Overview

overview

10

Static

static

3

JaffaCakes...30.exe

windows7-x64

10

JaffaCakes...30.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930.exe

  • Size

    178KB

  • MD5

    4c728d1e2a132c19f27bde4f31e60930

  • SHA1

    fe5863b16ef9123d81c7ad25513e4822361803c0

  • SHA256

    752bea21b78cdbd0c1c03ee52780175e22fda411878c97cea468e3e5e3f97ea0

  • SHA512

    06abeab59a32fea2a37427fd5ca5972d55e13309b65ccca97d525fc7a0063252ec133ddb9a565bd09a68b15620496919d7adb3784269c8906ba4e731a6608015

  • SSDEEP

    3072:akAwOzhjdRmSZiAqFbrnp+KsYGngtnQnMgjy7jfY0fJLr/7AIvpwZj9u6js5u:+w8h/7PCkKsYGg5Pgjy9RLDcY+hu8z

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930mgr.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930mgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2868
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    976dd8c40794441032f54f6b55503020

    SHA1

    d32ae7c2f7e2bd8011843177db84a4aa960dd53b

    SHA256

    e26a082bdeec0ec051daf467698542e5ca4bba37947cb015349fd5b15e61d9ce

    SHA512

    25da34935fe398e837b26394b522cf87373dd77fce7e7e64f030e762cae35fb7345447fe5afefe13320c01cd19552684a486c716c3e31423b11a7c27de6e6ab6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f827e1473c2e07eacbff921c46523051

    SHA1

    c10f8622ad09a84ca0b05eb32781ef51de817a68

    SHA256

    30d077294dfe19603d73ccad9b61e52d837b34eff11f92ecb32c3fe8934af4f5

    SHA512

    b336c7d9ad34649c28d465bc7f1d547364e50e30445f61cb707a5ac8b09caa9729af369cd73422ede7bf3d1995152eb85d9d9efa0943e29f279a768a75dfe056

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e638ff3ed05e71bda821e5b941844f30

    SHA1

    2040d4bf25358fc1fd19768392be0b90fc986231

    SHA256

    69fa477f3d1ad0706c72bba287fb71c8e4f52bb84d02eaf813c4912dbd08bd7a

    SHA512

    4f67e71f426af151be71ae131535a160fcd1a996ba461c624c1a821a060f314962ade4f2ab016d8764d5784d9a138a270ea8b6624268ca638ad1539e7947fb17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db4e50cad1f9bd4f06a7a04a95eaacc3

    SHA1

    cb893af64e93a08839d4895e11950cd49574adab

    SHA256

    9f11b90a62b04666510f0a96a42fd34a5896b4bf0faa06823bf9b55f2c006e5c

    SHA512

    e13700442c874af9e1f1be198594a2e67b20c12574be3cefa062108d572c0a2c91f16f906050031643659f1d2379dc95b1f7c597ed0d8be3a259355b269682de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5aa7057c9a7ae3730a1cfd331555c8b

    SHA1

    f22eb723245e691de31102ee474154375949a369

    SHA256

    e6e0186178185e1cdd478f437172dc373ca33abd170c670768c65fbc649429d6

    SHA512

    da935f8e0eb11ac591927176f070c0a86b8b1b4580c4f72e88c151c9adab34a06c9566e7a59c9eeef461177a541a0de006de265008cb544b69837327e41074a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e157a0efa76e9b809d5da0d5638c71cb

    SHA1

    4f70c51c67918d1a6b8301ee0e2b2bc4a18b0164

    SHA256

    208516e91591c2c546b8bf9ba46a8f415ecd1cbe15117e6d41c4ea37c57eac6c

    SHA512

    2eb6af8bafd48cca7ace91e2328bb5620644ab48502b319d470442a0c755dc2978eec8f0c74a3dde86dad9c32dc3226856cf60b6912a7f973a9cb65419c672a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82ae9332f5b0cab821e47ef3ee7e5c6a

