Overview

overview

10

Static

static

3

JaffaCakes...c0.dll

windows7-x64

10

JaffaCakes...c0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4f84ddafb6938d3d536bbbefd754fbc0.dll

  • Size

    974KB

  • MD5

    4f84ddafb6938d3d536bbbefd754fbc0

  • SHA1

    f987c85870574f9af650ff76631dc8bba1047881

  • SHA256

    8b7c317114a1882f3263086da576d4ebd44896ef7eb92e6a2116d5d7098db9a1

  • SHA512

    d76067b07489440f0f2a41a9093760371607b51c28502c0660d282d6989af48ea719515572407327811350cf9f7b1a5dc5ed652e3836d804cbfc97de597a6b68

  • SSDEEP

    24576:An9OEI7SfQaWOq/hAAB7rWbLgi/yPtsdhuB:kOEI7/ZOqtrWEpB

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f84ddafb6938d3d536bbbefd754fbc0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f84ddafb6938d3d536bbbefd754fbc0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2664
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2784
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    364274d8778d22b2125039eb5d178692

    SHA1

    552a35f20fc2fa47b0ee4e3c4658feeaf94826f7

    SHA256

    bf3f86b86361bf80e58f150f86a56ddc840f059711c04425062cc63b4d2661b3

    SHA512

    7513b20465bf8a726be70c743ac15aa962be3c57eef2b94762d0625e3904dd7d3bc4c0f8bcecf70f58a37b629a93248068c2c8bdf386003cd06f7c596bf09cb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3385908a651cea99e8fe3d36629709e

    SHA1

    0a2ce59e947ba92e105a47393deff1dbf096a6cb

    SHA256

    fb8c72422c7f0dde7e75c07e4d234ea6f9a240977add101fc807866a660b4b81

    SHA512

    c5f49b86a70e4d99b2159b30ce54ecb0ef7eb8fb9df13d9d7ee4f47b97ddf01e88b6ea63a6021316eb199df7c5e43e8e411607bacfba6753746e6482c2361b50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    845277ff2440d5dc1ed0c1c33f86943d

    SHA1

    775cf02e4beca3a2539cbb0e220aa7e629c0b06d

    SHA256

    531cb15ea6176e91d309a7d94f62be20c3e66ae57e414bf1e312b7d3872bd409

    SHA512

    6882c7de5d6b8536f5a199f4b44e325241c68def978d7c197554153edb410853c74ab2535c249e1a60aa93abb18212d78fe33b11c095a63635784b17d433a4f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e26c932638a3b922101ce876420423c

    SHA1

    a7d777030a3f4d76f886296cd87919315dcae5bb

    SHA256

    1cf2ceb28a4137cf38a194497700f6dab00cc506119794d849893807903ea5f6

    SHA512

    b2c1df15ca8dbe642be462572523de65d9afb79354606fcac5f56268f94f38e01e95ed156e735d222dfef2addf02785a3b989e245c089c3185125167e91f823f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03daf211b8709ea21b3b9364ea876ae1

    SHA1

    bc99e31b01dfb1dc9976fb073c14053b8fb95499

    SHA256

    3ac467c6fd7267d4bb65cccbdfdd6ac81c9693a2e9ad80b20218dce040cf5c96

    SHA512

    c0161e7667e797fe668ce2461bb014ae025ca602c6538b00a8078becc9d0135f9c8573829f0859c18eb9e55230c6d72d75bd7d1c72ca401d9d54875a4baaa55d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1753837ea3b922d450410d3024257690

    SHA1

    32bdfdfe849c4706e5407b669f23bd2e7f184f90

    SHA256

    492044fa2a84125c52c838fadb15b356cb8b8b3a6a836b6fdf62af346de9012a

    SHA512

    06e5eed2409ccac85b386ceb60eda229abdebebb3e87f06eaf4c9b4f05f4a20ce4fcdbff5375a840a2e89a875d3be46aeb32fb2caad8c4d7adee73ccb5ea979b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c6dc29a87c3c80432e6e907c3b8e196

    SHA1

    f5ca0a37fc75c30f9fdefca7c706223ddf962f6c

    SHA256

    07f15d8142385accc68ba351450451c5d5e3a3accf52841abd385d1d23da97b2

    SHA512

    bdc28d708a20faa956a4a28deec492567f2897fb749b694d2c26ca16553b953017734433ae36bbe0f5ca23746cfb3ee067a72cc3abcd9f41d9e572b5932793bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1d6cc0993fa63a462043e3283a4b07c

    SHA1

    837646b6e0e77eaa570e82a54146b6a6bd7017c4

    SHA256

    14551d56b528e586b7306ea1cb83763a7528bb6db787b8f3e093da971ef6d22d

    SHA512

    d91269a48520dcf007fa49b0d5910d095fe1ee736b8fd08f7549a1bb6d96cea474b071740896552866d525470cf8f8fa0ebea8ba6c22f5ba7e95f74d86a791f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99c8eae8b53c7a68cc48b44c2ceef8c7

    SHA1

    461a8699bc76dc4fdbef6c7070ab8f020162acd1

    SHA256

    87cb445ef5898c68ed981c8a953438013dfefaafe578492e25785ca6a1ee87b8

    SHA512

    5b5c4367f43f0d8d1913e6a5f62acc606b706b0ec9ebdc00e021568a7588c8cd6c6615ec83314c8fa2d7aae26ea196f22203944f799ccf3cddcd0201f2b4bff6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ed64403af382cee72bd893eb368ed8e

