Overview

overview

10

Static

static

5

JaffaCakes...a0.exe

windows7-x64

10

JaffaCakes...a0.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 14:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_58a0c6a9ba94f88701b8b61017c0afa0.exe

  • Size

    386KB

  • MD5

    58a0c6a9ba94f88701b8b61017c0afa0

  • SHA1

    9fa518cbdccde1726f16e1a8619d77253fbceba1

  • SHA256

    ab9985991f6c29d125a1b8e23ff698684fcc7562fc578aa46783d2ade7ef4eb6

  • SHA512

    78c958cb37e7ae38869b535dfa233a403b4ac97fe78ec162ea568f8943734697b9bec0837a2e83180354615217539c2223ecf1fc72e29018ba207db84e437b3e

  • SSDEEP

    3072:CrSFhxp7xHSc7qzPKb/0at9ayXAVJlz0rpl:LhxFxy8qeb/9zaw+zyp

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_58a0c6a9ba94f88701b8b61017c0afa0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_58a0c6a9ba94f88701b8b61017c0afa0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:920
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:920 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2760
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec43e2c54a29fbb87dd115f2c3fd9649

    SHA1

    94fc75c0fc438129d876ea31ea18e42a9ca1a332

    SHA256

    8ad252b211fb83a05c303d8eebc64f5b12a947a3e70e23f2d477495902cb4b0f

    SHA512

    af8f81e51f764375c4844cdc74380d7a46a930284f9e13e29d0863f7af06a56b442ac10dce06e1b618b8224356e45f11f97a005df1dd0dc213efc1ee7248f54c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad8f0db4f256da972d100f4cfe873d9b

    SHA1

    ad56ba5f936a2bc01cb0206de81d86425b6ce254

    SHA256

    bb77b0b92c943b40ab0fe1b9e93900278375e143b6c039ef32a094f4fea178cc

    SHA512

    cc4f2d689c78ed23350ff1e4204b6d7880e0d44aba69e1747c65ad5618141e54d705bbd84073f6844843c19bc8c5b7248bd557a01508b2b55fc32d57516515d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b46274b087dca893166dfb8c83f3fc15

    SHA1

    bfedf443364d56c62fce8cb62e2c95637743200b

    SHA256

    5a4d14f3ffafd44e7c4ea0d5d08d46016f01c5c87de97a5b9a5093741c42069c

    SHA512

    27355f8e578085bed98d4e64be387c58ab2af329e73785e56f145e7491335344536cc3e0444c71f40746f5c3fa8cde4b2637b1b581dd7b25c3489c4226349eee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b36cf089464270d5ffa2314ab843a51e

    SHA1

    61b14138e0ce57a2fc03095f1144688feccd1b39

    SHA256

    4cb51ba73bea88b5cfabce1745b04b3cfe01b3563e8f5162b38e7ecaefee616d

    SHA512

    576f6ccb401d2624d1937b6246a300918071c2035832260fadf3156734c4a9051cb7a9d1b04c0ebd42257156752a50255b9c5c8615166667755a291d7f2d8845

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07550eeb9850714d163e3e763a34505d

    SHA1

    3ee9dc2634e2760db68f45a79388eea9afc86e1e

    SHA256

    1f8734d310b9fafa72e8e85541066a1b63ae9e7c14fa5dc42ab9562cbfb3eea6

    SHA512

    c2f06697743ef2dcfa7296b5b11fa17242c9e3961c20c35abac34efc194b5d847ee8ecb1c2a88b2e32b1ae7207fedaffa674c0b9ad211faf76840535f2026606

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b51cf17307f2a9e1ee5b686cf3015dc8

    SHA1

    9c8b9fec8778cc1b377a4f53d983feae173ec290

    SHA256

    bdfaadadef0e35a88a4986d98b72bd4b840903bafe37f71f4779716289d5af92

    SHA512

    3d65a54c420a14bf3a17061a61e560f370e07543fdaeac156f2bf84cf006973743d3794bb0fa1d97312e97dd6b3a31fefab89b485ad81bdd9e0eb64bd678f48a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f82a47eee0f1555f310e74edd52a124

