Overview

overview

10

Static

static

3

JaffaCakes...30.dll

windows7-x64

10

JaffaCakes...30.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_48264f2fb06eafc5f6b63349771af730.dll

  • Size

    672KB

  • MD5

    48264f2fb06eafc5f6b63349771af730

  • SHA1

    ba2703bab917ef5e96b41873831f5509c7d265ee

  • SHA256

    c5083725fa508f01c13fdaa177660ced4e0c24899d6863cbf5d155a6bfc353c6

  • SHA512

    181fb27e34de4d13bee53a084ff6aabb0e75b822578bf33efb347d51d0e4e3a891313f86b205b4c0cd24018c2150b2f4f22f79f86ff76a19966154b02489f6bc

  • SSDEEP

    12288:dFqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeCZhAP:dUi2C1JdoiEdmGyYukhAP

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_48264f2fb06eafc5f6b63349771af730.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_48264f2fb06eafc5f6b63349771af730.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2912
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2448
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2688
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    622170d760a6568dfd1bf6953d0da26d

    SHA1

    925bfced0fcb6aff5236a6b97ecdc5a43507fc59

    SHA256

    e26ed8164ab9e3586720444b00cff62dd299d8c836554b1478e697c18e15907b

    SHA512

    6728e6a58c33aac63c99084878dde5b7e61eb5e9e57061056ce64dfe32af7ff7a88df6f82d5a6aa9aa64c48607fc9b8f361106a0341a308bf6c0264a0513ea9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    871467cf340d90d9cf481b4d7b82464f

    SHA1

    4eb67fc0082718461a9e6660aa650a051c0894c0

    SHA256

    fcdafb393db31392c0997315ded13e6efa7bfa6be12c94244c8454991ee74ada

    SHA512

    8b1a3e6e95de91cd4afe02bdbb568e018f73867a8d6480d04622378463f69d8c9eaf3b34af5fcbd669e23f6038cb7d097a033f8e7c2b80c8a9ba406ec2a9b69c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    685b1842f17d4a8e98e921e7cc7349cc

    SHA1

    13857a14d5e2402953c2177d6c0f6da4bc1dad10

    SHA256

    f020869c1456f513d59062a4afe2aae38e7328b65669098498b97747eef1118e

    SHA512

    6a8a2239d2f529fea14ef816249908b56922127c2bf5d9f9de151f31f3aa11dfd9f4ee62fcf616b6c2c9cace191054cfdd977315578ed250491966b6bc729633

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09d1f44ad9c420b4faf6e3c922f0c302

    SHA1

    4a5febc72d39c9ddc856df92d5febb3f38b4e0d4

    SHA256

    01dec02ea68238cce6838af14629637448c6c7901c2430c3f58c260917360ae3

    SHA512

    002e18a0087a5869224178d31d81331fd93b11e82ca4a4019db403d6c131d746dfa6b07d1325aad283fe1e37e4e4595fa9bc49eb07f8ed0d9d87096eb5c72df2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c065b7441de3017c6f0a2b8e9e478c54

    SHA1

    300ba6a6a8bf3a00d72818948e2d27ede973662e

    SHA256

    427731eec5e628d430b3fd43f572e92f97db8592e49f3403aeb94dbde16d1ea4

    SHA512

    7556ae7678f851d9fe37ed4f6a6b137a5526b01526227bb41b624f1f8cdefa708b5444d99041f81d4072ea0a7f380773cc9c9b9f67598e5b0148c83ec52022bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45487e60c35e2820b5474d0001a0f321

    SHA1

    89440b5a9e2d8e58c4f9d433378ca8e3a377262c

    SHA256

    1e3f27ddbd61cb3506915d83f4f3826ae59a19682e4c99799bf56c579521ad72

    SHA512

    f1bedb0e246e64ea0c015a9e2a8cf1c0d93fc5e0cdc111dcd9747a2aa031d74922e4fe16a1f76e136d4ea467e2b79ce41ce7eea96070faa3c57218bd832d65aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d58e13c35d00cff458afdace9f5f0ab

    SHA1

    d32d0c040fb7a7bc06b4576f31328b1d6909fd3d

    SHA256

    19aae37657a4b433e2d704246b68bd02008f7f3867f23b922caae60cc9941aca

    SHA512

    57d032dddb27b525d96969420c90cee59a5548426441826748ed1d2428eddeef9816874534efca9179effa51643b97756e7c7409d8b3da67475d47e98f922ca6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45d5c9dffd7ef45861dc76b43b33cd96

    SHA1

    5458c91828ee27409723ed8f4d81796bbb850628

    SHA256

    4ad6b84c8cef0ca33b8dc6ee30ba81c05d42a44a2d7b2d10344d9b6c98352680

    SHA512

    07d7267016a7b1938865ade977167df4fd6a63bc3e6db03907121fd5b30514b4fa1354ca32534c1c36aea9e445981946280262533b128a5d6c7c21a3c8ae6b87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20af60698bd86f4ee0a4ffac61887776