    SHA1

    495c8da05002c320e33da0d81a512760b50db3cf

    SHA256

    581f8f6b9ae32262f1219da40c3b303496266559ba8c79397826d039c6852b12

    SHA512

    3085dd45034a396c802f2e30118201fe4c1f02d45b6b0cd697167aa0781807b386e8c46b1ccf07d100ef871fab13759795984b4785c234897b260eb796427cb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7b083f9468caaaa23a5231d9ad77416

    SHA1

    03c876e36ac9e63074f0bb708fdcf82e2b17ec88

    SHA256

    b27ed8f3ab158b18100ee2ae405344775d32632c5ebc6e61a3420d8683c6b777

    SHA512

    830df12f732cc0830b1649a8d652aab5081d93c18d91be78e3edcd66187e4edcba4aef50587b69846c1c4afccfd2bab62bf7adc8709c8fb0f4e433276de2b820

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dca04b659cbf91473bd3734ad32d4383

    SHA1

    34306c83cce07856eae12da5fe1ec1af5decf6da

    SHA256

    dc437f0a5ab256c5a84e7854248a5f9ceeffac616c6dfdcaae0af9a81d557dfc

    SHA512

    7115e458681d18d3593ccd807655c499bfd963be05881da57300f7c131a282eb607956820bc23ec9cf843bb7b3ebf1982f5bc0b48bc83322eb521953b0fb13c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7086bb04e016044edd8459fd237de6b

    SHA1

    1649e92f4e00d4245b1c0ad7a89e038b24381357

    SHA256

    fd07e70889fcd5c1e820e75fb6473609617e265e7d50be9fb6d481f6a37bb0e4

    SHA512

    089c1b7ce96f78e3788e6f0ee790dcd202a6938ffb77231d2f6e936d7915ecca50eb3ca841d9a413e3b26c976fc3bdcacbb5aad9fc9814ba9b404c4516662c56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abfdfb7c6f407fefa716629d7c6d00e3

    SHA1

    3f25afff02a1eb7c109c7cc14fb304cf4b76cf35

    SHA256

    37411339ec58c617174d40e28e1c82de781993c1991d05d26da90d64d64b15cd

    SHA512

    9c2c4bb6d12be422efb5bc07e233878b0589e7570fe57a542f51f5aa6a995a1d127fea1b731df8dc293c6538b2061f1a61a4e224ca73329d856f785ca04e0ffa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b91714532deac372d221fd7fa83c4a2

    SHA1

    50ed11e4c70118d183fea36a96f7258aaf21a022

    SHA256

    d8c7284e4f7bfa65ae6c4422118d7c0dbb27d4015c8d889f43afa463e496d4f3

    SHA512

    155942796a442df73565d8e55db2a68d81170fd170a33cf9117b0b43a552eb0841b7ad35d61018466de816b80c40578f047294a15b14984fff8b844426c86ef7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dbb9cf7f3505405d0badae23aadd9ff

    SHA1

    15aea3902acc91557712c90001ff90e9c3ba8a13

    SHA256

    8a13f9b6f27e68ef245f9f18101004e622b59960267dd65923c359fbd1e3ce5f

    SHA512

    b78589447aeee81973b01e735db0ef61b8040b1324d32bdf06783eacb398da91fbfb13ee7b13e733f3b01505c66a0debe9a41e78f100b28cafd13b656135dbdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    329eb7e9a901243194ad17a0e7524a9b

    SHA1

    9b60082b9116363075e27159372578dd1ada054f

    SHA256

    be6fea94899a60b1eb0648c136f8d7713c13a8350426b4014ff9fb1b7764704e

    SHA512

    0f8e96e039b5e3fb1663a0492bf584c66d5cf14ef6d158984fa6b783a62a8a610e9c833dd8523a7808bee226a8021de47a0e022096002319e0a605c74d015105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e089e7c221fd06a9b47c962ec9b34269

    SHA1

    e8636901d292f5aebc81e38d64825e417ada5bcd

    SHA256

    bac3028ee91dc93049714607be89868c234ab6ebef7e03aba7f42856855d28d2

    SHA512

    07201c90e31019ae7d58a4d88971899b7e82215d839fb716108a5ae6520d9e543d45860667c2efce7b12f1adadeffd75099b0a112d418919c5cf4f472e62d6a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    012b3f1f8e96b3d16dbed81467d3e955

    SHA1

    82b9d9039afdb5190bb0551f77f0ca004189168f

    SHA256

    8efeda6cf13c7eb9a1162f09f0e05523c48bb89dda325c6c5eb4976b6368772b

    SHA512

    5fef10524d267fd0438e0f6f0ca9c8748814666ddb3d467e0bbe7fbf12eb488aba82a3eee375907da8ae75884f6aa7697d0fcbdc998fcd1a2b172765e4e91c32

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6FB7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7027.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2664-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2744-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2744-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2972-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2972-6-0x0000000002800000-0x000000000290F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2972-5-0x0000000002800000-0x000000000290F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2972-1-0x0000000002800000-0x000000000290F000-memory.dmp

    Filesize

    1.1MB

    Download