Overview

overview

10

Static

static

3

JaffaCakes...f0.dll

windows7-x64

10

JaffaCakes...f0.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 07:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4cffe33ba4985005ceaf3ff98b7d48f0.dll

  • Size

    480KB

  • MD5

    4cffe33ba4985005ceaf3ff98b7d48f0

  • SHA1

    3be61c27e10aa22dd205853a44838c05f0249592

  • SHA256

    b9c019137bff3c55665847df4cec2707aae60f69a7e19a4eba963633caacc764

  • SHA512

    ff06bb0f47385248b2ffaac94b97fff960f3572e16fdcba420cfc6d68043032133ae4b692087fa46f6947508d950b66515c70e7a83fabc8afeaacc07a1a34a9d

  • SSDEEP

    12288:GXo450qjYthuCNIm/kqF6a2FjyHIDiN3AN0:P/ku6FjyHeXN0

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cffe33ba4985005ceaf3ff98b7d48f0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cffe33ba4985005ceaf3ff98b7d48f0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1824
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3064
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2728
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2348
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 276
        3⤵
        • Program crash
        PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4424a8a56e62132427ec18d181706fd3

    SHA1

    e3a79ee9a5307fd0fbac47eefbf000cc7fe08e13

    SHA256

    6752d125706fe978f5345c452ed3284c8126407485f04e627e14ef190feb83e6

    SHA512

    981d06749983a3aeefa3bf1d59a315b83c607929483e2c0f7d0724846ba99bef42d51ffbdbf8bdd7fbfad9323c5315d1568cbc49079a80c868b9897e15c2beef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce4247d72c1a82d883941086097c0f90

    SHA1

    8d6e2a4faba52e1c36b8bf193ec7c41e611a5e2d

    SHA256

    fec956068a3cf5726f410339e42074f63fd4db7234840ad3570f6e47b0ef1ae7

    SHA512

    b5001c91ea8755ccac1e41d472e970fa76b48c8c4e428116abe896838899e6b3aad3572a30b7a911f4d6a562967269a1c48db10d699b410f86091892ece16829

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eeada74dfa68dac571e339d8aa0f9d78

    SHA1

    a2cfa1599feae33b7def6ad3bd958a9f2fa1286b

    SHA256

    d7af5accd6efe4d369fd1c93c476ff6fc0b0669c5ffcf3ea806036ce2cf5e7d2

    SHA512

    3a24b856108b27de032f0f43f7d41379d20e9b5da69a2e24d6e2a693443cc37a86eb6e4ef2290b76c60243856218131650dfdbc75a85c9d4160113c7cf9dacaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46ad4257f25b5035d9c2646aa1aa34f3

    SHA1

    31661ef1abd5b7c24fc67d8aec73f5840f83adb3

    SHA256

    35b5d4b8e334ebc23f60e42862fc22c291c37c80f3aab2c9380daad1ee037675

    SHA512

    112f833053b250884a66e627ec775abea6b042b448d4473d8aea191b9bc1fa317ee2dd0db00111c5a7df4a79c2b5a2befe487445571d8fb8a79d11c24ebb8597

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cae8a09854e07ca29f0b4fd8fd7e098

    SHA1

    21b44519f078016d1f2d1c1a1ddde9be51cfe6e8

    SHA256

    9f67a605125f722959900dc1bf486e16b12e28c587f3571d87d65d1e98b8080b

    SHA512

    ae0aab4aa0e302b7f01c370024292ab2becc135fd1f924c36912890c9fecd6e8264d6442da9744fc387521c0e65019dcfde0ba4f0a0cc9b060d264e240d23276

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d8765b94ada5e4dd74777376d291c4e

    SHA1

    336bd1bd5c89d8b558b6ca2340e63a6c777772c2

    SHA256

    fd923f6593a70693ca21ea0eee8c5a6be5fb894766db9262c22c170bfbe0636c

    SHA512

    47eac12076ba7dbde135d468bee414374640db0c521dd58f17d295fd158b2d84485720b3501ea290b12a81ab703ef5ffada5b8f707803edc7f8a13785857d08f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d53c8f96d50bcfeacc1553e2de093d24

