Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
01-01-2025 06:08
General
-
Target
JaffaCakes118_49f54eb1429c3671f84f2a267cb6b000.exe
-
Size
1007KB
-
MD5
49f54eb1429c3671f84f2a267cb6b000
-
SHA1
1e4eecf19f0ffa7c4578fb1386a31ea02a364a70
-
SHA256
e5487e53861853c008db6f0d7a0c802fd177bb40aa14d0fecde9a1342d3e1cf7
-
SHA512
78b85eb6b0bdae44f072d33b13d505df93371aa44068e162a389775413f1769cdf1c624b070db0113db2e589a6af6b7d062b8838219fc551acffc4871d12ee15
-
SSDEEP
24576:3fZVNEpgxyfQhcQZC3NZCzCyPlpSgaTSTf6c:3fZ/EpA9cZ3ClpSg0STf
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_49f54eb1429c3671f84f2a267cb6b000.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_49f54eb1429c3671f84f2a267cb6b000.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_49f54eb1429c3671f84f2a267cb6b000Srv.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_49f54eb1429c3671f84f2a267cb6b000Srv.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD54251c6e18a0e310575e5b70f31eef4c7
SHA1d76ab2d7c2777a85eb21c1162bcae2abd4ceea4f
SHA25672780050a4f6d8a5bd1b8e14bcc1d718788db945a05ec2ade39678e7151e5c3b
SHA5126f1733f200fa9eef575e08cc2c74cc5f84ae91aadb2b2f7067c777cd30aefcb5050aeefc17100637f5b1d804eb659d83835607663fb73f6bc50d689eaab4ca33
-
Filesize
342B
MD5307f60981d0de371b5a3533a17d47ebd
SHA1e01448a7a5ac6cb04e50cb13239656a419341e0d
SHA2566710c9b28d1acfbc857013957cfc2d0c0813e2c918ae31bd6f8c02bc301ab60d
SHA512db8e0ed63e74625275edf0bef393fc8a8046d45d0ba1b28bd2c1e94b3b1b62d177941844306b19177a2744c44228b8a8963d32fd5ab6eafd9b18c07368e1a18f
-
Filesize
342B
MD5e4de5700bf306e53baa1db392ca5cbb6
SHA11313412003ea7a67b4fb9a7d4d3740f3ac5d6f0a
SHA256adbbfc21ba8101a660587281a4bc5a131669bd7f6f38ccda4b3dc88263c11190
SHA51206f55504a8eb196d240eef897d7c164ff68c63927e473d457e6d42fbea6528c212b3b20f131ed53871bf76ac06b25dc81bacc64897e48d16146af735a764f53b
-
Filesize
342B
MD5917140d0c4b5f4bac41a27868377c398
SHA1770043332b881fdb314bd6b27e288c46532f29d7
SHA2565973f79bdc0758e52d68dbc822969dfd5a7d872d13a3add68247617c622bdf84
SHA5125815efb7406cd0355fc56c947de076507667d2c752d59278f29f4800676e1bebb05a16975e3a418bd5a94c716c78a83645b0046862fd48c25ae0c6012470b310
-
Filesize
342B
MD58636105810388990c7acf60590898105
SHA1d9c30a89d6ba7d122ca9b9242e73778be9d87cd6
SHA256228e9055995bdf8b2b861f9f98ac54025bbcb47c6c796690038edfc69aef368e
SHA5129169634271dfe11eb5949eeafe912cdd0dc96d91d51f1f38eb6334703529073c517c1c48566fcdc25622fa689f155e07d37e0a7b02ddad0c44479422f8b1c95b
-
Filesize
342B
MD5392c400d7f305a21f4725522cf8ce626
SHA178b66cf671cd03649e02d0253262959a14690627
SHA256f2f5dd9dfc7b425689deace0e946e3b3735d40f37d810aabbe899357b83c0b76
SHA512471f465ff683c56f87dfafed3cc38c1d4278cf4400a05aed83ebd6027b9a6ba9a126b25128dd6707a254cba643ceefef0cc766271a9741c4b042c08d1c2ccda8
-
Filesize
342B
MD571c399811a26632241e2efeee3102483
SHA11712fa45a3d20c86cb98a299aead109699aa413e
SHA25683f09b2e6e2b93b7ec9d1d553d133da72086e83ba1a73dc84d02b46b19e8a355
SHA512ae99655b5bf8ca58a97984778ea207e57d8f3d6be860eb63f4e71843ddfe2d5839d39c763fe42df33303ae9ccfdc9702ad32086ee668960a808a1cfbf4d12fd3
-
Filesize
342B
MD5ffca61d5913b794ff8f8d8184b395257
SHA111be27f0ff1319299c65073c4dbaa7860fb0add5
SHA2562bcfcc136b097079492ad860aed594eb792528aacee5b52902a0cd30734db236
SHA51256187571106badefb5ca01ff3edb2fc9f7bb0f64812621028eb71bbda44d30f7a7ee259782eeaa8c4bceee061be0280d42439b91d210ed228eb878eacde64be5
-
Filesize
342B
MD5075d81969a186746a6d529d48dbec2e4