    SHA1

    64b84f5a13b7ef835b0c27d27e9b4b3d7d0fac3a

    SHA256

    14681c653d78d9130d55b188300cc87e2b3ccc1a164b96c105cd12928f7eb64e

    SHA512

    b7cbbf7c091b448e15aee72b85fc190233011f5ee5b8b5efd7233ba3146570686d4bbf1010cd34bb1564784494613c3221441e6d82b34a75ba546ee2fcd1cd69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56125e8056233786229e31e8d01e1e42

    SHA1

    a5629a713b4d902251a8952b7a493ddf02b03a0f

    SHA256

    c883230debcb6721d8eb04848d58ecbdff1acb511ea1ab53d42937e98df8faf6

    SHA512

    95b31e2d42d51c7a3bf58553c4e271a874ec648b8a9e75d7d43a602840b76eca69b129dc3f8a2053fb7259338e2f80ea1f62b9bade439b61b03037a312424f5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    588ddff89b9f1f569a8983046114960a

    SHA1

    29ba2fe07eaeee06c6aa751539084e2276dba3c4

    SHA256

    e1af684f5df22e829e9b4e37f8aa818eef9b1f48cacfecde9aadb4acf7f5e3e2

    SHA512

    b32ac7f16664b40e32e3d49d8e8404f7c259e2c760728c4740b8d5252b0c5ab93e6d937fda80252c76fbc68c210fe082e6f2c8995e0a90b73b39f67e8cc83377

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bea1bc77187e00acbbffc5b1be0f7c25

    SHA1

    dfa5a6f6c082de918c3b086b15bbd8ee2baa029c

    SHA256

    8b317fca684b7c52180f7d9ae6933958bfa6448ff3ba377fd6f9d37037d8e270

    SHA512

    3a20aab52f61f4a5c8c4db8d779a667814050545d0f717b9753062645dd735603191678e372d4b148908dffaebd1c62a2e6043e120c76daf4ea73163ca84353a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abfce1a134270f6ad9ccd6fc8c5c5bbe

    SHA1

    56eab7879ae0f0aea79f403c3fed935b26e177bc

    SHA256

    bf042fc83afc6ef862c573a872e62e126ea57da2b1463d81b8991ef9d21f9990

    SHA512

    d4582d74c18b15a26d7ca0e91b0937d667431e7595fdbce94a4f5c2038f4efc2ae42da9e88727906e1e461f313936b60af754ce6894b9a966ee72ebcbdb39875

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    454994688e49532d40550f90455fcdc0

    SHA1

    76062e852328356f3796644f69f4a6e2ebfdf65d

    SHA256

    38c7f470f11a9b576051c268658b113c76d1109e285dd87c631642045cc098f1

    SHA512

    9589e3f3710d9091281a90fa18862ca8f80db6d7de1fa9e1739f153d7bbabee0548533939e3462422324846806b76e8ab74bc0a2fb5c05a5f370be2a57c0f2cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f9002b69b251c356f1f91845e6d1715

    SHA1

    b5d73ec45d7ec8d8184994a666a69290e4878038

    SHA256

    fc04d40140f864baba7e49b71cd7f60c563bad662ffe735505d214e58be260e3

    SHA512

    bbaf8c5221803adde807c100f47e6f1f072032577e8dc4ec640d23a99f2506cb3194a6d5156cf254641d51a42cff78cf0a227864a7a116193812e061ff8dfb6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    587ab4add54431dd8346b3a80e56c8be

    SHA1

    1a778d84f00f1176ea975798a859b83f29fff5d5

    SHA256

    59510ad229600a6fbca5485b781791b0235ec89ec442181651baee1b6e69b469

    SHA512

    d07209e65aa16b8a9d3598227c206e9a25ecd371312d2c36bdd7ca39d6c5803e90c8ad1257785d05f8a11e4c7fe024a753e047bbf55d595808524a934d954613

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    266497a30e59ce146ec0e9e65b872f0c

