Overview

overview

10

Static

static

3

JaffaCakes...38.dll

windows7-x64

10

JaffaCakes...38.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_50965d7ba9745f2fbf2515c93a687138.dll

  • Size

    436KB

  • MD5

    50965d7ba9745f2fbf2515c93a687138

  • SHA1

    8f1d9ee570dc8565ba01bb7854d9b20811bc81d7

  • SHA256

    030cbcb5c2acd6b5d27cff413f1535397a87fc61758c6ea42d0dae65a850aa5f

  • SHA512

    a3f4e46ab4b54fb36706bb714ec17e2fb8abb07e3bd5c5eda530a63a1b22e4a7c8b6205b69983ec0a680b735f35abc696953558f85d12a4a3950835f494a0d9f

  • SSDEEP

    6144:4XX8bwYYacq/tX2Qjkjjdt3r8cOosiugybxFJ6W5:aMq2N2QjkjvNuZgW5

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_50965d7ba9745f2fbf2515c93a687138.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_50965d7ba9745f2fbf2515c93a687138.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2824
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2720
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2548
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2864
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2564
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 224
        3⤵
        • Program crash
        PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    132f90fcfcbb3fe2dab1219b67ad3c44

    SHA1

    ec5753abd5358d58a72ade98678520c6d3310874

    SHA256

    06ed02dd8caa23ac8774ac07e9661c710d6b61fde861d1c7c332222b793cf96a

    SHA512

    b3822ab8ddb773dac83a5160151e2d675354f8e80ea8faae8f53feb31a08437638432b4f6ebd594f7b034419f4fbbfc245efba0079702bc1c62c60d851e89d55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19140b51f7905c884e741f168b04821c

    SHA1

    4677a745fe35a2bea8c1d80dd88c25222f1dd692

    SHA256

    01729179b1da4323905a2952da6733f1b87cdb598ffb967dd27f8dff629f18b1

    SHA512

    fe5d54c76a1e8f7b6fc8b52900ba243769ae93497fa3005b812df81125541dc15f51df8dcead3903b785ec2c60de7a623204e9d7bde147e5d6f111ee4eecadb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82567ad62cabbf2e7f2235240e7a0f68

    SHA1

    4dbfb832ff152ea7b8b66ad531b573912743a25e

    SHA256

    34e2d741e8af755f8825bf4688dba567dd459a3ea76c8907357a6676dead8695

    SHA512

    e97e249438189a30df7b1ad6dcdf7bd7e191346a1d83910974a3c270d24372cc80b1dd5584e0172a8e8c6646c7e77fd302ddfa66476761621805290d99c00309

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6879b5d6bcdea1b519cf0f63778c3a2f

    SHA1

    662854716694835e7ac0e5eb6be62c9c961a37c9

    SHA256

    5119a01aa7a786c253989ee50124f5315d2621844f548a7aa95c1d796b737d5b

    SHA512

    1da6f6a54a4915235f98875a2f32d6fe819e5bac35eae7ddc8eb3ac8d131cc414496eecb4206fba3a37ef6719a9b0a7eed77d6e5fe1fefeb8c29a08072133477

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f944cec455615aea369011e59b043f2

    SHA1

    c8db8c0aa2f77071577a6f60732dc22d3cff75b1

    SHA256

    8f84a62fa1915c8809f18820fa08946bedff4b0a0442b87ab14f1bd570d65f4f

    SHA512

    bb05430b3be018a846e4d38dbb4219f7487da1ab4e7557be3a8ff83c42b24138f752a2dbe0b2d5d313adc128c13ef9283353ece8b34e974b4f98425cec55321c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9bf0cb5635191bf957d8b5fe6eea637

    SHA1

    2d897c8dbc5c05636f755d7923eee63ad0c4f8da

    SHA256

    94d88ee863c0ce05ff9991901fc28216b69854f228e59c784f213b2979df051b

    SHA512

    44d992156b4863a89b444c02bcf7da112f75756e634814d5115d4976fd23a89fae93cc9204a2136c768005ab2a4dbc0aff69e26c51ab3689b279c2a943456159

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56a808c3b33adbb30c6e97eefb3ffc3d

