Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
01-01-2025 19:47
General
-
Target
JaffaCakes118_60517c9479dd6c52fe47069000a23870.html
-
Size
178KB
-
MD5
60517c9479dd6c52fe47069000a23870
-
SHA1
ea545ecba1315083f13416df541725320ce9ccb6
-
SHA256
1680c17c3a99ebaf90af2a885b39d767bc157c4fa4e91d3fa200579f2e0197ec
-
SHA512
6cbf4e6872e11b9aa0e7a2c7ca5be9a0ccdbb772ac7a30eab4cdfee3a5626fb1d0bdd6fe71e210722a0a70147749bb6769327f0187601d5e1a28b63f268c876c
-
SSDEEP
3072:SQyfkMY+BES09JXAnyrZalI+YzC66QSWKFXbS78:SNsMYod+X3oI+YzC66TWKY8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 25 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_60517c9479dd6c52fe47069000a23870.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD53b28df9a6f73bf39a2df4c692836ab11
SHA10a3ed8fba75d992e904be6d5b574a3a67f9c42d0
SHA256da0b524fb39fea377b31f20859c5e6f74553408812a2cbeb3f0b16bd7cb0518a
SHA5121c6c7c4aa246fe1f6c91fc85cff8690aedd75c18b545d019f2b1f55b6f0a8c0561596b1a3c67853190509915a6960f3fc5d8633857f621303215c9f6b32e98bc
-
Filesize
342B
MD5088fafef4ac053caebe53446fdccd7e3
SHA15de6bdda03b06cad3545e7dca47f8501075c3ae9
SHA256581d85ec0ab98e2ac5ecfba0a151dc9dc1e742788b33cb1709bfdf72ee9db7dd
SHA51290269585c1cd80ecef78bc3228fd280b2551a9a1bc378de4732ab77254e4b306cf15f239d4d9ef5a80dcc0211a974e6cd8fee3c5e2bf5f9cd1760db39edfb5c7
-
Filesize
342B
MD598f8ebabce76c6cacd2ca21eb1e787f5
SHA146b6ac22f80bad428a2b19afbf4a4a2fd0cd4a97
SHA256e503d5ff9194c98e4a7bb453439de16ad608b182e99e67e10eb99f9811a41434
SHA51272496ceed62f114cefdd357b19dfa1b759b8802c874a2b3723f5a63b560ceaaab781b53e29e98167c90323e16d96a6421ffed7ad9705230bd1f15043d3061895
-
Filesize
342B
MD545edd8b8d772906e68fc3f87222bcc08
SHA12e12a5143b74208bfa860c264f9cde1126f932c1
SHA2561edfb96025f927ec6361c834df25df90f916123cfb9ec29bdfcd545c382dff71
SHA512e3ece490aa78cad9ff1423c06be6723b9802d94bd6911bf1b879a76cf2fecfdd493897df09a83c74e889e769e16f04953475ace81c9c66145c0d0f9d1c365716
-
Filesize
342B
MD51191d40c851d7c9c8244974e73d50093
SHA14cad9819fba85b70100861dac0d484d4e4ffe22e
SHA25626f4059230f131729a141f62bc1acd63bec87ff86209492893a8b6fc05daa802
SHA5120a3d8025f7b02103af3ea3f1b1bafa8ffa7eb459533377a3579f56402f240d5f96438cc8751bfe731487936ee5a2a17b156f1de86536f7762bad4c3cc0524269
-
Filesize
342B
MD543426548707cf3be4ecf57565a24b626
SHA176e25d62324c8abef9f0db9a0f2a7b363cb4c2e6
SHA2565ee6274ba1079a9e20fe53537def7772348dcc544b2e5585264382df8fa4142b
SHA512df4ec6cc44fcb95158a56a6c92975020556b4738deac554ad4c8d43fa4ac0a60b416d560e3d4ec4e00c392231437633c5bee25ffadb587aa4f1aa4d4ec559009
-
Filesize
342B
MD5a6cf960c6ae60ac9b589e16620ad483f
SHA14b0ff7c8e196a822108a01896a49264d05edbe19
SHA256804696390b477a595af9f3ec4d0fcba9cfb163c7a196009244b26150c196581c
SHA5121eab48528c1cbadc77a6f4fafda4e9d946cd70f3586d3390434762272fcaeac73c39a4f806d77f8802ec7cc3a04b327f589e29a3322d46d34372598b0cf45e47
-
Filesize
342B
MD5b5eba6c49adb7e08e3cba782f1e2d75e
SHA1c0a192174e9bcf82bbb12477c3239774fd7b1207
SHA256f3d34d52f72408a487686176e6d9f826f63717d47a4923ebc6744b7a29c9b513
SHA51299879280a13d4c06d7d1316cf66e2c5b26a78d30ed66ffac64875fe1b9cfb0164faa3f2ba5ee97e40ca8e46859458c5619ffab79e8ff03432b318b65737634d4
-
Filesize
342B
MD52f4a539f51eea0be7bc15cf3e0c6f3ef
SHA11f3896a0301b9a492edd95edc5b5f003680120a5
SHA256c8dbec4a72622c997dfb528d980934e6a9ebe0cb58eadab6f0d91bd75acd91f7
SHA512f003006e3c11e79997e7bc657f1c617f95d115f2909ba0c2c9c08385b9d17eca2bc1472fe55e5ae624bde2fa3374fee2bf1087b56cb0d019bcad4f58cfcac07e
