Overview

overview

10

Static

static

3

JaffaCakes...f0.dll

windows7-x64

10

JaffaCakes...f0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 05:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_481f8d2e942159e03a100961be66d3f0.dll

  • Size

    114KB

  • MD5

    481f8d2e942159e03a100961be66d3f0

  • SHA1

    5162c78e944c4688965aed742adab40cca8a1a0f

  • SHA256

    13b3547c1d6aae344fce8bee276b62c42731cbe50ec420926f65a35e4c269d18

  • SHA512

    51efe94d0cca83f01fa35fb4789f7b312d3862cc529520c40f9e7e8804d1fab1aeed5fbfd018d67cb692f0a036679df2044cb665ee4df04880f70c111b6018f1

  • SSDEEP

    1536:wNLwvA/cYuLpYMSp2zJn37/R/v4LOFM9sSWhN/RQm78uTf7dgZ:b+cYES4/R4LOFM9Zm/RQm7VTf7dg

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_481f8d2e942159e03a100961be66d3f0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2572
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_481f8d2e942159e03a100961be66d3f0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2576
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:324
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of UnmapMainImage
          • Suspicious use of WriteProcessMemory
          PID:1636
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2324
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aacf72fe92c204a0fe5a1ad937c59476

    SHA1

    8e30af202b8d0b5e13255ceed22d8a68e9ed6511

    SHA256

    a7ab8047aab8da21e21f3a936312e942a7ceac7ae975c9b7287184de4eaf1d7a

    SHA512

    64f692c5126068bb3ff3856b0935fbd4ee9a720423ea140e11e95905b8a5cccb1f8d2fba95b80025de631c4b69f4147811cd6a55110704b233d7f1cb1fc041e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b15b34c08157e33059d49869349bb9e

    SHA1

    cea88912bad3b49692c241f4412030b901b34da4

    SHA256

    db3bfd29880d68663846975d7fe3664a1247202fed455e7e8729b478e6755850

    SHA512

    e43181e715795a49571d7110a66560b8ed8feb526b98f359e1a03066c1915b08fb6810c51e94c149042a0fef4169e4464ba590c351b0101d2a84085d345ea2d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a08391563ce9dffc5d4fc6f17e108ad6

    SHA1

    7e0d7691493e6670e9469433059009be76ed4948

    SHA256

    3e1ce3bcc84a1655286bf7e7da3cd73b80b8d7e095f66f0ed792642869ef53eb

    SHA512

    c769d6def07d3fb973066a3a12dcc7bb30ea381cf1bda178651346a05cbe3b5dcfc900eef74b44c2c730d0c5afe5dc5f14773e7bf5a2c2be6286140f501dee0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a444146c1d386142844058216eb1de3

    SHA1

    40c9d16268476c402af0b5e67d582f04365c3d7d

    SHA256

    ac36515418a32f84fffe82a7809550436ba805c60bdd3479fc27f10043ebb05a

    SHA512

    6c2fd6dde71e14d877c23795275ae2843c297ec3a8a01243ecf745f07868949c6ec4978ed889c831307a26d2d152287b372f183241fdd9dafa67dd1eb9ec142b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a8953dcaed8605973f35a92f42b6d01

    SHA1

    1f9fd96e5e740e31393165b4b8e740490be11a8b

    SHA256

    510bb48182164f84e7969ee995a7d1a6ce8dbc1c51319762d474f6c2511c950b

    SHA512

    f07608026b75510a83c4329c56a64d9ebce5f5405ec3f499c80d28e505dcad0afc03746cde6c81ccfc74de655d0149a869e3cbf4962fec0dbdad9b1e7c2ff313

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b30dc1ba40c4aceb4b2dd38cf8fdd2d

    SHA1

    5975a6cfb8fa612e5793ed68b25fe630e953de37

    SHA256

    8703c4f09b3ba63c1cbe6d83b4fb864828964bc72313994d41283427b0084560

    SHA512

    541732b891ba5c3f161eac34a608ebdf1b7970b5313d5e5c947b926e99179dfa33ccc6d1ebbd51f8b95610f6037aded6dd29e6a882cde1f353d62c19b18e7b41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bead8f8cfef881af8f166373ebc48eeb

    SHA1

    5998eac1129a1e3904dcf2149804f0ab30d3832f

    SHA256

    393cdcb59e13b7196c73dc75fc3ad2921f5de24b6f0d44d56f4c35665027d674

    SHA512

    9aa96f1c1eabc2eb7ef4fc6ea0c36a059b27cd6fcd349c2bfec18229294158e21f345e38db44d27656d6e53aefdd36a4bb169f13bddf4c600854cb9176b1fc02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae34bf07a23d8b0865b96ca63b80e2b3

    SHA1

    bdf301bfba33f05f9819d4db19e08d955a009da2

    SHA256

    6290ce8bb36d07a620a9b9d90171cb27c690f5593c8f2b9ac9546f794278466f

    SHA512

    8f2be978eb112153b0c0336dd4101e8d71757a954a6d35132a8ac8255f36de20996942ffbb2b03ebf330f75c445e702502f580853e3d0e626df3cdec56d2d062

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe3b65d94c9db699bd0c54a468158a49

