Overview

overview

10

Static

static

3

JaffaCakes...90.dll

windows7-x64

10

JaffaCakes...90.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 08:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4e4498c8ef54e72c8cb53c52235fbd90.dll

  • Size

    448KB

  • MD5

    4e4498c8ef54e72c8cb53c52235fbd90

  • SHA1

    9cfa43637f14a87de59832a9ea91485dabc163d8

  • SHA256

    aeac8e30227f84ddba7add2535f8821e13a65fb8b435aed2d1e1ebc849836384

  • SHA512

    91cfff553ecb03b0026e9979542bbc1659decdaf0c918a97fd743018eece53c7fe96cd7e05e37a1695937b3a5a1e7b0ad105bf52129d2afdb42b651d9543a963

  • SSDEEP

    6144:WcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE+miO:Woz83OtIEzW+/m/AyF7bCrO/Ev1j0WSC

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4e4498c8ef54e72c8cb53c52235fbd90.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4e4498c8ef54e72c8cb53c52235fbd90.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1560
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2604
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2108
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2828
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2168
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2876
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 228
        3⤵
        • Program crash
        PID:2388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6f53297f9e1588ca08ff3a18bec5d34

    SHA1

    be6a819f7a2d4bbf25337af3f71a6c93f0baf1a8

    SHA256

    0e6f11abad25f851cfcd89412ea79cfb7f63c17acf178cce8c82471486ea2e83

    SHA512

    bc63f09e73628a7c12f8625b37f39e5509b97dfc8c572f9942a85b2a848c84a6f9ecbeaf7e55fcfc71e30280e3e211361636403f24b4692443a117ced15b9b10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96188fea81c0ccc8d181365476656ac9

    SHA1

    861fd3ee451964f6e37d05faba7b303299c894fe

    SHA256

    19832fdcd1ba4ca807c95e93ec842b02dd4162ddac0bc118a7e213d08b40fb36

    SHA512

    a091703a8035294fc9969919961f7ad36444134eccbbd48295f333b91613e28d37694eb6810f702bfc03f0e8ad8d0d62f183dbd891df622771c6319d494e58ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b6b1704c495221b4e9406a26a5baa31

    SHA1

    9728bc69615b33785b96f6082628b85f25dd8806

    SHA256

    ee6e9753d26ff005c4ea3a64a94cf9c25d72d500fec5302ef8aa0c083d49b926

    SHA512

    9919afc964145c7afedf08a42ff0cbe976b70b7e0d14be6082cb2348c6041a20ce9c2ce8a4618395bb439b65d1a4368e49122976ba0a8e5f0f62f4263e7b572a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39754046c60e5daaa4e432366b107b51

    SHA1

    e67f5be81b0b66c68170070f995dce5256fd0dbe

    SHA256

    19b7647bafa0dad46b604fc9541a48c06525e0b7f8b9802c47f717e82afa6515

    SHA512

    af75ed53a5d684e704619171c39cba009cbf0fd1797bc7b0a9eeef780ebeb58293efad0e2f8da03b0f776f0d819748efe0abd603a48ccd4c0545dd5fc0ea5132

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    adf579e8298be0ffbd6147262315a58a

    SHA1

    6439c71fb2676bc4f4a1a38568f9e66148b2f049

    SHA256

    21376a2c88a4e2d3500504fea987ed55fde04ed9b03938206b35cd804c9405ab

    SHA512

    999d72a5d618de5142f88f2cecedbc51490e2d7fd61df1b82b6683b441932385b84470e7fa8dc61205a1a9ed7dedd53eb1f301c7a54ba7f0bf9cde873556321b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1579d873e8b93ada9918c8efa8dbc822

    SHA1

    ed333bf13d051353b91dcdcc8405af4b08ac1d5a

    SHA256

    2d6d476c48a90db18623020df64da9f446021fb7d43d3f019cd29c66f712107e

    SHA512

    52712f058bab5679a74943b90c90990d5e0b662c57a0e07eea4efa15761d2532b4acbe11b381dea8b35b422e3a799a0cd93a6b3d1305611a7841a83fd9195a3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7094d1e6dfc0d7f45d47ee1507c895bb

