Overview

overview

10

Static

static

3

JaffaCakes...30.dll

windows7-x64

10

JaffaCakes...30.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 10:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_514f81e299a26058af654e564f938130.dll

  • Size

    432KB

  • MD5

    514f81e299a26058af654e564f938130

  • SHA1

    d70ceffa46878e3db3d55105a2373642a974f038

  • SHA256

    eac039425ae9012c16232404d78c2459130b296cc304c8f2b86585d8711364aa

  • SHA512

    25e3edaaa186463ab8b833ec56c12cbc71949942beec149f9cd08bc19d9aceb9c49c22fdc405e40984402dba2b78667cf2c2d7496b34079d7ea2ffaf6f81d671

  • SSDEEP

    12288:eXo450qjYthuCNIm/kqF6a2FjyHIDiQ2iq:3/ku6FjyHe3

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_514f81e299a26058af654e564f938130.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_514f81e299a26058af654e564f938130.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2480
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2256
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2300
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1804
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b706db6c7928d0a76dcff150c9297174

    SHA1

    76b92a293ab4e146a999bb4e019e4ab5e3249ae6

    SHA256

    7cec0d56c1b0a486f23bbf4ba517c9ad1ac035939eeaa4e8aef828d4c4acf3e9

    SHA512

    c909221210cbf876a719a4aa16bea97456018a6283c74fe432c76d035c1d60feea6e253035486aa70578d4c3c1c50aab8cf4ab7ed7ef886a63c9518f9d2a7947

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddb28b82e21a846d93d82a9a3c6c7421

    SHA1

    49cecef93f792242e7366b49c4265fa2ed9a1d33

    SHA256

    4c6b9680f2940b9cb2eb824b40dbdb8cc590d1743f3f4969b5996f7eb1e25164

    SHA512

    3d68c9d36de9715e99325cb148847d76357481e8ef487ec450d3620d26748ad23322cefd24b21ba52cfab4e0693e0d5d2dde3a8b8b0df57c1ece29da4154ced3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccd35821102a6b547bcb499a77667bec

    SHA1

    5985c86643cbf2b2b49dbc6de6c3e622dad64e5b

    SHA256

    e6891b85ba6e5961dc29940dec7c31b03b962a68e09ba7c2c6b50ad2bbeae0c5

    SHA512

    1f846bd246d1305e7a301c59255289d91a07de5f8f38844b3eef69c80c124414b0ff24eb99c7fa5e53f1d68db98fb5fd5dbeca04f785e8c836a7bc3830abbc16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3739941aa6efcfe2b85f76ba6d29817e

    SHA1

    082698d7416f4dd1f4a96bc55e843388021761a1

    SHA256

    0a855f2f2d21b0f73505eb3e4e52f519bcc70b795521a6291dadbe713945a49e

    SHA512

    d2c37612d8718062e7d5b9550cb2c2e57696e21e1cbc139783b552364aed97fdfbd1dbb69ce4b761387b18390a4c5794d5e216921214bbff2016999ddabbd66a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1beb35a81cecbdad4044d0562f83e60

    SHA1

    2b491e39d5cae709b2489fedf889ccaa6d84516f

    SHA256

    bc13d1b947f33a2b870debb6bb2bac655aa8a37b9b3624b43d78b727425ee75e

    SHA512

    d05989b2bad176d8f7f057f24d612301ec047a94b5d922b80c9b681e57c0e897a7edaecdc6313ad78985613230eb688d31520856f4a4c2136b1379eb0b1a41ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53c9836a823521cbc630b414b452d228

    SHA1

    589f7e9c33812b6e0192f807e002d6ddd38080f3

    SHA256

    e5dd72c2b9bf64143c0f64faecefa2a197f5658cccfeabb51fa2b6a7e87256ba

    SHA512

    14d283ff85fcfdef02f5e097c119f0c506318eb4878e16df91e57201d8f0c40b46a5768c6522817de355c45be467d6761bf42e11f717e38b047f88abaf2b097e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f874acb3767e2abca8b137c6a967d4fd

    SHA1

    3fc959cf7694703cca925e2129435b1741c5c525

    SHA256

    4c8b3f3568c001bb87e76568ea02e39908abf4a6a51c53ea7bcdd716c67a1ee9

    SHA512

    9b5c436fdfeee856b86319a26567d82dc8387a36620a1963cd86366acce74c692aff2ef3f35238304d39d9fe75a3207a5c77e8889ac9da616589e52fd97ed98e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    745a7db49907d950df90e7fc5dced631

    SHA1

    392ab273d609595ff0b661db9192f38edb8077d8

    SHA256

    2f59c0231c135b48e52e8615c7f7bbb92ce0261ba3f2ed165763a38c5231a3bc

    SHA512

    9da262ad4d1eebda09027d4013a86929ba2feac8da86a9da91632c22e135fcd8341b7ad97a81b78102159949a9cc696f8bcf2fd1778c7aa15355f84131deda0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    631dba86b0f13b7738c1737cce81e9b9