    SHA1

    02bd8648c2654377b5b3be1da625c7ed3f13982f

    SHA256

    aa1bac8e2f1a7617a1573c0d34f35517febeb2e01e25b2aeab8e89f6ca7cd6a4

    SHA512

    d9792cb6f828ef74a4cc9b840ebebf69780ca613e36588f3e1b8164a1dd91d6c73c42333fbdae3fb453254e2cbe72691a2051185690f32e23d388f9539b049d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff40fbdc6e7bcfe3dd6059df3e2396ac

    SHA1

    a4e49665ef5651b84496177de6d5085201077530

    SHA256

    c8801a6818b0e46ea6b50d0fb7b1924504c5b2f1ee946c5934f418ea0d5629da

    SHA512

    7b31df38c22a27322d12361613ce2abb9e33ff6dd7c2827e2e4276e5bfaeb4519e9b5a7557497c67a572cfcba919e196266bc2cbdbd1582c9959797ace33530a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    362e3cdb0f950b0ee877bd64b4a2a618

    SHA1

    875633ad982ae3a3f556b75aff8a256a53286a4c

    SHA256

    1407dd8e59d1d32c5dc6eb8ecaa2611c39bb342edac90638a60e41ffd1de0032

    SHA512

    95a04982ecaabcbb431799978811aa29918550a40eb483859be9cfec8350e9d9f1d498931a0b1a68e5d0713031bed494c10d13f2de5fe83424d4a9abcc58f7e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99e1eb10ce6e3571f435c0e998230668

    SHA1

    90db5d9f1be4e3f065b6d7a0bc1d6c67716b7d6f

    SHA256

    607b6585255c36a281f9cd8b4b549982ee99af780ec991b8d109bcb8305d654b

    SHA512

    7e8cae70066878b88e71b08923581ee0eb80a148dda67814dc7928df67cd6cc4d7f0433f86679880ab638735ef92206bdf926d5042b85cc3babdb0b44e044156

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bbd40f1588aa5c5c67c5f7cdccec3fec

    SHA1

    2dc5f8db7439db2c5b5b8c489ead06db402fcc0d

    SHA256

    828563ed302755544b279c89886ed145c8fb77eecc360c9aa1d60d699e5954fd

    SHA512

    bf3afea92dd71ed1da6de877150ee941001e7ccf7ba3b424a2c3bd65972c5f65176ba1ef22e042d018e958c006fe4fecec1016309df7ace1619c3b36bcc8d634

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    763967110499f476fa4a212eeff9f0d6

    SHA1

    4577c196d1f338368df40f3b8431738176ec1a6f

    SHA256

    38d8a6c22e157e2cc67b6281e3195db14d1a2aec506f43341e9a7ec04b356272

    SHA512

    2527887341bd968de923a126e7667ce77ab8626152533941a1696131ad8af1422401b5dc98cbd328a1769487de41b42402fbcb20943d111881cf261db6ab6c61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a90dcd4d8f396d476136474716a9ebb

    SHA1

    f4810f14602836499b86ebd63398ed87fd5e20fa

    SHA256

    da1e8c74b025524ab47309b0d19aba9399fd05fbb96768aeff5807e44eb82775

    SHA512

    3719c483b7647d7218777e1639b89660f8c0bbe975e369c85e1390bbc1160f68410252a802fd6d8c88d20b6f0ea85f3569418bab47be312a5cc8e231c33dfda8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c749d9029d68c1306f00d55b5ac155b5

    SHA1

    380fb096eb1b63c4272c168e172641897a9edae9

    SHA256

    405d1f1efd9819c8a2649b5bc19c3c55eaf2bfa87da6f15506e0c505d0d05ad5

    SHA512

    9c6bdc7f72c6e722bb256c7452c647d057f885f903ffd3a1adc7855dea43a9b7abaede85fc6728eae99d691163eb40c19ea2691ecec9492c6b95f5dfe13d278c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1fabdb6f1229aacad79370413d1f1ad