    SHA1

    04934a89f8b2752247d3582b86f70d68cb94ce9b

    SHA256

    9e19b2856deb0b984e16cbf6aa954ec3478290290be0e311a0d4b1c76c15cbfd

    SHA512

    b6b3c8fa46139f8f4eb92bc9b111c296b6b41b12179b785030aabd6d1f47a8bb95ea9bc57f24a82c061ced16eb5a96bfb8cfac418ebeb083ada7d3b638908a69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1dc2ae97ef39aae5e89ee04c25341ab0

    SHA1

    acca8969c6e944945f0269973238d86ef2bccde9

    SHA256

    a2fbfd5dc65698f5ac0eb7331c727e1a28dc587727abb1f9706a4e32b6b0c397

    SHA512

    89d20cb5fa897a05fcf0e2af8d06e813b0b8a16ee1ddc0d26ac8ba4008a5fe15fd699ac05a0a845281c413cbf50f4037e0243d2f953016770a9332857c351e64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dee7e7c8acf1d2744e0baea8742557b

    SHA1

    92a8df38f6e108e01942fb3e095a0d489d387d4d

    SHA256

    686c4557c31f5dc28b372400f688fe2fbe1d4721ce7597dd1f8e23cd0498ab42

    SHA512

    6059b65c8303d4772cf9508085ea23db23eedee8ce4b1fdd4fc9d868dd740d397bd4982e786c977f2197edc176c458075ff6bbf55e64a2d940f8d01a1d823163

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0268462a72d99f9a9626b505aeb24ec

    SHA1

    49db3bfb00a6881649640a2b13395cc5b68391b8

    SHA256

    c68765e323424ee97a33d706ae56fff6d40ec00559c8395a7ee1e1b4dc076faa

    SHA512

    5fbbc1723c9a1b374325362681fad4c5f55f8fa7fd78a0db6f6a11eaf69bb57ce8d95cdb394639ffefa585ae22732f5095eb57567cdcf3355cb897b89e462d0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ffbb9597161818242957ccc718548f2

    SHA1

    99376ad3b62ce3bb39ef5d39e9f2604bce6beb69

    SHA256

    83342c32b7d34885d2b9734af63fe81145c623b380db01655593f910605ab894

    SHA512

    626723ab3574ef1438f1f20619a10ff36b2ecff49b266107c051ad85303434b15e75fe3ef354d3863aeb61b97eac871c290349dd36664141e7047407036b480a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52884d0b2f4bebb41325c421ab2db6fd

    SHA1

    faa17281a9ef525c38868ca8789e071e52af2aef

    SHA256

    d93d1a87e1ee611fffe7000286e73b159f118bc9a965ecd6d494aae9a9a056ff

    SHA512

    69d724042135448ff7d102d0bae9de2c65c186605f752bf922d79428be29f19165428b64b8ccccf5496ca7b811ad805cc570f4920fee2c49007a929981bc65a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9af377c174c93fbdd92373724ed6f66

    SHA1

    9a9a8ad6508442539daa1248ca5c8ac224f9ce86

    SHA256

    427b8c8e713c2beb87d049d591c44a8bc5a3615838f5c530ce9f2428aecbd090

    SHA512

    5e09d56ea58a78b2224aff177dd9828446a7e331cc874f74edcd6429b1173cdfa5c09c8c27fe4aece7b405f9b0ffa659b0e0f051f88263dff4f2291e82c81638

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    786b10864efee7ba9a59a2279ce53f90

    SHA1

    e800da0e008592229d6fd39f3a99268d94755b56

    SHA256

    4c7be639334d1db00bdf8b578ffda136c68293f2dce681b84c96a575b64d27f7

    SHA512

    76938853e78cb5b5ffc136186d9d71e107ffc521ddc0348e0c1d184e8a20f1631ae37c7125d5712a3c070f335b381f1ee8833f3d5f7cba487119b3862ba052b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4feea82d004fc34f1bd363d326682a41

