Analysis
-
max time kernel
134s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
01-01-2025 07:04
General
-
Target
JaffaCakes118_4b98ed88ff4d3d5316edcd208927c550.dll
-
Size
223KB
-
MD5
4b98ed88ff4d3d5316edcd208927c550
-
SHA1
779300e9c27709ac5a0ee4ee3e53336cc964ab0a
-
SHA256
558a6090fd96231499bb27b5088f152fc406ef887c95fc7b56ff5fd458a8cd68
-
SHA512
fda144f08ccb4495a6ea853153da43b5c09e18d1da441d9fbe7201c0c0cf79fe7389c220cdd69d768b90d6ccd7ef7d4a17f6d0b73accf31c5152fcd8bbfa2e3f
-
SSDEEP
3072:+TU56gVxj27NPr6pgRzuWdkiuwoAzpJc+mQyjn/sfBwqq6AfC1u7MGggagZRI7:V4TryWdj5zp+0/ZL6fC1u1t4
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 52 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 27 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4b98ed88ff4d3d5316edcd208927c550.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4b98ed88ff4d3d5316edcd208927c550.dll2⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32mgr.exeC:\Windows\SysWOW64\regsvr32mgr.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275458 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5bfeaa948003552f89e0be13fdff51bb4
SHA18b0ce61a7521125db8b8c81513c249f321bb6735
SHA2561f1d342499fc681822c2e4f1cf898841de27001b388e8d58adab0de7cb04fa71
SHA512ae472ece0a375e6bc0ac2ce771c827e68a3bc0deb9e171bdaf194bad29f1b99ab356c179cb2449945919ebabc85a408658ba8032248ecaddf1c9442e3de083ad
-
Filesize
342B
MD526274402dd0e266ee8595862346840bc
SHA195636c770cc8d372b3bb22a399368b60f732bdaf
SHA2565bbd3340438d48b32855013db38c6e37c009b7b0ff090fe7880a6c3124fb96f6
SHA512e63c08eacdb5a78893ed8f99807f600c7fd3f38d7a8dc0f87632f5b2385d6623e61334cfb44952c45acbb11ea5f929ceca9c74917dbad2ffc78af574e1cf3bd4
-
Filesize
342B
MD5aae15d3d90184820f50006380b7b98da
SHA1c14ee36c361422a15cf0df807552bb796324058c
SHA256279b2470749e2210e731920dc7638aba97a0abc1f3e0bb2a8118c2b9ab387c52
SHA512569d4d3fe917eb26d43e66f517349fcf0650d4e3f39a398ebdf7f36571df8b78ced1d99aa2dae95e04c3860cb26796764e232d825918890a13bb66dde64fbd84
-
Filesize
342B
MD55dbd600aac4606f0d6e43d4a06811832
SHA17c3063c15bbc8bbe526979dc4f029c8515b82d85
SHA2561c812264b4b9daa2b037a32f5915bcd10d24c5e179684db34bf7cb987e209541
SHA5127e95e6aabc555af2af9099684115e6291527cef73a794d09c5ae199c4d8b6a9158130db4f5fcf1b653f7157aa1ec5b33fe5d94a701f1fb65ff2cba37d9416361
-
Filesize
342B
MD5207cb843a0d924ad998dddc9f702a170
SHA16c66289de87fed2f956a715f6c7fac4190dc47c9
SHA256b74083d530e3326fd6cbee8e98a2eb8e05e6adb7dc559ffca80dd1dfbe3a2fcd
SHA5123c078c972a7472d4f8b8d0e900315d5ca22448d5be8e36a063db3d2b18e5b732c2273009db17dc64ccda516c8e5043c764e936692bb19ba4d22eecab325f3ef2
-
Filesize
342B
