Overview

overview

10

Static

static

1

JaffaCakes...0.html

windows7-x64

10

JaffaCakes...0.html

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_527d04fc3f091ec978461a73e7f2cf60.html

  • Size

    154KB

  • MD5

    527d04fc3f091ec978461a73e7f2cf60

  • SHA1

    44ed9cf4142a2458ba1f91a84e2923d4ca219b4f

  • SHA256

    6129b6e98352096c350c5a0863d94babd88fa9ba824a6d98acd7e849f5f44dae

  • SHA512

    0545891c96026e18d15ad10b6cb9eb6f3c2e0a20641011bcf774445de0e760412ee71568cf3916cf46ab189fb5d0a3e9cc1f57c250277af2abcc8224824a13b4

  • SSDEEP

    1536:SBNyNwvzByLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOZ:SB/v9yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_527d04fc3f091ec978461a73e7f2cf60.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2604
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2784
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2656
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:406539 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d35f42ca0e5cf318decd2fae2827ccc7

      SHA1

      080393c05248ea68ee0e3534e08bf4f8dab387d0

      SHA256

      f2db278e5a8b2ae18ea59db54c0f357673aa69492944a2e5c2dc2f1b899b9a59

      SHA512

      a132e0ae0fd4bb46f9d100993a720b2d7d08e545aee018f27deaeea7715167d47e39de711337ec6159f9531e6d25d494f802603b2f2de3285843cbdbc119d3fb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ed42097b43ddaf164fe1c3e117448bb3

      SHA1

      442838d120e2640f0abb2a2b07d029212797cb28

      SHA256

      f7ac5ee60016417dae6cbc858ffa947e1ae29252277dd00b95bd11819677ce38

      SHA512

      25ef5a932bb07e05e7551377387f82aa8ea8f0a60afb2c36fb02e032045468ff21f25a1caecf0683deb44a568df234502260d10382f08505652a29b0912f44b3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bcdab5e637d1c8aa2693daf89a1bc724

      SHA1

      2a05ea2f2c7c2acc976c911af0f340549ab918ea

      SHA256

      3db31f3fbde17e09430442abcc29e1a890d34f5ba805296a2a150a5e90333a4f

      SHA512

      60768a0a4a6a9a1a5898419135bb5068c25fc486dacec9956e8ad84a43c456ba27c96b1acb8b05d2be9b70650f3cf316a7575170f56a8c738f14cdc5297671cd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9a32b0b0dc881c99284cd41be4761b76

      SHA1

      c10fe20f10c93abbf0dd378d734b46bd4d37f3eb

      SHA256

      1413444c037deddea80938b2bf8bc7dcb15043814394066ade83f276e60fd559

      SHA512

      d8c7fb979abfc1ce4da5225f62a56c488c8ac6372f27389d08b1b9cfd5b071f93ad801b08ce5d767b215ef5580fd41d7f78d1b82ecb5519f3f25eed2f2b0c97c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9212547ccfa0b34ef5cca8bdfbd693ff

      SHA1

      e417a1f052a2b41fafa5a69dbc429d9cf7896d09

      SHA256

      7490293aa4651284245c462b5ae82471c45b78aa61e81b37fa369e95e9fb7109

      SHA512

      aa78800fa86690cf32115cc2515ad0549c9ae93d6ee9691b45c51452751c5d44b2ebc8135e9d4964713968fabd45282704e0ff9a1cf244f5021e485f19613358

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3c1e7ae454e4b303fb528c8ee4222d34

      SHA1

      5b423c51f03fb13fedb70bba6d027c46bb125d2e

      SHA256

      7950e2b7ac367d74683ea21f4e6c5d5a8f55057f9cf756869e4d63106ab8f8dc

      SHA512

      742b40f91d6483f40cbb9ab6c05a4c6fbfb805e1eb54ee089451961f939d79c6f2eb32b608b26fc7381b5f2be465fce5fb0a5bd23083605246f5d8ad1dbd014c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ab3af0d329e49780083a6fdacf31c744

      SHA1

      629c8f10805a3b230e5c66a056a8e8ba0b8680e0

      SHA256

      e868ddd18406b3442a7d187bab0e3d188e65ea2454081821472aeff08d5e588c

      SHA512

      f99a89c817ad494c10b298c540e051eedc24647eb3a152b330faa90d3d1e8f7a0372947de8819c6995faba62315280ad6b1c71e3ce15b775d70377e75d44ba75

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4095b388368f60347d6f09eb07eb9e72

      SHA1

      216dc8eef7893e92a2fc045d3c95311b08ce2b08

      SHA256

      a87522192d6f88ac07aedaa911739706ae5943565740570541298dbb4cf86c41

      SHA512

      82cef13f35596ebde606f0874229fc2d955ce68146a9477ba5a59b05783950983be809cff9caf88aa767fa69c131d7d27cf7f24d059a226a144b9e49338c4f4d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6f232b98bad990b808c041995db3d2e2

      SHA1

      9d880d53672261f76cd6fe0f21bf92416dfb9019

      SHA256

      5be69fa96516cd776764deb13008c9e782ceeb641dd6d8a0f37f61949f74228a

      SHA512

      ca0d3df85b0e0cb923ce75950336f277a30bf6e097cbe23ca55055ed330841db7840d64d3aa5d06130e938b85a0832b1fcba494143e1d291437d7a6e0ec5e14e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c132cfcf5278823936dce07818f87aaa