    SHA1

    1751e10bcc499e74606b339ab3eb7bc2936de3da

    SHA256

    8eea106ec9d056e8244a73db56047f4b9c5cf536e93270f061929c0f03bebdde

    SHA512

    4b3a3e9de4f121bc6d830960cd4f6a426eb2bb5a256c6aa3772c17db1f3a2166ce1bbfdb4ef56b2202a6111af88e50ad4429a9f8a555bff99fc08a815f5e8e24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77bf1a0961463f7123b454be35f707d4

    SHA1

    a778520534596c1a85d0ced39e4f3532b71c7606

    SHA256

    d3be40cd72bd4a564a5e01b533c7a377b071e3510ba994f36b9ed723e2662fe1

    SHA512

    defeb950d7a1eaf49bf00002c709f619e69ae91eee39aeb72722811663ea44396a554c1d3d9ed944290225d62d37ca29e30d89b9c631f43eb1d7212464b4f1da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    159fa915bbf6506d67257abc233698ee

    SHA1

    8284e4f879f764e5efb3dd96172b56a9d8fda2c5

    SHA256

    05e6dbcdd3423f24d5c0b6358ffede2d1e47e493887532b39cfc2abab36790e5

    SHA512

    231de0647076b581d224ac18226b1523c171eb346f5ac81cfdefd23bdccdcc59ab0bbba67c825f36488f8b275b947c52c582161f0c2c32745892922190cfc7ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    170f19d2cb01d83380132a3caf51517f

    SHA1

    527d65e09056708de2f4d66bdc034fe41f981890

    SHA256

    401fc502a22924e65b56ee67d03c0111cc28c14a4f1f98e3a3669794dee9c200

    SHA512

    6b2eabaac41593335165905fdb84b463a1294127bc7c602524fbf403754c2026f46e239a378658860939b03f73e828ac4d877351660d5251b629eb63fe2190b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bbf44517c842cd42cf9a8ac6a76fce2

    SHA1

    3868e7002cb819464abe1377efa4ce95b1abc661

    SHA256

    4e989d816fcce22fefc36d0b8584c5f5dae46cf067659c732d542ecd2d573eee

    SHA512

    63a0b8fbe16d4396aba6e988a273a668f65e47fe570be26ccc6200cb25b240e07a4179f78d038bd1dc652f8f1be99c5f1d9f85c80125e99fb77ebfd14476d901

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45521d483a03c3dafb08a27a37dea1d9

    SHA1

    13cf1fb58aa27165773a75d996623753b1e40f86

    SHA256

    b583f858ec9a038c80aabc8003ca6f925a9ce8ebb933c434a8c58ebc07b59e65

    SHA512

    a170744404b39fc63edec52884a305886365a72c434b18110d093911615b48dd3fdd4acc6b002054bdd55d77f5262ccc5b0b89220b10afaeaeb2202c47e238c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc7927334f8caf12084bcabb101b79ed

    SHA1

    f8ac1eaa0e7e64bcce0346a3295033c9a9032feb

    SHA256

    54596c2a8fb56a3f3adb61d1d584705c00b1ca609f2f6294c57691f0c6dc6c34

    SHA512

    3ed6b99b7c173093e9918f95b98d77ab04fa8d8dafa2a041e8d58357ac5d4c42777162d89682c3ca60cd40677fe8e2feee59f9bc41a994d5604febb0a7413148

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c156ca3ef3715787b7f8124d53a833c9

    SHA1

    6df4fe5cb93e7f3bbc4ef063ee538f3c5ce31443

    SHA256

    d8bc68650a4abf9982ca8794b7d0817ca8b57579a784ee17f4ca1d9beaa182fe

    SHA512

    350250a49dd8a65ae25af5e40ba3e9bd2004d153cf8008e8e5b42b17957741d90fcf4a6c51f4da0f33d3c95c85224b2445a11bf7388b3787123e49524c470b98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49407ef998b214a57881c0d47f76bb98

