Overview

overview

10

Static

static

3

JaffaCakes...30.dll

windows7-x64

10

JaffaCakes...30.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_53c7db52af5bd29f832f435d4bacfe30.dll

  • Size

    524KB

  • MD5

    53c7db52af5bd29f832f435d4bacfe30

  • SHA1

    bb803b987c0ea79fd4887dafa9c1eef11e176b3a

  • SHA256

    7363886e017a69013eb9b8a70a1086518e9505567107d4669380e79c1fe0092b

  • SHA512

    eeeae73a21dbf6aa2c809d47c72cb33a9c499d91fdeea69817a4385e0387ccad1cfd6f25c70d08fe73d99c22dd2b84041a6b5f80e0d0af13c0b3fb936bbc71e0

  • SSDEEP

    12288:iV7LMzw56Wx1Dk/qon6xyYhgPFaUVltjsHIZsCuGd:01oC3yWgPFGHI2a

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_53c7db52af5bd29f832f435d4bacfe30.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_53c7db52af5bd29f832f435d4bacfe30.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2616
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2648
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2872
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:536
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    296180531641dab11900db9bae6ac9a2

    SHA1

    dc8138465adbc4f7e05f7b176b6154101f5da103

    SHA256

    419e522b825320c6af152d7c4cde656c0cdba5ae808d5bd98089f03a8fea4b59

    SHA512

    4d394ff54e2ff150e8e60902cee17ad3be534bd928c04febfdc261ea1bec9368b4b412f59da56184a378116ba0d992e8edb0a2b2b867f9f9507fecf8d383500d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7ceff7d1d5e87daf7ec2f355651cdf1

    SHA1

    bb0bd586a3b9bce89992478aed49b1b87bf8a1cc

    SHA256

    10fbbd9cf97a5733e1ddbbf82047e391fd2652596dfc5d1b6971b8c356d19b92

    SHA512

    2f81cd12ae453d45802a55d56f1316583e798e745c68b2677f3ff56fb35396d94bb9d8763601c22a7c1ad430f7b9c0fd9d1b8d45cee2046d0a64342a812ce6cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d34754f89c575fc5699945c2befcbf8

    SHA1

    0acf6e2b57f478ad9d7938f8a806c467f8423ef5

    SHA256

    379b32dd75b1a2bcd7e28d52cf4300554ccd78676ce4a05f9c58501fd611e86e

    SHA512

    b6be3eb0bfb7de5b63a51c51ccdc15eb53b0b36077d745e56caa43f048a79aa4770d70747097a7e4c2e24ec3df2ed5a6a21182b907fdf0de4840901562fe449f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e50851c5aa0477d1912c72164cf2ddf

    SHA1

    3a05f361eb1e54d7b948cdbdc120e3fbcf9609c2

    SHA256

    ec276b26c3e8dce251dbb04daf13c6e9d2442d2bb53d7b8131383f18cefca1a5

    SHA512

    aed85c8e92d4734fc1cb1e90b5c12eca6859776d9ba1525dafb0f6120ffdbd17823b64d21b7dd9fe16df9818d597b27742284a09f1be775fa19e9676e80f3102

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42e62e6142e2faa35425721905abf140

    SHA1

    c285c22329367e1e01d102d1f85f5730fbd7c5eb

    SHA256

    d6608f9fcdb998f99107a005e3829f4e7227eb96b6695bd879d8daec9e1c8c58

    SHA512

    e253407c5ea35184d7a3d33da6b07859c8d373a02e9151c0faceead644193daf6c99515c26b4dbf2102ac437fcc0135d474f523412c31c5128429f54425f2c00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5a8b5023da220ec2b9cf321cdb9488c

    SHA1

    cffc9595d065c8a302a7204af62e7087f0d5ded6

    SHA256

    3a838ef1ae7a865e7ecf7479963ab87b911705ec0b92c821b0d9700713ecabd4

    SHA512

    e375abffb4affa116274f6e2035211469b1842b9c860dd5fd4a0c9ca610f69a6ada4fb2dd94368f9cc5d1fd8ad703d6d9838e94286f94104c02c72438ae8d44b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1e991d38daa0db27fe11b52468c881f