    SHA1

    5f212f75255eb1f11f89098d46cd7b4d3345e757

    SHA256

    9fc08b433f027da51965c12a9e8cd114b69921ed6fcc9772f0f3c22a4e04cf4c

    SHA512

    42a9a070f19a7ab39f656bee5c286cb986f207c8e74f3e010a46d6cd1337d63abbdecff92572c1d57ea00c8c19d62ba6b8ed6b56714c89e1c760d4284f705a48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e721ead58363f78cfd9cecc33aaaf10

    SHA1

    49c8b167d41818bd1ef21bc864b1ea590d8bd05d

    SHA256

    003d4c04b15a2a6c9b55652d21059cab531c15e1590cfc4bcc321ab3ab6e5750

    SHA512

    48dac401e49d0109024ec92b4ad24445f68ef63554eb46caa8427ac58a7ade7e5c73f7bd2011c5f2cdc83736f8e94e96434a5097f98a665cdf4b99fe057b9951

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66b096a9d12fc7acef7e943b45192a9b

    SHA1

    0cc2db73b5a360dfa6e2fbebc02453513b07ba24

    SHA256

    34a0d6d055927ae75768ea602b8af7c56ed852ebf36a567d3d598e44a7f19e47

    SHA512

    81b46522e1b38fb70643bd9702b86428d076d1cbfb40768cc4cc14829f59800eabb9aabc3eaba49381cc13fedec95d44ad22a1e94da60efd27e690d73ed0668b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0eb4ac2f19d23351ba46799db8d46dda

    SHA1

    2dcdaa277e7a102ec6bf0b8e87e3fa4ed09792f8

    SHA256

    225cd9717beb2224d26273e60a22b5f450653f7b4d477a6c932c98c79c692dd2

    SHA512

    a7ecd3be7c25bf40135b625b19efa858657b95949a05fe61e334329e1cf19c9568be47c5fb5fd96f2a5689be89040f7eaf24261e3aa37621261fc6116165e215

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b033063497054c5c14b36c216fa283d6

    SHA1

    09764532ec691868b9b597df534ba8fd930761aa

    SHA256

    9c629c8fa6d138114f375d58730adf97813fa9656f07eb6505ad2600c8e86ae9

    SHA512

    74cdd15785e8f7e78ed1437f00035212cb46d76976dc1b7cdaf322ef33c76e63dd451f61488e633a6c7d09a844db041ca8d9afbf16f28d7ccb1ac91d60084864

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4142c698fac9840962405e8103d18a5

    SHA1

    e6182adc1fc2c4386b1f7d70448d89487ea37a7e

    SHA256

    af6bc92dcfdd425ce9249dd7008217b060b492f9f501a243c78867b514449a59

    SHA512

    68cb644fb236c58fdee10520a11b3c509961dcc3fd9869d287af5b3088d3e3cfb127249e4a33a74b381be99703b69d9fc5fb98773c16134ee03455d79d7bc434

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65114faea002f0a262032041ec65679b

    SHA1

    3a78f569222d26b6afc251a95a66f21be2430e7e

    SHA256

    9ed5b6a6d067312c7ca2beb254360181a1cb37a3c500dc833cc90b3a1437e1fc

    SHA512

    891a889e0ae86bec862f35f20a4b47867b7a6f5717eb07d8aa852fe4c5e46e2bb266d70d84941de433e602422c85a8d0a2d5dd5fe416b8e22c50b44ca854aa84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7fae56ed3a8936035bcc3376eb2d9a8c

    SHA1

    b0a502ab969eeda4c4dac87671b4b8761473add6

    SHA256

    f227e314ca07d1d2080f4890f88a4077d5e9624aefe755749ec06f9a37da6d49

    SHA512

    7d76a2043501ccffd71089cb55266ef1e74c0447dc95edbb59c990466265625cd4baa4327b56c14fce3dec855cb9dc943ec754728bceedaee7713224feddc238

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a6422bfb460f39c899eee350d25cdec

    SHA1

    b5892a35994e1195b28ecb0d55ee5ffc07cc1830

    SHA256

    fc8311e66e689c033afd852dbd426f4e86eb9276a9595f8611d555155eb85f1f

    SHA512

    2115a27b87046955117592f1e0a1c37ad8d465b015de4058dd72449d5d45ec68cab964b5d817e31b4fcce79da37469c106a5d983a70d640a99124ced1d4524fc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab51EA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar52C8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2448-21-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2448-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2448-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2856-1-0x00000000750E0000-0x000000007518A000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2856-453-0x00000000001D0000-0x00000000001FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2856-12-0x00000000001D0000-0x00000000001FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2856-9-0x0000000075030000-0x00000000750DA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2856-6-0x00000000750F0000-0x000000007519A000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2856-24-0x00000000001D0000-0x00000000001FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2912-11-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2912-10-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2912-15-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download