    SHA1

    2ac3ece98767c678af85da2d73b3cef7ff8d3ef4

    SHA256

    172f6d9c56692322d8683ebb813610dd123cab756993359b94b88fb2343f8e54

    SHA512

    7a8221fa9829d57b6c3ae0dca5d100d879d0f6d853d79255e3389710de833cff0a670ec749f2ba2b4c833b85adf35bb4c718e36e0f72c268ea979077dcc3c5ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6eeb65eb3c6a29234d534cadcc2299e

    SHA1

    9381feeb69c8a808886e9ed017406c60d41ca9df

    SHA256

    e2bfe9b83e9090c93685dae5c04c66abd428a6e1a326e4c23c022b26cf801fa3

    SHA512

    f72dd9d7fa8f535372dfa3e597a0c6c8bf11fcdd335071d96f977704ab6225b14c098b483315a61940b650bc362d2df48ee61f695a72c36d292c3f0fd1ab3b7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f64517e7f6db3ff4a85a6f014647c39

    SHA1

    e2cbd5968cd397b3487fa18411802430e75f3a1c

    SHA256

    6d796373f82d87d3857392414dd23d68e67996a9388101f3e0be878f66b9b631

    SHA512

    35d1209c549af42235d9bb6542bd23fb361a41be6cd5b9da53df1aeb9abee2d15230f9e196785fd167db7c97243f02b6a4d304e1dec2bd478f204297f698c644

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20fd83a7a2b2269ca6ffe1301c605a25

    SHA1

    f5616d03ae82f134c47ba31907f626c118611863

    SHA256

    8f25adf55d0831691d71d34cfd8bd3d54fa9c1a2be1d84cebedcb84571a0a4fc

    SHA512

    9b2363c3e78ef0ccbfa850b2fa2be6d5eb749d4ece8c76162e59e47b54187170049e994b9a576e6cfdef5c65e4d109f26c3038f5c124a85dd2b056e9481922dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2496A7A1-C81B-11EF-B666-DEF96DC0BBD1}.dat
    Filesize

    5KB

    MD5

    9c6d2a4dd8a286c5a0777e8bb3ee4974

    SHA1

    2e42bcd7eea666212fdc68f34018437a65ed7044

    SHA256

    bdd166de3d2b0ae3adff633f8c0040d19f10cd858afc0c4a08b70539c006e5d0

    SHA512

    d41a29ede3ed04bb2cd32fe26fab5ef9fe0462fdab18df1dadb888bbe4a8425c6a2c1c3b2ef1943eb55481b9042423d2a507a8f2b1d2624183103b64d9be60c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{249B6A61-C81B-11EF-B666-DEF96DC0BBD1}.dat
    Filesize

    4KB

    MD5

    418edd27c111e2bad632e8fc270654a7

    SHA1

    39e66f463a7c3effa55789643cfad7744a9d958d

    SHA256

    4bf6868004c36582ed082a927f20c0a58dfff4c936d04b043c9b9345d21fbbe3

    SHA512

    44ce1d0a8a017dc4bb9c790f891d3268f142ed96dc95b3ed23f694742193fcd02c80c4bea5ab81cc3ea6786a4157f6f02b49a1a0785b169ccad3dfaa8fa58bda

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF1B2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF29F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    27761550031391c56a3a59d3cb7229a5

    SHA1

    643e456a5fb02a820e79e33fc66e8496f15e5955

    SHA256

    b6b449ecd550692a3d8d5424e00885155e898d5cbbde98543a5b7b877073daab

    SHA512

    2aa9607f71e4cb99ab4ccabe33a5f192117b733306cd8d1f4f3054077572e522bc71e1eae679877b5554d0bc3c1281fd5bcf822a2da5da291e6630f65470d0d6

    Download Submit

  • memory/1560-1-0x000000007C340000-0x000000007C3B1000-memory.dmp

    Filesize

    452KB

    Download

  • memory/1560-449-0x000000007C340000-0x000000007C3B1000-memory.dmp

    Filesize

    452KB

    Download

  • memory/1560-8-0x0000000000640000-0x0000000000696000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2604-15-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-14-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2604-13-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-12-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2604-10-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2604-16-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2604-11-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-20-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download