    SHA1

    888f8cc45701f135697d361f6248a75dbfadbcd9

    SHA256

    ac8afad6e1c18e7897f0ee57d56ffc39c3a39fadc27f17247067bac92a98c3c8

    SHA512

    d11a96936dc4be83faf5fb997eea2a2f1b08522b6cd2d4c439e1afe5607b1dab9f1a9a2317bf7b9074dd4d7556798cbfdd7021913fe68bfd7437f7b976c558dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2196bd74db56ed9116d94d34830275e8

    SHA1

    38dc5cacfe29b0fc306c6e88696aab2a6f6cfe78

    SHA256

    f038f0a97ea935855c1e646706921ea3872c9f1ab394fd455bef61354fd7d816

    SHA512

    2a280041a8b0d6a0b7cd394c69b1e3b41368257c52960e9eb51857b4e10b558aacd352f3842c4ba7bf035b230f0b959c7b488ac410281ac7b3b1a7c00875e619

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b869efb426911d717a1d00656db1e28b

    SHA1

    0ebc20c0069ec970940285cf3575793966b615ed

    SHA256

    9849f88b66539b4370b5408915d76b353713941c406aa32a12c0735b57cfbf24

    SHA512

    d3d69a51398b10147d6763f95faa9640f83b8beed1603838da5a949fbfd90e83e0052b62329d8db73a020fedc9ba70f5fa1efbbe2b7ae7e250cff43546be26c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8be2f73a7609a62e19df97abd221eb87

    SHA1

    fe04f1f604a118981d9fb714228c2ebdd610375c

    SHA256

    eb497f8e840db2b6c8baa1be17363d64b1c33299ad51f474ffb845b59d428267

    SHA512

    f5888b40d5083469ea6c60da7c40e764bffd14b41228c5f2d933230523903e2017ee596ceb7e41522b74e86c18edc9cf7a9f4a4a25729cb6f47ebf943a9b26bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66e9ab7f9404f4a2248138d73742687e

    SHA1

    748a7c6e1880d8ccb6480c825f938969e8ff79c2

    SHA256

    3ed96d4b48818e990fb47433c7ebb16bc9c912c15ecc3a1cbf8036739fef6274

    SHA512

    b9de5d0b36e083866b76a9c59b435cccaa806f9958030a2f04bd20b0258a831b8d396f8a84c6f9fb82d95dca4a60ea24bed50de5bd2c122d3be3abb6e6627343

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0033a555ff73832473a2677337b5068f

    SHA1

    3cf648b0f70127b512ad1cd4e285ffd878a36a56

    SHA256

    72809055e6ec0b9e045ab000d75ce70616b8acbd3dfbc6bb31c574f6b77dc55d

    SHA512

    21f4f4e88fceb9b90948a67e60bf7c6e374e6f55387b90ee72782550b7c3356828cd073b430c5ba61e3d50547356e41adfad22c4b2a149750086c0e7ea5844fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b95ebe4bc1a5ccc569dbd6e2de724b83

    SHA1

    5887de7980689ee9289314d89ef6eeb37ad5cd66

    SHA256

    2073f4d0004fe50007c919a424d69dc4eace5bb569e0aaf076ccb4419b18cfa5

    SHA512

    4e24409be77c32e5a8a310a3bd9a5797dab7c04779a2e3cc5b92173f9c21d11d4f4f64e42f6d55da8c21b51d35506ff3b51d3f57348d5f45aceb774ec88f3417

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1d5730b634c80b9b4c1b1a252c6f1d2

    SHA1

    69aa437ac6346c90aee4617d10fd33c21dbec240

    SHA256

    a29c812c3730e377f736f417738a2b7e8eb7d971f04e8a385a40907e0e112257

    SHA512

    3b8d35851086bbe0b70178caae04f38ef7f7797c25fd5786285b6b7fae38d4a840160b1f76f84a00c2b930b5e412d1237b62fbb607cf5c897c5e3d07732f0865

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2581771f520112e1a11c49c58fe9052

    SHA1

    a8ecb2823a029c597703478458275b0c94900db5

    SHA256

    f33b06e9bd6f048d31a4fc58e7123197c738d54dca0477a74ef9bed2c45de89b

    SHA512

    dada0389a04d87ac1f846d89a88a8b1ac8471635bb5cc1bb69571f677019ff469168ad08bf3efda383444711b2ee7593b161401bda1f6218a826a206f7aa0c35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5d9523cc8c22ec9950c59dd5e8af23a