SHA1892d35d64fac0e750cc3252ead142d5c7961a264
SHA2562dae2f9350c4caaaec8b3ffb981aab8b76566cacdd5f66e97c58f87fbe0de7a6
SHA5125c1aacca649c7ba97d508d78126b19e22aafd5273a235b9d6fc0d41cb2316951c55c58df868117588c257021a20ff4f4166155fadc8ef05cd32cddfe597016b4
-
Filesize
342B
MD505951b64fe561d8693fada180826b962
SHA12f0974912150a9fb558ac62b51e7d1765efc5e3e
SHA25648da02d9b4deee458db5e0a85e7797d380a23ac88ee74079ec04d30cbfc85b50
SHA512a3662c7749acc95c79c7030897f8339157d2fb52df35260da77cab009f0ac79807097e3957be0954cf8f64c4c51942f0f236bf603c9dc67f160f3e6a979add2a
-
Filesize
342B
MD5a8aa47ea2165009ee109e9c2f6f94e91
SHA1a1e2b753f33353ce4a6e4ef168db74923748e673
SHA25681bc31cb2baab1301a8d47daa2ed2b7bfb3eb89ba98ce183c66b47ef9205aec1
SHA512e88afd0fce7f8ee14345da25dba6579e98872b2d272c1a0ebb271b32058e9499cc30d4ad8e0bbd3718bb98d72b85fb9e8ec1bce277957d4f4305926949bd9687
-
Filesize
342B
MD5e9abed5bfbbbe6f2ab9be383ac60e970
SHA1f41f05dcd8f4c96a37464de24d8f2aeba80cdf32
SHA256ce2cb6086947d0c9b07a2c89c7e53b067df2ceb1606e4a2caa3fe4d680256a1c
SHA512c0deaf2bcf734191ebac18be2d9f9d246f715549e59fac1c1c4dda2154630e9bd601deab2c1a04ce8dc4d3f9de974956d9275743309b0057d79056543f07782c
-
Filesize
342B
MD5a820dfbf0babe51619babc6e61c40e20
SHA16c3b0d3228aa96c5e3a902dba987a539ea9cb561
SHA256593c943686983ae3607ea996ecde597f5e372ad9329ba3775fe94bb06cfd9721
SHA5126bf0b7ebce6e8e2823060ad3c1209230cf439d2e946ece7df920966fdca3a146c9c96a40e85f7ee86ad7891d377b51f66418b7c9cbab609a2b75c3b90005220b
-
Filesize
342B
MD5776c7e04f99fe9a23e842c7ee7b3dc26
SHA1b167fe1ef3e27f95103abc4867aabc335d926398
SHA256c574faad285545f7fceddb3c4276303547a84861a585be9638d70600f36fe417
SHA51231a9c31f517f4fb27c4b0c4e92f83b9c3bdaeb88d53a669d6150486570e6744ebe231368ffa60204ef4acbb7fb31d32ba0b0036934be441bb09dbcc0a82a37d9
-
Filesize
342B
MD5db17240f1b9f9550c7ac6281186ff64b
SHA1ecc05c91f0aec3bfa4c6a0f7bde33e3470590b33
SHA256a75e3cf019f8fb32cf21933fc19ef046d0a3ebff99021ab2b3b9b4b64598a0af
SHA512906b529d5272f92066017f31aca2d4931691467b2d0b428f6229fbaeb4f42be35bd200e30dfc5ba0d3842fc943a980a59cf2632e18872a8bbb66b17ed05cb52a
-
Filesize
342B
MD5a917a68ac9dcf113fc6e6487daab5bbb
SHA1f2fc95f5d9fa7ffb63ece737112f11d310ea8bd1
SHA256765401dbb87e627bbf801179b47cdfc7117ef257ba43d9564ac3392080af60ff
SHA512ccfa0d68f83c904515b5656f294eeac4fe5235aefea28954b3d5c1c23fc63d983731ff03b9779772ea57abe606e80232b07dbac7a8710be356e3308f4a134b27
-
Filesize
342B
MD5efa98437329a92512bccc050c8ce7b83
SHA1f4d62b129f12f038b4561397be9a0dfd948dd520
SHA2567ee17056100e00aee1810037c98c00e66b1451ffc8d10808c274df6a34838a06
SHA512df1ea0546d29f938b2d85600d8eb465a215d69f82697c239fa2421a2ed8c6627202fe4b365cc33fd722e6b6841f8b562943a43ad9f390996167b9c3028961c67
-
Filesize
342B
MD53c6dd5a355cd368c14c9b2a9674e92ee
SHA1c3b7efb258d91eac19753fbbd6a2ea906faf76d8
SHA256ed1ed0cc6954666865be787562ffbb5095fca8228ff9a1dcfe849ae5a8f5201c
SHA512b69c8de2512afadac0e0d25ea386a14005a1cf46be56c1e78640ced391d342b6801b3eefa3cee8bb77aa54304a81cc46a014503f78cb99bb780ff109dcbfbd0d
-
Filesize
342B
MD5c983ada43f3a8942a0ec701494f0707a
SHA1bc393ee91b0890e59390703ef1d1949fbea78965
SHA256c823030636d516755e6f8e55f4314bcd9f2784003b6e6241a6fcde46fa2db134
SHA512f3ed73f9419396a81e1d0aca71d7ccfaef39637299be6f8bb252eda0b4821d2eefd499b88a3894f09fc013c1b6f7cbf459757ae81a6ff57fa763920035c53671
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
4KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
60KB