    SHA1

    90a0320360b0db06a55c56edecc90c9638145e9e

    SHA256

    9f8ee5b541ec60ffb707368fd3fc175cf82532e8c457081738a798136264075d

    SHA512

    f82fbe6f00d41e7682c90c39199dd01252a7fdc65872e9b08e35e0a529da60fb6a79b8964ec10df0fbafefd5b4d867b083ac63fd142a9070a25d56c2ac8e272a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c54bc4128ac33c1b5757a9274daa98aa

    SHA1

    6e8a7d1cf7f5696f7f8d2ae3c31385bfaa1718d8

    SHA256

    8b08404699dc5810020aa68b2d2338ce7fddb5427002a4b8f26edcc835345911

    SHA512

    dc8036b44a1a7c55e056dc9f18a50f5346c044726e71bd34626737a5f8ecfb0d9797e706a51af9499341c125ddc80ca3d9516a400347593b16ab2a66cbe7c4d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14170c9d531a6cbbaf38d359dc81e33f

    SHA1

    e059d62685187b2633839cf0cad3d0e56632b498

    SHA256

    2d78205b256ead53f9abc1c61433daaacc07f2ddb6953c402cc1ab73443e8775

    SHA512

    6add33057df8968ee16c74d4d97798ec5d054a4ac0108605db0ebf276b5068390b529228c79a318142e6afa53e1c87ab2b08a8063f4839e631afd1667b3749b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4550caf25614362f66f311a5fb39408e

    SHA1

    fc998393fed9ae237a1676e9b8cc06d50f7b7f67

    SHA256

    d812eaea408ae95498240c97d651930102fab381e49d754e122271d2bec082fe

    SHA512

    8d518043aad71a4113836894a4565e02927c8a8db174506147180f3332a16dd3ccd4c297e4822154378efde9ce417d7cc7e743da6d37ff92348c1a61d28edd5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ba7c86e8f0be20c765a818882ffd3bb

    SHA1

    0fcdb63bde0b4cc6a1d39681a9ddf83594bde9f9

    SHA256

    0f7f22c33839620244d01465ccd1d99243ea95a0a7dc08408552c994d6dd2e5c

    SHA512

    0e1b5ac8f6392c14243f8d360a20f62862dc617da355a4cd90fa0fa11604f244881a03d86442b67abee4df856cece571c9f2f8e20b8e164799008a2d6bb830d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4CEA1B51-C826-11EF-9906-CA806D3F5BF8}.dat
    Filesize

    5KB

    MD5

    bb6ae2880efde17c09709cc0e2b3a6d5

    SHA1

    2d5a8b7c9eefe464c953b33e99df5f3f69901f5c

    SHA256

    5b54118dcb694b195df2760fe988759243c3e3f9b4dfc422af5f3c9f3ff5fda9

    SHA512

    4fc4ee5affbee7368a78090b9975efcdeac6ad9a49d58edf13bc590b05b9fcae1fc6055c5a070fa688c3603b87fac228d265138e0bdeaf26d86ff0b148b174f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4CEC7CB1-C826-11EF-9906-CA806D3F5BF8}.dat
    Filesize

    4KB

    MD5

    7695686b571294ba6bbc34be77cf5cb0

    SHA1

    e0eef6dba8d59246e1a28ebbe3b1f932c8079bc0

    SHA256

    91524055ef65baf7091b5aab6563de9196efd77ef5fda974584ca4ae1c4c63fc

    SHA512

    e2dc9946905e40e24d5cd0705d007e7975290507b117e7cdc768fe3b7285020b74c0f0d772292fdcc5783d1895864322b3ca4879ba28dcbcac4f1dbd0531259b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab84FB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar85D9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit

  • memory/2816-9-0x0000000010000000-0x0000000010077000-memory.dmp

    Filesize

    476KB

    Download

  • memory/2816-8-0x0000000010000000-0x0000000010077000-memory.dmp

    Filesize

    476KB

    Download

  • memory/2816-1-0x0000000010000000-0x0000000010077000-memory.dmp

    Filesize

    476KB

    Download

  • memory/2816-10-0x0000000000180000-0x00000000001F0000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2824-17-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2824-18-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2824-16-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2824-15-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2824-14-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2824-21-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2824-12-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2824-13-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download