    SHA1

    f56671cf55daa19ed883a2b89f501becaf5ae3c7

    SHA256

    28154593ddf14fcd76121b32321bbc620be19d0d9d3d5f9063c55528aefbb2ce

    SHA512

    971afb898717b0dfeb981c0da8d199621882358a864d6558d264d8097de84c6f8a1be5d6612fba40b93c0e312cc1bb8cffa30bf38e7c932a713bf5ac0fd2c1c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad04cbebbb08568cb3eb6c495eb85caa

    SHA1

    d11e6b438661c523b886314dfa76f5bd61cc4da5

    SHA256

    8c53d5b98ef44bb3b900b9f4af75399a897d180bae06695a33a092adf2cff6d8

    SHA512

    7320bbd712deab6ae8ae46791ac63225c9274f5f176b400ff60c3eef1c600402337db34849173557f1b7076f59da0dcd89b87072f7a542b7bdc2c16e65d9b451

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1db6e9d2cc36920b9a1aad0ce12ac43

    SHA1

    31db88d8cb47dc7955672e8a8040ce0a456c23af

    SHA256

    77f1adfb96d03c50c51c280f9f9e610887d3935a6121d8b793a9db208315b6cb

    SHA512

    8f62378ffe87c3657a3dccd298d74a05053f6dce763b2c2c040f32557846485b055d091fb0165a271b9fc9dc2cf6212a1769fad2b7cd95940ee8d29982e384d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    623805c0e24dda554d120462e2bb4c3a

    SHA1

    88b1dfa89f308a748a68d79db5ea453bb2693a50

    SHA256

    bb84594a54db852f7aa28b85f20e1c83d50a196ac0e273609517dd28f09ecc11

    SHA512

    3f5300b80de2d489ad192428948b2bc68a60bff5d7cd8947e883961602ac9082a0f45745dcc135d96532d55d8c827b8bb68de7ea594b9564830858c966ad8801

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    788e435e955e01d1a546d1d93408541c

    SHA1

    c1edd6f26d760753b91a92ac03081bae62bde6dc

    SHA256

    b538f39a9e85b8dd74aaacb322c4b04097bb89149f0ab71757e2ce1b394f4dac

    SHA512

    4f2bc3788ae558b4590ae8221b9512e2c013703d48120d5b808b92e1047afcd9214f7191847baecf9291cc46481faa2c26c56289f5e05029405b57b99596c172

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7f9b2c5a47fff3408940c9497999941

    SHA1

    bdc211d41e3cbf5565f8d26a1e098ccb513f2af5

    SHA256

    411f6755c6160f7f0faf12721787b4768bdf2828a5194cbf6cb801f0a9230562

    SHA512

    ff9437be323d121afb77150f73038e37831a3261783ccee2e2c17c68bad05fe28f4d4a717e3218c5eb7230babd6f4767ea9da5e18d8182f1b6849a7be00422b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b005f493813cc361102d91263fc6383

    SHA1

    947832a4d4eb065ce2c0c2b3dc309c394ccb8f23

    SHA256

    2b597b0f285d1d55361b668cd0bc1185f8b65eb57a6f5d5d59515b13f573a949

    SHA512

    4884a1c6723f300229db586670cb61c30e1e4eef45ff781229f99bdb06c2a9888e243d1d7d792a0a3c27de872faad1ddf665542dbb3e0ffe8e886ee46ede8d11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e5d57e4996b328b41bf9f8ced19dd7d

    SHA1

    b91ab2ac3334318c060ed38b66878761f6ba2e12

    SHA256

    bdf4e0e4e37fae3d08839d28997462efe3960103a6571c6d9a611971d376ac96

    SHA512

    bcc4fab9202cbcace9efae992abdd38415022cae76b03b4f0e54ee80d9ff4104597ca485df5431590357262cd975ca8d2b46eb2386cde695e8466548513005bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a26eb8f6ef429b1fe47ff85bd49d38eb

    SHA1

    fc36dbad3d73bd5b2b44bb72ea94a70278594693

    SHA256

    39915d7ad552ef4d30dec7cec5fabb9caa18ce7565c2b29d3939db486ca8d329

    SHA512

    45eb43d613210bc72f604fc5658c15bfb0f19d870f2036f95a298ab9c4ca52821dc0d7157c4f3e7afc8607f77fc1191a7ff01db39d5697d753417a2cd7db3c65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a33b9211149cbc7678d0b2dd4b883639

    SHA1

    aa20ca891bc36b3d35de64472af71cc456b9cca4

    SHA256

    c2381e4011ced2c67dcf00da93268740f4e46fdd746c842c333269e79a16cf12

    SHA512

    dd9780f4e8e4580fb90d72732a562eae39addc44663a9b1fa0efbb9c5902930aca57867e124376d34be0571b1cc551f507c707a2f017144a83bd220cc7b681ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab216.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar286.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2256-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2300-13-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2300-14-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2480-336-0x0000000010000000-0x00000000126A4000-memory.dmp

    Filesize

    38.6MB

    Download

  • memory/2480-15-0x0000000010000000-0x00000000126A4000-memory.dmp

    Filesize

    38.6MB

    Download