Overview

overview

10

Static

static

3

JaffaCakes...f0.dll

windows7-x64

10

JaffaCakes...f0.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 10:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_516372af25e076e0811b4f39847061f0.dll

  • Size

    260KB

  • MD5

    516372af25e076e0811b4f39847061f0

  • SHA1

    825887aff8f1448453b22559dafb7885a5d3ed93

  • SHA256

    a22d727eed75566ff96002fdf22bb65fb137d35a07cb6653307ae83457b939d1

  • SHA512

    f81f07cb71579332c86e6638f52aaec63b371cf8a8505e7abf6eafb35497bf76154f6da801a8726427db1073f77511377577985a5f317fb1e8bec03237d95a94

  • SSDEEP

    3072:v4vR1RkTcZ7fcxdl5CTxlGuo7EI4MEu6JQtOLYPrLroxCvSiSu4HxBWRDeBsuhO3:volGAMEur3WX/JhOX2cxTjk8Jet6

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_516372af25e076e0811b4f39847061f0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_516372af25e076e0811b4f39847061f0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1572
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2464
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1080
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1080 CREDAT:275458 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2808
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2400
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7dc2aa1db6140e8b38e63230e7247860

    SHA1

    170dcbc1fe142be3e18a46a9dd1de3614707d40f

    SHA256

    5247a09d6ac7ffc6c386cc4f97ce336ba1fe61416cbbb680f501ca7c27f94440

    SHA512

    3ebaf9ead94443a8069433302ea6e2f97d853e2c68a9aed801395c38bf93eeb42a8560fac2a512f43c5ff63b46057fe18425cdc01e9fd8ed647ef3ba19ee2e54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3577817ca3ba8becc6c493fc7a821484

    SHA1

    2d067cad0ff5a467208752bd6f278b4f01428c04

    SHA256

    5546f8ec97d900f87559c24b6b75da82b7826eee62ae271c58ef8538e6be921f

    SHA512

    a2183605d98ef4e76b21adba8238bd6b02441040711f2d84fbc424f6c8945f1ab8e97839c6615d6a986e19655c4417dd961ae83638f06ea3ee24516f09f1b8e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9383af0a1a4867697a32f7a69835aa18

    SHA1

    896b8b204939135243beb4610ba385340c3206d0

    SHA256

    7204d119a512b44cb6b8ce84f69fc38fd04b4162d2519f6dabf87e0426fcac1c

    SHA512

    a00c0d2f212f1dc7dc1f2c21f83f8a1cdb6e6f082ce82696d7414f3de7a76fc6d7aa4ac53dcc363effb500fd9ff737090c8d2e7778c58a6c80bc7abd71764a0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a4eae9f4fe36539635b13067033f390

    SHA1

    4d7ea30271d96d743e67cdfe9b42e5c6d68b40ea

    SHA256

    3e41f0b9e9aea7b6a9b2aca9ef23e56b235a09bfa7df511017c02ef01f413a24

    SHA512

    c6667e38572e059b1b19ba2ca54b6564cb6665abf22cf67a92bd8f745ed3d22259622c8d419a9f2bd8669210091a46b3b9a639883715e50bfed67c751738c0b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76fed4c50e904fb191c323243de7a37d

    SHA1

    b1b3a8a45861bfe401524e3b698c1717858bf2fc

    SHA256

    530325f9d756d1a6a02957ad6970499a3d85247ad26a426721e215a596c0a801

    SHA512

    8a7a01b3c19ba0484331afe01857c5da4104af2c003a18871fac54dc1606a6dd3e908986162d3b4186a01e0585110cdb7cec0e695b32deefaad5dc8b9a7540ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90ccd991ec2e2ee94e3b0171fd09c8c8

    SHA1

    943e54e018809675d215b9816a8075462f3d9a50

    SHA256

    415ec382f482eaba1734e8a7b113a403d7993e19aedd9ad3cf0d79709d5b42e6

    SHA512

    2e9685c0bbcb94a0966700787a219984e1f94180465d90e1491f5641b1c316b290de5b85c7f2468577f836d5e52e118b49d451b4f1b8e8b646fef1b6224f61b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    825be7c5b5c26ce24c666983775294c5