    SHA1

    4fbbd2ccb606df396d1385fddbe7bc161c04cde1

    SHA256

    23d6cd22bf70b755332b2e8b383d7e74a2a0fb6f3ca5b336015472c4de92f25e

    SHA512

    0cbdfac61bbf728828603fc778fe1083accc6078390caae5badfbf411d8a7a917dca7950dd654172d9e1995f9551c825cfee769888e5bc44b47512d2f55282bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9d96b4a7008eee615b13740a6f31d78

    SHA1

    a06c084d4130586a2acf69bdabd8d4abf6599bec

    SHA256

    fec7f117505dc45af98c2ac679f5f6c3ca8dbf03781a5e7ab65fe4d8f578513b

    SHA512

    bfe42b6d4721f7af6981882d5913106fe3421465d9691b4e7c3692a97efdce84a6d9981e7da56ad2438b23ed9fba07b762b95056c9c3be3d2e716b4ce37b26ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9526e8bff430e45c70c257f4bd5b685c

    SHA1

    2425ca8b82b6827e94cfb68aceb256606daf1314

    SHA256

    8e1d63fb445f7a38356cec74cddd9965ed27b48622e2044756e39af7a489b43a

    SHA512

    01dfc1e4e6c032e7dc80dc00c591c490c84bb4bf138968f55fd954c6e97fa9f49ae979b7ddd340c9e518e663e3b63b7ccc56ecbed97236caa89663582ebe919c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61e8416497bb28a4b433b9b76e96c3d8

    SHA1

    2adaa396c1c6d6ea512baeacd371e9473ea1f1df

    SHA256

    995a08577012a49044a1a8a124ea5f26fd02f2d38504dfb9d3d3f33a7674d24a

    SHA512

    5fefe24f9201270241f80688ee7bf153a4d126ba4d523015e33ebb6d957fce63900155afdcf8cdf67d668c3f4c29a8d75f972f5e35d082d927e2df22df00d9a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03fe1ab136c220a7fa87c9aeafa14d03

    SHA1

    e84727c0e3d7328ac0e602ce2e1f09d77e370cfc

    SHA256

    1f3c41d613dc290e953a65579ebc703e733ed2d9d2e10226a0174f9b01670581

    SHA512

    a715e2fc255069a6d4bba97e10716aecd2fdfa737fc91463c2c56612a56c253b3b10be37fd68a59e0f57d0dbfa3837353557def2c01a0972d3c6d03207d1f3c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ef54f68a4c114207f0af8e5d2768af1

    SHA1

    84d66540bc1f3dc65250f3411a37853fa964ee6a

    SHA256

    0080c81b6d94c374b06f7c5c796fa31be293068d08d791a03c17016f8f93b214

    SHA512

    c410e0a2e5c2b94f5393576e30ce543384a7393879646dd9df21eb892d38390ea9ab500aaf6f431a595691f650b3f213812251c80064b0fa3a0b2929eaf4f3dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8813aa621b5a8984255136da72ece64a

    SHA1

    c0cf202345fa3f8d827fa20a01595e645ebb13b4

    SHA256

    8bd3a653f4494602b1397656b548da1da792f524339951e9abf5f1c9660e0615

    SHA512

    647f57a8886323a506dc8d05da0eb925f7334786f06dcce4d2116b6c515730dee88c36a7c754ab009fb06ab7f07ca8cdbace813295648bb2ce0f4623302e70df

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8D2C9691-C84C-11EF-BD4E-7E1302FB0A39}.dat
    Filesize

    5KB

    MD5

    e97117cc2dc594aa5cd796b4b4053dfd

    SHA1

    25f35b17a3eb7e8ff97b0e15fb2f90811450103f

    SHA256

    da167bbe7ad8cf603cd77c6ed7db8f3a12b9a9823ebf74b21457a87eb2dc928f

    SHA512

    7695d2fcf973e227997608c4b98e62a835ae265e8110d1ddd08800d28bfcc1fae2efb2278a6d0ae300a47969dfdbb4e90e8e4a6360a1fd757928c5a9521c8432

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab87E8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar88C5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2312-2-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2312-1-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2312-0-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2312-5-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2312-3-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2312-4-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2312-7-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download