    SHA1

    ab341656d0982d87216dbf4a5088fd25d0f1a452

    SHA256

    4d810d6d3a8e208d8d339941f59ab5637450a58db822a9fa63a09028258c2bc1

    SHA512

    8f44a18b8f2514596f6e5d8b00fe138c2311a03e8a083d6bb2175affad0dab2a8142d94cc7a0f9aeebe3d2ee6ac3738a38643ebac6bfda2d1467dea5c18b787d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf7bb764e49fd8c4cbeae45066a4df4c

    SHA1

    299f3f7379c6f0db37228636e1b9d0e9047a59b8

    SHA256

    1e36ba4b1844d5107b6ff946ffaa25326ee3ec219ceb0647245832723ebe98eb

    SHA512

    bb6e2fd97ad56d81827766ea8a287bac23cd7c2c70b42a54b224a9593c397ae710d653c0dd4b2e280960388ce582ca23ae8467e49d0b3d0ac1998fbea4d589f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9af12195ac45033a4e7ccf52d642a4f7

    SHA1

    d3f25012ad5f86bed85cf5875ccd832e7e417df4

    SHA256

    d8fc4426606202470113f1c67f571bdd513286d8095c40ebc4d52d209a3ec5c1

    SHA512

    7e9924dd76ce7aabdac5c93385f19daceaa59b66b8fee79310fc756c72217ee319628538fb7b2bccb68462db652a499cd27ecdf6a21db04a918ab2e6b71c436d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cad2048bfc3e4eeb8df78384f0e2546

    SHA1

    39b5f187f60a11cf26ac254c4c88d23b9020be65

    SHA256

    8818e1209df17361c272b4fd276cc0f4a2debdef819bcdb79e720ccf74b4867f

    SHA512

    63a9076187cbf9a440f62182e491a3f745e5dceedd46ec970a7ef5b6482bd882d00311ce163fb7a27ae182da6dbbde363cf9cd582b057da4cdc3424080248c2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d4bbc7c05cde85f931022f05872105a

    SHA1

    2d1971d21858c464a71ea972b69c6afd836b951e

    SHA256

    fdc871c5f97642240cf2aa4fb09b23f2cb87bb04edd0622be2c24f900d37cfd4

    SHA512

    3489616aad362f3c6c6987e64db16a873ca405b36f37a8be2059de958a16ed2100b555cb8dc53b083d0e58274ad7627643fcc127bc451b1c2db8ff11375a3e40

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F7274841-C812-11EF-9A35-EAF933E40231}.dat
    Filesize

    3KB

    MD5

    257dc9b236e135fc13ca48f3782bf680

    SHA1

    cd1d1c162e458cf386e88d402a0fea1a714c6029

    SHA256

    1db4bb80148d2d48aace6846679cdcad9fbffbe439ec93979c1f48d71f596a20

    SHA512

    ff47ce99e4fa4921bf14eae5f360e4686db24027248ef75a86c1ff305075b9a7c3c657367bcc93cb105d726dcc824b4a4a2193a5d81c637c909e5055f391a4da

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F729A9A1-C812-11EF-9A35-EAF933E40231}.dat
    Filesize

    5KB

    MD5

    e3801b9b5fdbc56c6a719caf3d382324

    SHA1

    ec454e1a2db509e31aceecc92a5a1d3451d4946c

    SHA256

    267d31620da2145b8d7141dca483a9429527b796f63a8a4b237a2f494a326b0d

    SHA512

    e03b6904976e010d896903ab3dc308ef1266d2d3a4c4a4ca353182b218e224324a7e6034de162ade48329b9d3516c31e5cabcccf403224bfe816230fd5f6f5f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA0D4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA135.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930mgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • memory/2104-14-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2104-31-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-18-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-16-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-17-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-27-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-28-0x0000000000410000-0x0000000000419000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2116-29-0x0000000000401000-0x0000000000410000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2116-8-0x0000000000320000-0x0000000000340000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2116-10-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-15-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-0-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download