    SHA1

    2b867adc6dceb4c10a1d23187a56785c93974539

    SHA256

    22f244158a3ce6ac65d411d0094599210dba63cf3d77713daed00ca1b5a95dcf

    SHA512

    67ac9f7639290c79af6cc3b2a530cbffae07a4f99737d7ee6a087778397b3bf8f87177b5531c5b98aa042ef51dd1099530ae1310e845b98891a9cf995ac65740

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5471fb654d9b378247a7467ceee65b9

    SHA1

    55deb0bdbbd129897489188d6a8daa76000cfb13

    SHA256

    00d1176c64b585ca301befca8d61095bc887379458f12766d190c4fa66130ff3

    SHA512

    66265e0f6b5d3ecedf323ea467b5da0c55a07b600b43ea4483e7cbf89451d14fe411f652204a80ad926cd172ea729dd772028d25c376ac2f9eacec41f5d949b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3acd59e06c473b61240feb8d8a105c6a

    SHA1

    985719f7aa4f316599b0ac517baa1e59624f8aca

    SHA256

    efeb25a2c4eee84513f81a8c881e14c7e1108105aefadf0f7556068bac672c9c

    SHA512

    ce8ce94fb9bc8843b7eefbbe98fec916966236ac33dbce9347c66f073eae557edf0235fd56bad0b293988c2900352aa24bc5bf99857c621092b266dfaa075d9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31d43945e705e651cbfef46c3976d293

    SHA1

    76f223de08a514f4a7d0ffe9273a09a1c84be0a9

    SHA256

    e35db0dbc2778ecbf2c9f578287a6ea03f00e2093673fe094d99c33f2c9aafe5

    SHA512

    c47a612f9381aa3aea09574b86dbd1adec990d3a99875b1f4f17f5a1f2f6801e40b5ce7a08ae535872f555b20db44dea4dcb363528ae67cbfe8f744c8fa3f542

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ff6f8979e3ccaf513d757aa8662b9b1

    SHA1

    e1b725425ccc5c292b794d074f56c855e67249f3

    SHA256

    488aa068d3ee5ed8b5f41984fd0d7e19934493aef15d22b102edb35115af52ad

    SHA512

    aea4147fadf32d04b737f1d3a48315332e5fcbc68ad01f9ef8295b0a06da6fc3177d912dd2c8d982a5f40d61575410d5d1512155ce938cd2f3c4d5aa31370ec5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7b456686f75ba6abf8dc8c91f32aa2e

    SHA1

    9c41473f8dc8fcc9145603833c6e32d126008fa5

    SHA256

    8f538b504b08f85d7e68c32e4a370016d089c3d045d731793984613843b86093

    SHA512

    72ac4cb253197a06bce835df23ba72475fced511d06a054336f61dadc392cbec6d0aabba097c78c900677d9ad9ee04a9d57c53bcaa82750b2cd1bb50d6b1fd4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e83f3b1350ad8cddafef399258284565

    SHA1

    cef0b837b441226f12dc9e7baf3225269b70f64a

    SHA256

    1eb6e2d00e486e1990941079ae5058c70773e0cd986016c36cafbdfe003fbefe

    SHA512

    971dc1ab52153392243472aa712a2b2a88711a7ea4daf2ff1772af91715d74cd209d37bed9e1b45ed97be729701e1c60d564465a5354b858e963d4445218bae4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    231432f8585f503982157b78613113cf

    SHA1

    6acdafa14d7243fd27c4fff7fcd259652160597a

    SHA256

    cc70b80a9fc05726ebacc4403bb5eed89b99ade5a54153be9551865b737208d3

    SHA512

    1f364f79cac0b4be207f554afab9cd04920bb653abd1f60cce54f9f23b0b95519f104c687c174e7108044f7e21a981ed41ea7e39dbcfbba755e8fd0d6e0b41ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92ef3c89c9105b4ed43d14afdf44835e