    SHA1

    78d1fe3289d91856bbdfdedc9739017b3105911c

    SHA256

    a2aff2a25f29653f040dcd802a833777d392ac8a202685f978786a3e7e61e8ac

    SHA512

    0d09894c8eb419e270a4038da8dfa342f97c20d678e6db60c536e173657a6fb31d6fc52dddbd61fccac1bbd52b430a9650b81038192c9ae01521ebdb596807ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d24bb815bbe5abe826e6ab562f7072a

    SHA1

    263da13b200b1af8a0ed559523b63e1bed47f66e

    SHA256

    60391b8975dadeccc23513b332e76f62f5b198d53657f148e17f42281d0f4542

    SHA512

    4e71caf18361e2a3a78d98107cd19ffdf5a4d4428cdf0a9fe01fb8b0debc94fd5b19fa2d69a48f95e303ad9f37a76852ff7ba53c0d17cfb256614f745069f6b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91a0bf07a685d0cb5846804b281e6460

    SHA1

    19866c399de5abbebbb59b78261066d7a9ccd96a

    SHA256

    c8a02011087bb9e73ceed1523be5e297c8e5eeb3d08d48e92a6ef24a0731dfb0

    SHA512

    5196308ec440c53fa9403c93247fea20acf795b904a6102fb97d7ff7e7c8d9e7ba92e194f81d475a12ca8069e66b52c1846adb614c38e5d5dd84abf049b4d06e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2e93e3b34f3e9e026c80b25710b5c65

    SHA1

    6b88e2cd3f381c4fc67e7e61a803f4f2f8b1af04

    SHA256

    651408d096a9b7aa57117756b91722d3230b8fe7e6a9fab7125f27a9e5b85dcb

    SHA512

    fbab88f2f47bc0c2a4934daf4298f802066158abf12888e0977daab009d1de480556825232c2494497a33240a135a774992a13355b2bf4bafb645dcb1ec2272d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c630bfa429729b0dda534b2f9f16572

    SHA1

    9d37642786ace4112112cdf3f4723455f44cdabe

    SHA256

    e5c843e013c603b1ef82ff94a4e89efa79689d6d51d632db5f0775bf68100207

    SHA512

    93093964921ada2e7353087082eac41941b60645dd3a15b4d54e0c8c98f9a42032988a7f314eba482fdf1332cdf7723ce2ccbb47788907fbfd5056eb2995dcb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36156727733c1c30e7076eca8f690c13

    SHA1

    09166977cc3cf4726b9fb241ec04aedd46988260

    SHA256

    1d8fe9e7d40d40132a63fda899284304d026764e84244687279d61dabee37a8b

    SHA512

    2a1aec665f9ada243cb8ec0e26c90f2d45ea1d4027faaf46321110af01fd980b304e0e7c4f7c1fb3862564711bc311a0f57c7949fc13eecc3f17a2b3508b7cc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    daeaf869cd4703305be25d3a4b3f5ada

    SHA1

    e5ac47daa9539fc3664825cd7b72fc3adb26e15e

    SHA256

    01ecd807edbeaf664cb225612bb896d4efbd2eefb1b4797f4b03ab821dfbb103

    SHA512

    be4edd3f7bc0bf472a884d27ba6c6ead71eb632f6607a75a87c3a92f277e133808ab055dad9804d11a89e6b37a15acd358fd99dd4052d5beea1bc04408e71124

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12729f1c441e1660821c9710eb4d1679

    SHA1

    48fef750c038f0357642d0bd2acc6efa576b3e56

    SHA256

    3137c4378fd2812c2092cf588de2479ba77284e2f87a139941a55bb9ad58bb68

    SHA512

    bddeaded57bdd4099710a73c1be8684f206289722a6ceb53c6d1ae49c1727bb71a4327a74f3ed9ad1cef3e653f90cd6e3c39b029d3bca9fe5b47ddc3b2fdd6e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4918948cc0faca1d126bd7157d047f7c