MD5b4657137858fb01547ac60927bfd58bc
SHA1f680067bf9327996e318f7d3d96343a99773172c
SHA2567696d5e0af45bc006f4dfdb8b7dbf8039a55b66d93dc5b46144bdc82ebf5acce
SHA512f2205902e005ff64839066b939279b6ed86714daf1762dd7d1e6c8af8611786fcbd411591671f5c0c135d57bfd0a1f25b9c0ec9b2858b8240efa32dd80110b9b
-
Filesize
342B
MD59788819e1da47c286f60f2dccbe38323
SHA15a095cb2d99d02f1b959dfbb69dc4e7febe65e05
SHA256e86e1351979eb73d5e23fc4af66f59bf083830c4543a776b126670404800e499
SHA51298ae043680e916ef91433340c663feddedd57648271f57f44918beadededec9efbc5a8a9141d88075c22ec23f6915e196d05e4084e0f5acfeb4715bb807174f9
-
Filesize
342B
MD5da9c85d0142d9d1915a3f23779f6da77
SHA18200f825b571710bd5c9ef71626f850b0164d294
SHA256960e045fea9a253431daecb4c0149048e048561c8c30bf276897d527e6d82de8
SHA5123647229d0415553bf50a1092a0de9d309be7502653d6e18686929215ff799ec2704dc3db70f2df1b49d35a6e6aaeaba41c061eaa8eb4385358e9c4ceb04c188a
-
Filesize
342B
MD53941be1caa254f0267f85b50af9a6a54
SHA1245b9d3f73f260e633d4c3537ca383dcab69bed9
SHA256da5e5d1e47ccb1fcf3df6bee5e09f3e4cb70fab5de3fc8eb38c1546b289d67c1
SHA5123a8dec2a7bf9385e125613d86d8a227ddb57e0a82354d2cf56ec0741976b136edf476503c26f8fb7bdc79fd00b1119584382d984b53a34418d8304bc97500457
-
Filesize
342B
MD554c5274ff940a40de797632647d877c3
SHA1941905b692aaca7c9f9bde4d040d994bb7e54fb4
SHA256548debb4b4124c611e088ba0c3ca1328a441e27bcc889d27f8eeafce796f98a8
SHA5128573b30785b284eb998f9ce0b4bd0d14d8023c972e38edd843aaf3024c39129aa9084584212dd98f525aa06db008c519d54cf3f592df2632ea2cd8a270752433
-
Filesize
342B
MD5ba2e08abd45528a03210bbfd23741c23
SHA13bb64485d95e8b4121cc23e5341da14300e3aa9e
SHA2566be3da1be987e7c90fe73d6e0001c4d7317fa58976b80c84aee124820f5cb6f6
SHA512985a68858a20e7dbb038468a7ed1eac57b16abb4362eb7478b6ad95c791786498f30d370cb3e99941e913506b7dc9e673eef489f6cee6510062f75739fe3d3ee
-
Filesize
5KB
MD5d14a6b0343cf67a14e7328763a085e30
SHA1457c284ce89b69cfb955d96d106fd7e705ff9841
SHA256c80ac54ebca1c94c0945948111524fd813cea9485d2d5d4e64755efad580d506
SHA5128a846db5c631219b6a80411ec1ec5f6ee0ab270f2bcd021935fae130732582a0ceaa7c08cfc4398f5784dffa5f64197a369e0eec919bf29204c9b8d5787525b4
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
153KB
MD5fd43bd3f881b1413d66a1a45ad48a7d9
SHA1550bda81a39c3424106513d3cdaa373ec78dcbc0
SHA256d0e58328e1ec0c03717d332094088c3e05aa1a734178e050dcad5a240443962b
SHA512f77148a90a1a51aa9d2802f70ef7f908ccac05e8f8584ebf23ec20e7dff3015ef6d45f6591ffb2ffe2cf3cc1587f287756b6ee882d309d94b25d9997ec567b04
-
Filesize
392KB
-
Filesize
392KB
-
Filesize
4KB
-
Filesize
392KB
-
Filesize
4KB
-
Filesize
392KB
-
Filesize
392KB
-
Filesize
4KB
-
Filesize
232KB
-
Filesize
392KB