    SHA1

    9fb24070f01bda2d8eb687d477cc5f13bb70dcf6

    SHA256

    c2af944c8003a77ef95b944cd76a12a62332f0e657ef7d7e041ca62c7e329ba1

    SHA512

    6028a9f14aa5a9b9b0aa5f35bd4194740fbf5e9bea6388f297219a44d201cdd97d89e24ad1bca35fc8aabf3c16ff8f779e67463ad4d7383d198c1bc5078cfd65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d47751b5f361e67f1774bd2651d51b1

    SHA1

    a8f565826a3a3705f29d83b0b695d6c852a5c175

    SHA256

    991d6f3b17a2f531ef87d9a22f8267eb8b22894c3363422a05d07749c0803ed1

    SHA512

    8da8ae173845958ceeed0fb2bb406a6c18428a45975385d6fd6065249884a51490984d32c5590539d3c89d397d0d821fcddfa4485937b5828f4c0a7cde1051f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95a9997d560a843287f2e087b601984e

    SHA1

    7e120f65912ab93b082a9590a347d6113ffedce5

    SHA256

    748a76342a37c3aac97fabc53e4253884f6af9f7f49fc07a3b8eb5510555175c

    SHA512

    115b1b3af95b6eae1b1ae652ddae9f6a38ad7bf49c7cd788b99ab705c605fc24fa497b60af186cf6df7e0b1ab37773ea757426fb6165f29811c0610f7a0e1e59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e9a7216658aa12473972434397266a0

    SHA1

    ae4cbe5059b2c590eaba7103d16470a3efdd3332

    SHA256

    1e2ba35096c86ccec936990509a3ff912645fe4b70e8a7c6b458b9143ee0f470

    SHA512

    a879fe069ff07a6228f06803a401f65eea04b7efe25652d3a3400522e405d3a82b4fe6e0a0528dac4595688b773072217ac3fe04e1622efcc0b74a5268c59c78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    761824df5638b8a93844d0e02a3728a2

    SHA1

    049849163f84ca2dc494c0aefddc42288a0b6e56

    SHA256

    b4f0871a12ad649d4f7fed6441393dc81f0b5898cc59f961c60bce659513160c

    SHA512

    4cd13c17f041d9f8a8981dce7ccfe6469cac7cebe4a2ef1bb16f2add7f611b7ea0873830431d31b425c09b32c03f798d369912af456a3f3d524aadde497aefaf

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5A011A11-C82A-11EF-AB2E-FEF21B3B37D6}.dat
    Filesize

    5KB

    MD5

    2795ea619ca2fd4c00857a61fa5bacaa

    SHA1

    81c454cd53d70673731a9a604c789e8017c9ea4d

    SHA256

    c551607cea5989ecd1fc7b0c2d59b761eaf61f40d80eb1f6b015e88fa72454d5

    SHA512

    fbc816cc82c926c75252dcc9050af2ddee6d27285490e04c00e0e77a4c1520b0856dc4404c1323da5b656a0bda3501e5d7d8f45ec224d36648e3e097ed01015e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBC11.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBCFF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    99KB

    MD5

    f57eee1185dee33198b752dd1f66ad55

    SHA1

    b60f88d65f8805bf2ca095ecd1727b15eed4ff12

    SHA256

    6bb93bea58d84b9c6a562a6b888ec84ba0ecb7575b6c8f3264a9e9fb44ee37f7

    SHA512

    cd97a2207d7ad6178cc7c9fb13fda7015bc30a924aa43b6e8ba07961ef878a841e6d025047a35e3b60ef23a3ab9b59b16d1abe09f39dc0cd6e5515d46630ad40

    Download Submit

  • memory/1572-2-0x0000000074B00000-0x0000000074B43000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1572-881-0x0000000074A90000-0x0000000074AD3000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1572-5-0x0000000074A90000-0x0000000074AD3000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1572-10-0x00000000009A0000-0x00000000009F4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/1572-1-0x0000000074AF0000-0x0000000074B33000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2464-18-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2464-14-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2464-15-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2464-12-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2464-17-0x00000000007C0000-0x00000000007C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2464-16-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2464-13-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2464-20-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download