    SHA1

    2972700edcca26313ba1708d98864775bd1ce09a

    SHA256

    0d61971fc6010cb598b60047c5695eb17e448b4e35c30ef6b531db41ca8251de

    SHA512

    ed449c1c84960ed144ef498bb40682e96d49da8f1a3db2aed57a9e75e08fd14598a7bf4d731d768baa059948cbb996509dc287347410c3e7ccd2c82f5477b15e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    482147a6dd7830215c1de75790f5b7c1

    SHA1

    fbbcc1412b0ac897c1a2cae82baacd251e5a9246

    SHA256

    db14cc63629d57d314304d0b4b11853c35a99ac841484ac80a36af2ba5c1c76d

    SHA512

    007d53d52bb0ed07bdd1cdfc191b5bb709e370de292e0194fe2a809cd0059c631084c5cb7704c8d30e7e0df3c71983f967bba750036f12e3af7d1c2cdcbbc0a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3829654adfb574b8ab64c4c5fe69c7a

    SHA1

    50c07251914f5214126f6eb91721fb9f698831ff

    SHA256

    15be8ad2ce3941691cef3c0a3eecef26b98116ff737694423cc9af662a945caa

    SHA512

    377ca53c27236846930e051e93b676279a72df3cd87bb03b7d8e47b2e232749712256432967bf1a310a0508ac8bd8ccef0d06d9b2061b1bb8296416ded9dd472

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e95c5c63e403fdaec4b7a74f8d6eb857

    SHA1

    4c34580faf1982ff890c292eeb339adb912fdc63

    SHA256

    7a14940252bd2de8c823726778ac2b84436436c44a6e08b0cd57d12580638864

    SHA512

    62c6e21683e8a173e7099cddde8a3de37824087d22afdd498060f2ae7c076ed99ca5552809a0d346aab4a2c20d5de70c7315dffbbcadbae0dea76dbfbc54cf2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f17401c91e4553e1fadd9eb5a776fea2

    SHA1

    cd28d540415b3ffb0da12cb15ed6bc376bb15546

    SHA256

    fd7cdf527baf16a182600f093f39edcb9614fd84ee46f18ebdceda6bb59192a9

    SHA512

    a623633d86ff2f797d112b0b0f38af37cf6904a513ec286e7511e56d056bc0a51cf42927cbd35aeb05c9a9a4416622dc41ad7e3adac35f214205be0312de309f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ADF90A01-C835-11EF-B666-DEF96DC0BBD1}.dat
    Filesize

    5KB

    MD5

    e5616dd8945738e84c0f8e8b4bd652f4

    SHA1

    7a39483c513332220bea3817fb71c6c5ad3d3acc

    SHA256

    9c828acd79c424d25550f74738e6d650d215b19ce20362d9cb3a11d3a86c2f7c

    SHA512

    930265ae14bab7ac4ec6769727e25e34d9579cc71a82d784e1504411bd7ff7e1788763096ed1223fa95ecdcc8574ccc46eeeb0a14f4871ac27fa628a5c96d6f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ADFDCCC1-C835-11EF-B666-DEF96DC0BBD1}.dat
    Filesize

    3KB

    MD5

    06b0d185139da1aa0d1fe45818f8004d

    SHA1

    b9f57cbe2356f8e672da2216edee9b3f3b8534dc

    SHA256

    3ff26dfcae35114f3a16ac91c66a35c39cee1fc39020715c28ceadfe096759db

    SHA512

    af5a0f8be8e279d11bfddef7fc0d9a1fd69bb3a335ae0751495210ef10c2079a19ac56179928c5ac7c0c11a51c6b27f7b93ef66dcfb67c998092961ed62d65da

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF47F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF59B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    125KB

    MD5

    12d840fc0b79a745c013e73c4c470467

    SHA1

    f47b3c28974d6199e596c365f5e7161656480100

    SHA256

    7ee9098ea2bc30eaea20eceb5e8cda620772c4ba2d7d6945e34ea93fb6054ccb

    SHA512

    de5f3cb695f1a10d897968668ea403721e09f9c66db796d932b8152edb1681dbac777efb63a2cff9d81380d09452f90470a8b77363a99f21421b9ff61fcb930a

    Download Submit

  • memory/2384-4-0x0000000010000000-0x00000000100B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2384-1-0x0000000010000000-0x00000000100B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2384-10-0x0000000010000000-0x00000000100B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2384-12-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2616-22-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2616-18-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2616-17-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2616-15-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2616-16-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2616-14-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2616-11-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2616-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download