    SHA1

    e7d24ab5020cc82769b24ca5a2f674209743c5e4

    SHA256

    2d5aa45f8d02a9ffcbe78cd0537241af35a5fb960b53f212855c63f9c6367026

    SHA512

    48fba670c9b610bc52f86771adfa87faf52b4bd56449908e4498b13070a704d5757168aab629a35ec1d737fc21dc1be6df3e13da8c0c245a0319c19072047dfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70624ba21da6e722e4393578c5210bf8

    SHA1

    6c311e54690dcd91235ece129bd5c58664f835c0

    SHA256

    b988ad6bef3d971e4e74d862c276f102ae93524e02cc018d63d398b5116daba5

    SHA512

    7e6b0f0fcec6485457d9cf8a2e57c09fcc96eeb99884d93cc418ef7256c29e6dcc24cd9ef912988cc7aafd6cacf0a40e36c0c5bf428d0f0aa2d62e838f09c1ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aaae0bd01a7e45290a5cd69f7f16be6b

    SHA1

    e8a026a54bc4c409f45ea28cb9c11eebbdb454de

    SHA256

    32542a9124b383063ac0e074a78d4661663ac6749d80568e24d568361a96e3bd

    SHA512

    eab24b38e77a42f56ae7b118d8e43a109fb4455794f9de718c6e631679cfa1db7dd7419da546ea0da2324f715294c05e06af34495497c8f76879ebfac64b3f03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c7d14f64835379637e5a9524c7d42829

    SHA1

    4dc011247d977b8d67a51e7a631487d33194a67e

    SHA256

    f9c2308cbbf06fcb3eb6db00acc35f7078ba4f54f61fccad74e559bdc239f646

    SHA512

    947b4f6fc42cad9a588ce80e76c98b2efed041eb1fab2e41781b6eb870885ca9022f8ccfd5681abf6e83abf5c13a2cec7932b4fed1b5f47d9299b70a4d169a7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b181f141d28b58e460e1c570c16ddf6

    SHA1

    fa2e82a898c212b0a7a6eaab9cd14e6b909b9a47

    SHA256

    61f0584498f7223ec1901aa7a89b4f7938326659353df04f92d7322e74910b83

    SHA512

    51152d85bca3e10ae07ddd01520ab8689cf402ab9715c81c52eb136e356339797e5379a031488e3caf2809f819c45b0b9a26eecdce1f9efb0921bcde8a214c63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99540094a83782a56d04e2e538c08dfc

    SHA1

    3f0a2fc88b293a3c2adbb9badaa1b33d9664606e

    SHA256

    8d11664c57c2b03db71ff47775733957b95c9ebb0f9e97ae4b74f84ccdd64e0a

    SHA512

    eb6290a603d06953a50e13f3528dcf624f20b6b366eff18e878ee1062da87a99fd7d7e0b1b1c6cbe88ce65a0af358fbbeb57394087998fe9906f36eeae1d87c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba73b470d7fecf79e4de01f531c3ce87

    SHA1

    775ea9033aac0d902d656ce99f378e0ca93e3178

    SHA256

    821ce4322d530a5eba850b0e9062213e0cc9163df9231a6d0679bcc2dcad9113

    SHA512

    fb94366cd9de18d994abd078c12ab16fdbfd805207dadd14a14061045834c895b14fdba8925c081a56c5387ac6b37056f6f268d7157f122dc24f6467cf2e0460

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    053a3060b915f5e1d56cc3fa7f0737a6

    SHA1

    e0e7cb6bdb1fc852b2e36ff42065ef1f7bc926ca

    SHA256

    4e07c0ac41cea207d528f98bd85dae9e6ebfe5ba1e2528f5ea611e46ec34fb6d

    SHA512

    f668567e2b897f0c54f2a3393de7f0c9dbb1b16a2a44deb2d80722928fe7d1b7b37e19d26fe9e55343c5d630ba9493efd75411f6423300b3fb6a2621f25fbacb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0cd7c9fed115f6f2731fceeee60ccfd5

    SHA1

    66ac4abfd49de96b116f74871e8c1908583d5fca

    SHA256

    16aea6e7591f808ff421541d65226cd62a47aa66eb9a732586248d30a56520da

    SHA512

    c36bd5bb680d115139f318cab2916ea120826e325102b587932c677641caa6252d0526c90455669ba98e42f15cb39a10ba03df6d1dc33f09188780a500587abb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    206ff7a8fb935dec7e62ab43edf78aff

    SHA1

    7f08b3665a2f35e5dc88a107f8b41da6196f641e

    SHA256

    a5e4c28e8fd9d4e5dc2083b321082f8f9b13ff04d262478fa78af7cf9f20262b

    SHA512

    3fe1f1232698c3578743f94a0b239577682a2f9e817c2e56be94ee1e97f916e18c2e7bcdc8747aaacc177328f85552b06a7aab7d7054c15b58f37ac4efe097e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3CB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4B8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    52KB

    MD5

    17efb7e40d4cadaf3a4369435a8772ec

    SHA1

    eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

    SHA256

    f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

    SHA512

    522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

    Download Submit

  • memory/324-12-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/324-17-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/324-15-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/324-14-0x0000000000230000-0x0000000000232000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1636-30-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1636-27-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1636-32-0x0000000077C8F000-0x0000000077C90000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1636-31-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2576-13-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2576-2-0x0000000010000000-0x0000000010021000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2576-9-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2576-10-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2576-0-0x0000000010000000-0x0000000010021000-memory.dmp

    Filesize

    132KB

    Download