Overview

overview

10

Static

static

3

JaffaCakes...50.dll

windows7-x64

10

JaffaCakes...50.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 05:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4935484ed5b711cc363711c853222e50.dll

  • Size

    128KB

  • MD5

    4935484ed5b711cc363711c853222e50

  • SHA1

    c633cce3c234fc1f49264e2e878eb6d1605eacef

  • SHA256

    6748eaa3363b65e6daa99265fab9a89ef3269be1282abe5123c13e4cee9c881f

  • SHA512

    fbb5e97c20fd2cd69b8d5c208ab7c200f5ce0c450dfbc7b678b9bddf3f829f64cf29ea5f36657727464a3d56133bff3e1cf0522b1b4149095f892201fa0d0955

  • SSDEEP

    1536:cH+UcWuNdiwiA6vC0JxHvE+BTxZc91M4nA/TmDSc5CafQ00BoGAhAnB7:HdiFA6vC8xHvE+B9uwYND7CaQHyGAMl

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4935484ed5b711cc363711c853222e50.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4935484ed5b711cc363711c853222e50.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2636
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2664
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2800
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa64791fee7b0661e0ebfdb8ae623ecd

    SHA1

    30675365817b0b3623de85e553f16e892f172aa6

    SHA256

    5e60f7b9cf6a5c9d86e735804b3f5be33a0fac3ddd354682977ed91c466cea61

    SHA512

    c9f294ea4023523e1a7494b90a4a6fef77a1a50a140fcac20d014a0f5258b33f45490a0902b30ce4322b88039efa636b3e336be9301f841180335e01c41faa31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5debf3f168f5f08f29151ecb44cb8ecd

    SHA1

    f7a2ef7a19edc7eeaa0baf9b44937c5dc609e3b9

    SHA256

    007d03e302a7e4523409a032080cf9dee66c1ec66b033b95c91675f73edca9b7

    SHA512

    85029fef78281fb5560c4a315c551322d43280f7f83b438774213a372cd1463cd8a13d5e7dd1cfcc0342ed4cff94092f047a66865c3dcd70625933deb4cd6217

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0786bdaf13eaf63fbc724a202ecfc17c

    SHA1

    01d32a6d36a81d78f632c8a99ca47068a106fdd7

    SHA256

    6adc086bcbc0bfc86677257970a41e4ce8aef8f465a2f23de8247067bb2f548f

    SHA512

    0585168417495f8d41d0dc06fdf9d993fb1287326094af9f81b719754ec489f3e71e172703abb162a70a69086d2382453324711fc1fc34fcf65f7506f638b7a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe84102b17d380b59616c3664db669a6

    SHA1

    5315919783c50e471f16acef675401effa3f3474

    SHA256

    a2369b11c84214cae17fe69a60dadd25614594fe4f7ff9dc1f04a69ae868d024

    SHA512

    2ca9b23accc831e826453dbafb3765658dcf00a0b4a0f9032354abf1e9f1d2ba81a182fd0421f1a98046bcbd1335fc390abbf98046800886d958566305a2adf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55f8545d11c98471e0780be3ae4b2c20

    SHA1

    af2a087178cb93b74a497f3a7f468118f8d3c644

    SHA256

    f395127b32a45943a17cdcd5454d01c11b547a7c26701ae8a32caf748ae7d5c8

    SHA512

    3758a2231267ed74ddec96dfb2230bf5615fc4bbb0e1bade73524cfd077e582bb249abfb20b1f626a06395774a1022987596f6a174947e2a922f7f4348497b27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    027978f9e1946919a3458f3bee96b730

    SHA1

    43aaff13702c506308c446d7ebfd7d6efa2300b1

    SHA256

    2ca1cb403303898861e61eea8c42b35784ead02142302fd34c2d9960f7d1ce8a

    SHA512

    bda5174743174b7328cf312a4a73044d726f317be8d28f126cbb52b9c90c9112f5d41a90af666cd6290a0fe09184ec0ee3fab370a53c31e20f4c3b12d262dfc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8302d19ad9ecf849a198f143636d1c99

    SHA1

    881b253ce3adfb034343e34ffa21d6af29841e2d

    SHA256

    d26f7005deb1e00b2e3a5916deb9f1ef77fb8e7d379b9913f52435e81358cb35

    SHA512

    1456e6abf8c18d324ac748388832094a60e9215b4d87c49648ac44f4d8883d974b18cdacb754604f9c5a655e9bd49389da401a6fb80f44ea4a64d35ffcb78e67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18cf9dc9c326622c77b9748e64c1e7ef

    SHA1

    42bb9c369b1d5666c35620a93a6d02219e6e1609

    SHA256

    7c316c0332568c06b0cfb678f2a1614d788566b0c629744e20b9c32f69cc40bf

    SHA512

    59a2dd61865194b7d7f9a6f095044a8d8b3475f9f5dad4082daaf840bf786177285bfac068a6cb79b012f06a2d28c39825ddd49ccfc4cd1d3d77b17acda7f55a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6630a28d4600f08f86c83ad9b27f8736

    SHA1

    36f24421ca307ef4faeba90d6436cd3a47034ba6

    SHA256

    ddeb9afaa2c8d73153ea9ef9ee01b8fe5931e041bb368ee7973c725e91f2134c

    SHA512

    2869446f1f89ddf52f2b4f8d8237dfe30b7ec8ef40d7d8be5869bb734d8c4dfa1628f46de1ec0a2caa9d7fa9e4548c1e54fbe5b06e3a6a04c6de11ef273befa9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4702ad8bfbc0f4a806e27bf87e8e97a8

