c765303ed96a6609c2a739a584a7cb6e

    SHA256

    5b163667ec9a446e8a5f674fec6cee031bec48ab146b894b3e4e7cb318fe0b39

    SHA512

    fc6bb2c43aae4891e6093c17e3b2a97ffd47243fe2e1c36bbd2fa2b69c4ebea7856aeed30a9bcee51303ab9e64c0837fd9910695a43757daf39993a3bc5f4b12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    195f5f28db27c4a5bc09a41cfbaca187

    SHA1

    44288f6b6af4e587d620fd56728e4e962b3ab347

    SHA256

    63115c01a811b9648acf2e2f0085a0e3aafd40d8ebc99bb68cc6dcb655cb904d

    SHA512

    1e3e58cb7ecaa7bf9afbb9d5cec05975fe72c8fae02b88fc22b9c7deb918794a7fd3dacd83238a949c4521dd0834cd33469893194a272950b3ab8e13b2ba1cbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5bb7738fed3313e7c5e410bba4d524e

    SHA1

    c6bbd5d0a27b69435bfd25a145a53e1ad16ffdff

    SHA256

    2cf3f60bd52f0502a0c5aadd3a6e7e3ed8896c743698b1fcbc36c8bb9f2e3281

    SHA512

    e73a1958d4047c350c8b2c93c49c81e27f71888a1dbb9811b881fe7576d501b5797e4e32be90945df9ca8a2e666df58aa9195bd446156aa569634a8b3e9cd6f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91ba9fbea7ef5a85e6b0eaeee55c14aa

    SHA1

    67de9a33104240ca88a82245c1ac3c381068efae

    SHA256

    648c109b5c8c435e82f3e1884d47b22b9cff9ec71fdd8129a56ce0ed8eef261c

    SHA512

    923ab790913194553d6a32e38ecd74bc759649f9369dc1e8d8e9b9e72b017626601e62314316e86bcd10cde131067e418c773108da2b59048c6991a0b33d7a58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7068c0692cf638f2999895e29687bac

    SHA1

    3b1935dd919166d1ea10ad7afd148e066359095f

    SHA256

    3d88e167e7028981361d9072df97d1a5e5e5eb17958c0069b17d86ea74c751e0

    SHA512

    2e7d56fc26720cc75d274e1a756c51e438acce13bcdefea63bd7c3d4df2c6e35551d7ceec6ec4e1ac806fdb4735bd8d468fd7caf6ef6e712c8510f8f370180e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfe8ea2057049cd571e8307368318b23

    SHA1

    8030270ebe91fd41636ced3c1b8327bf1b944ab6

    SHA256

    6f3d976d985e7db03d13af5db09ca3d0db0e831cbb5a90b259e376f1fc85dc9c

    SHA512

    1a0758d3a4f903e853d11afbb4594962930acf929ea9bf8aee52d5ff99707353e110f660e9252ec3213ba488dd29bd3b19dedc6f2996f2bf1af72f0f0246432d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55ad1604d601a7117cead6f9da2208f3

    SHA1

    432e0048d77a0b36df9aa37b03e28f80ee13cb36

    SHA256

    e2bb224ef755bac2ec5713096d4863b4ad294bd5bc09d21f794926f52e4992b3

    SHA512

    2ed4e56ebedc6fc1a9bd2beb0edcd7bb521fb902c6e350edd26e6fe9500c8af3f1e99a64ad7785cf436bd453cfed9c60ca73013faf149c8941b247ff613f1c8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd6a942bd5ceb677a63701efe230a307

    SHA1

    fe10af0c6079e9ca8a2c5ee39bb81a68ace51af5

    SHA256

    827a0ac9ae5298e2196b4be6497a63c7c06f7bcdbb664988dbffa30bba3023cd

    SHA512

    6743f15b78dde547825d209a907c51f4eefce88495c1f5e919ef7fc457d389e8e498e9f8948a694d0bf748ec49c7a68b9054f9c914fa038b9705331771ccde98

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF642.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF712.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\JaffaCakes118_48e2b9a209e37d4a29a73b54b7e40b80Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2064-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2064-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2064-17-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2064-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2324-26-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2324-25-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2324-0-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2324-5-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2324-27-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2420-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2420-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2420-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2420-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2420-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download