    SHA1

    579013688d4d12968ab158673d3994db87166049

    SHA256

    553b4b47c8f719958556c860d95beae9737f8b53ff18944ff7fa6efc685a5e9c

    SHA512

    a5baaf541af9b6d3ba922426314b8c43df11dc8078c1edea9a87e4f530c2f373807b383607f8f174fac6204f7796340aec49ba17ccc07825fea9ca1064bc2426

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb59e6086ebbf298d3ded52eea2188ad

    SHA1

    3b2f7ee80680c6f5d80d1eec7efcf785f9d01c47

    SHA256

    6c478c7bb70ca7ef90ebafad206f545e4cc9c0bc4b622a2cd47deb75e5475b77

    SHA512

    3243c0922c59684d39a5364cadc3be69b704d85017656ca2bff9a28f61de7a4a7a51f791b85948c0eeab4f66dc83cd2063b94a3132d06f38d0500395a76b5b75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f25865ac376f0e334a25c09b37001d0

    SHA1

    30753eec435cf99f849c19e6f4553f189b20ecac

    SHA256

    2a3e5a128271a3e16d3f8a4e25fe9258cb7abb6098f6ffcf3b35dc02e8f7c232

    SHA512

    3ae9068d57fa4892084d37cd270b33d5f542733f8371a658589099c0e8c30bf265a8a0c88469597ddfe93422f4cb969a480b33590f27a206e2f2c8c6dff8e3ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f89da61ce51dc7c25b416602bbfb629

    SHA1

    af1734aebaf5d26381fb2acca4b4533e1b13a984

    SHA256

    268c9a8f25729dfa9622de8124577c842bef643954b62845f53e1593f57255b3

    SHA512

    12fdf268f54f4ec81e03b82f19d88c12d4d881370576393a992132d771ea56d32419fa596283e7dce3e6ef164bd20cbbc8d21f17f1c18511bf2bfd65507725e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef69740889baeb625208886c0d818e5b

    SHA1

    644f05c20c92354c5f2f13c817e769632f3c7b2a

    SHA256

    57c0d040b697c4c5ace1e1b247b9c7c3dd162b6d9c3b858d3daa18e3e5b1084a

    SHA512

    8bce864537f64cc87249a82f9bf7283932687836d1c79b8b7a0b9278873b87b1ab39b8555149acf80d0663f72e43eda2dc9d327b25b9b0359aa588f1e05085d0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{82B42071-C815-11EF-A27C-4A174794FC88}.dat
    Filesize

    5KB

    MD5

    af92c7b949aa965b076bde5f18380a68

    SHA1

    efed24c974a91a282e94ac990635e988075bf1de

    SHA256

    93abae8284bce665993e628cd05b7a364d460b71d7f4cbd5bc2146c07f8eb156

    SHA512

    d3fbbd8e2320db49cd6304d8b2ab06053fdafb5e418d0118c013156375fc9603bc30d07b47f2ee26025d335fc8dd420910842cac28f71cd6aa6870af3a0587fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD9CE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDA2F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    27761550031391c56a3a59d3cb7229a5

    SHA1

    643e456a5fb02a820e79e33fc66e8496f15e5955

    SHA256

    b6b449ecd550692a3d8d5424e00885155e898d5cbbde98543a5b7b877073daab

    SHA512

    2aa9607f71e4cb99ab4ccabe33a5f192117b733306cd8d1f4f3054077572e522bc71e1eae679877b5554d0bc3c1281fd5bcf822a2da5da291e6630f65470d0d6

    Download Submit

  • memory/1824-8-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1824-9-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1824-13-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2580-10-0x0000000010000000-0x00000000126B0000-memory.dmp

    Filesize

    38.7MB

    Download

  • memory/2580-11-0x0000000010000000-0x00000000126B0000-memory.dmp

    Filesize

    38.7MB

    Download