    SHA1

    85ede141ef098a255f99b2ee8c17edb0b011e07d

    SHA256

    724a36173e7d319d84f551ba1fbb03a900342d5ed93d0940716c60c3b0fc07a6

    SHA512

    cb188a208bbd7955eaccbbe3d60a2bcb9292bb9e0ca470c9c0a309d1007e8987a93f6e53817151348a55f9a61de5af8a483e23f27bed42c6ea89ec79c85f7700

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7681314fab21d83ca64cb1d5ca2e2431

    SHA1

    a2f6dd655cf30e1acbe8529cea1f8093bc1a034b

    SHA256

    c719be375f2ee8008237100bde27a89d1f4a5ce8c918eefaeae7526a7c58050d

    SHA512

    16a598572610702a82765e673debe805d8d8b21e4cddf2c368693a812f485d44372b2f641c0525e2c84bf54edaa3b9a773c32d54d7ba3ff7b5bd9d68727bf2b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a78072ff4d589cae9018219fb15c8aa5

    SHA1

    fe73038cd07a1fc01a20f48278c02fca6218b1af

    SHA256

    397b3cb859f29f0b26e0e04a347e19f1f3b47ff06f95fa51c22b94d87a7da00b

    SHA512

    c25b869c6817ea587451beea8d911e9f40564946908b63ff0a8e75a6c439ab9a427d520d497acb84c925a474226ead029005d10b8690d08cdba036bb816ac4ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72712e417d229982735d34e6a351e43a

    SHA1

    9a903c1ecdd78522f5d028a985d1114ea93513de

    SHA256

    7960df9d20de20dfb0e2565185462f613685f1bd0ba690dc2f72b556570fc245

    SHA512

    7c866cb809b57ab57078027eab7c8a318b281781b32594831f9415b6598f1f4d22ecaa5a0cddbbb744805901cbfe2acc67e1ec710140f5b7e0d53d36b9efd7d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44eb2e6fb9694b63179bcec9dd1c13f4

    SHA1

    401b615f465918dcadbd4675a20871f410f1867d

    SHA256

    e682b52e240b928c03aa6169bebfd999cb42e605ccb328d38327b11271278e78

    SHA512

    438e84c7ce5708e5debd8efc255d7d4d1eefb060b97e5112c2c436eba5119ba4da84e967a770ac0ab2fed7cbe45c349716f353fa3f68d8db23537fc6e99325a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f212903655f24532f6ffb519cb23a10

    SHA1

    904c5beb1d6f4e5d59f70f80a75cc061b38d8459

    SHA256

    22bbff2499f3d8ea1600aa5316f698219200d3a930c3c304fabd300aa214d931

    SHA512

    713ba0852228ba9d92b480bd08b20e2072266aa6e84718bb4b4337724ce4138cb9504325d6f779bbf329d97ff25df2448f307e2363091a1873e2dea736677c12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e0c44eddd6bb3233772b827cd4e0242

    SHA1

    b8a740a036d0ae3cd58f32c2b3ef432077bea92f

    SHA256

    c4dc2c5db0992c8399f23ed963a80c586c019336acab8c8889255d26b0391619

    SHA512

    c06fd5665f63b4f9838ebb2e7273feefd344178cfeec03b8e70813aef11db8631de16482fe44a6385ad39063e02a6f874d7af5c2603e05936982290c82ae35d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be2853aee8349d14ee172734d1d64d18

    SHA1

    def90bb7b54dcfffcff2b58030c22578d1cbd6a2

    SHA256

    8ea33f20272ab499e36969965f309925804a515e5bac2c289c21d341adb940ff

    SHA512

    18b5243638f4ae75652bede0f6a85598310e01b1bf9f5de189ebaddf5195c53d5f74ed0eb9f86d7229694d54f44c159c7a2428ed80324e6070bb9c63c3f613dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74e364fb72429a9bda36c62c0fafd723

    SHA1

    87f711af803e265cc1a1ef724af91a4a4fe097f8

    SHA256

    b5a23049914efc6b621bcfa99f95cf6b7bd71fd2b86c515875172f5e831b580a

    SHA512

    2faed01518222d279ce86e64db6e4b3c03bdede2b31839ad72228c6682e728ebd34ad6c9525bbc4859f8e5abda33592da44ea5682326bced3a7610869ea332a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    209a2a2d6766e27b43d22c5cfd0df45f

    SHA1

    8a25c45f8f838218cda5a527537e02c1b9990d5b

    SHA256

    11f23a1bb574dfbc73228888975fd9636700003ca6f195eee08aa93735356ea1

    SHA512

    8494fbab4825893a1e8b36c5c50a95a974f98b0b52d8aacfa68194ee27d230aca848589507e2d19b357ae3b15a2a7e295b98c390d8b002f1f72c08ca917e1c77

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7DBA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7E89.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2636-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2636-10-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2664-25-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2664-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2664-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2664-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2664-22-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2876-7-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2876-2-0x0000000010000000-0x0000000010022000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2876-3-0x0000000010000000-0x0000000010022000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2876-0-0x0000000010000000-0x0000000010022000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2876-1-0x0000000010000000-0x0000000010022000-memory.dmp

    Filesize

    136KB

    Download