      SHA1

      dfa87debe3ac8a9b514f54488fba6d35af4bc2b5

      SHA256

      7e6304e5ff3d21b986a609c27493822f48c6332cd40157c79e076999e9c10173

      SHA512

      d014f8a9f689532614d12bb23b198933ea47de1070534abce36f212aae5e047a212ac506541ba12834d7be2dc3b5e8d276c9d384d2b92c470f6da7b7a6f1d67d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      66ddd1cf354c2ea9c0f8d0bba65a15e4

      SHA1

      a025b714925a5bb5573dc3581e16008159c2e106

      SHA256

      a6d4bc6fd6402cd29f86d9bb4445ec24daad6d2f8c8a7c1ba18d613aa730cedc

      SHA512

      977b9d7fc7cb91531883494c8f477717aac47d4a78e2e7154b7abf8f4e1c0c157b31d0a066c120e981741c6e771be829ede9145d49d94b9f55e2c43e255a86a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bb927d584d8eb98d4b68f15c27efdd8f

      SHA1

      1de9ebb7e5b06f0ec59675609b27ea5f3a8f5f38

      SHA256

      c0891c1ec3bd3516143fb8d983d9409a511104e77ea152dd10cda402c0f0b066

      SHA512

      324139f1b471371421a96db175dba69b385a77eea3cafd3e2b23230d8464a444e33b1032b6356da9464cfeb11e2add993891e99286565fd624d581f5eece544f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      22d3affe65d0f455b1ea0ddd01301f93

      SHA1

      89e1d12651a30bb525d88be18063365b112f427d

      SHA256

      9db5296585e59388516cc5afd02a38d5b57bac8ba5c1af11744f5a97f4493c78

      SHA512

      de2681c34616e7f89b2d2935e8b8d58c6ff8545d6630b3c78890b8761148c7a679217e36f9e054edbdcd34750b5ebd434c151b207ba57baecec4c0a7ae0ed622

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5b24161f09a02dcd3aff662e50181fa4

      SHA1

      83ddeca609f58f14e17ff323a63e054d28d06ab9

      SHA256

      6beca56b9aa4a088d3f88b686d2935eb7799cdfeba099e934580394d5e17c59d

      SHA512

      d96c64cff57c42a6ebfed8d9b0f97b4716cda1d1754d06d91069a91a3a6fb8a50482f13a877adbe74719de1259461614527258b6def4a3657bbcc94cc3ef4af4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7ddc8c3238b818ae1cd182f3224e457d

      SHA1

      af6ad1c529823dd98130373ff95daf9d5e4c7f70

      SHA256

      f90695e6a5c37a88f647e224029941a9e3d9fb51519562515fc86f29102b2476

      SHA512

      1ee195b3b1b5715112491536347a30f8fcd497f81d67c0bc3407ddda55e96ae1c0d712d7aa474f9ad5535a8ce02ceb8b1ea49d6ef7a244b361e144e198e3c319

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ae273062e8101f1f4aed87ca254146b7

      SHA1

      6bed16031a4ce70b073b1603f484013c0b92c217

      SHA256

      621215df2c53b6ecaeb507d314b6895ed8bf60e1b791187f0d4f94c30266b1fe

      SHA512

      fcbb3be55014e795afdb729f37673d03e5c19827ef10946baf653965451405ead52bc3ec6594ebd62e3ca0f08aa5c27dc378e3becd2aa5baba9a6d62c6aba5ca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      31395dec637f18d56fb70df62ef0f483

      SHA1

      5bae78a5812ffda6b0e0bcb405955e122a1b4fec

      SHA256

      1f2376b73c2559cc1ada65b38e6f7cc2ffcb9b98b580e3d6038f49e398bd3d7f

      SHA512

      7b6dfd34f6bfa38eab8b3df1859620ba837c99efdb8d1d78323488ac5db51460b3fb5950bf3814a61d3419842ce6a7d5053af5980f5eb00dda8659d257bb59d7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1dfc3b698c99901a1a1af2d346c3ff23

      SHA1

      8f98c0cb0d383807abf016b377e4933b29bab0ae

      SHA256

      f8d0454e4d006da1908b4539e61a7eeb6adda4dca410efa96e9d81e4e17dd590

      SHA512

      684fe22fb8e48ff60c7b6b52a315bd9dbdae67f473fa2271e529c36fdb7966aee990e05d2b97c180becfb093f31502333fca91bc4b4ede34f4829fcd5bca172a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d87580b1984510885946e9d9030cab5d

      SHA1

      c23155158213896e82e56751b56448a4126e6eca

      SHA256

      4aa5ab354017b1a82dc3c55358e66ba81b853b382277c2245c9e1dc4ebdbdb45

      SHA512

      345150b3117f673db9f6617147a00cdc6d101d6a9613492d8ec33d263258731f2b3cebf6803ea716f7ae4ee094e71e50afe406dc22ce91fa83a4354d4a6f82ed

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab3564.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar35D6.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2604-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2604-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2604-10-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2784-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2784-18-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2784-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download