-
Filesize
342B
MD5a093c3a3aa3d918166e0733ccf3aa3ac
SHA1a23ad9f709c05ac90391abb031c304a9c67df24e
SHA256816f267579555901c4d877c5303be24e6475978577865314881ac9504e18d0d0
SHA512387093d6b35b4d844d573ca1e4292fceb801408cec2784bab647e3b2ddff24c7d5d7d859929c14362a8c9dd21b6980451ed00d09b0de3ea2da5a1b129c563cd0
-
Filesize
342B
MD55ed1963641ac3f8e8a53d850603cede6
SHA161b23b7fb9899f3d48b8731a8b2e43fddfcc6b7f
SHA2562af36ff32c2d3b44043f4854096ceb46e81f2e892c88c92d261074bba65d177b
SHA5128dbb4b08051dbe8792023540e779d108921b3a5d877eda7baa63d71257240fc54032976ae81b52686e59681ad800d7c3ed2923857e60ed463095f073b28ff9f3
-
Filesize
342B
MD5760eb557eb047a79cf3fe4bef45a8a1c
SHA12e41dd4ff9958a59cb1499a7fdf4f6da31434c14
SHA2569560c7b40da1dcf541c12fa2ceb1054f5a52dc3757484386e9dc4005853ae075
SHA512132439ebe6fabc266fb3e5577a8f3b462fa3058d9d28ba9957672ae8854def362060328bfaa8be5209d60bfe7a8ac107121b3137b397ce0c3a98f7c830d6d45d
-
Filesize
342B
MD548ff543b6cbc5fc5392a4fb644ec3194
SHA1a79753f3d007780a4c1bcacc07c1eaf16d2e0fc0
SHA2567a54b3b51d78afcee3180d9eab7ab44d12f4115f68089d58ecda4bd5e3e78cd0
SHA5122f00c46fa58ef0984b7676779e501cc22e981ce7acca3b7874f1a2b176c5b010dd3259ae8877c9fbd2b256e483a99ff5390e166445e4f7adb0d4a40510bc2137
-
Filesize
342B
MD55cb41fb0840e8ae121088da1bc37f722
SHA1c5dff5fc9f93428cf5969d422b42a1a14630db53
SHA2567b283997bd979b00a8027a309db871edc21521b6b59f00a76ea81daac4ed3615
SHA5123c61def2a376c16bd4171aee23b7d5146e9d96fb73de0d74654b8ed9da44c52ce6b2fde6880e9988e1046e9095bef618904465f0eddc543084c62c4628afa153
-
Filesize
342B
MD51b405453a422dc807f8b89e3ee1ce067
SHA1284d241d83451b0dce2ee92a5165cf950dab1679
SHA2565bc2c78ce1ba8c9b60f32b88e3794190469e10e24a804d9c6a87cbf9317f92f0
SHA51209c4c73484986f1211bc7dfee80c81150b584024d5e4dbcd4f588fbd05086f55730c2cab4c32068b9f46784f0193b94159a6370288f909bc4dcaa9ff8cb85fba
-
Filesize
342B
MD542f7355e2074180583a4ed0265067668
SHA14bd5567f25646f02252dcb4f238a26cfb9a8eada
SHA25658db118fb1db2128a38cbfa99cf6042e198d2ead3918236d265a2c99e1f9e6e1
SHA51288a60b79265538cc4779ca988f726dddd6fabce238cbf70d5f380a29fe173e4a88e028d52da6cc24f154e0403d668fdba51eff8e9e3c5c083d85171c05142c55
-
Filesize
342B
MD5784d1b1c786f910af07ecc61f2fa4e1a
SHA17375d089511cb5bad08fd8f5afdc8a8a333db4dc
SHA256eeca327ec56fc29849e6a510f822fcbfc403d0e17842a13add933bfdb3be9b59
SHA51271e01c0ae3a0f3524696d98562091242f4f388638c83d446cd5eb4b77a9a314eeb19f72259069c0ceeafd847c27de0daf78e21a50e9b77434897d69a519460ed
-
Filesize
342B
MD5df9a5a82fb1e7894683ea49252660d57
SHA191bf07980dc12d13cae79cfddef40d4ccd97ef4d
SHA2560d72c91cd1d707922bbf566d0285d67cb48333aa83a4847a2749c5787c56190f
SHA512c4435ac0a235a59c60ae4f2cadf41ae16dac7a780219b32774d38160c3d738f3d884d76e4eae0afc06dcedaef194ad60fc7ffdb0f1d5f1d44518da17b1069c3d
-
Filesize
342B
MD5f7bb48ed4beda85d41beab0f7f049eb4
SHA1ec13cbae3f4231566959d8f9349dbf495ab982c1
SHA256cc66156f3fe6ffb185e5c89888b756902b0e7593ff4fd8d7a0feb089124ff020
SHA512b619168e4fde9d47ead2fd7e346345ffbf130d4c937e16445781f827a32c86842cf716da3718d82b2c5a2b9fd853f9b20e4aa79f4e8a755072046545a1410987
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
84KB
MD5ed611af3731b4194f0f7c1f7594aabb4
SHA17e131a2cf5272f77e463f7fecd3c76dfa3f55f3b
SHA256745535345af17a613969beb1c4b579ad631c6b28a2d288dc4eac4fdaf999899e
SHA512ed190772fb60c561316a762ecfd39d79d91629c1d6b388ab1376566668fcc8117431af0458b7cbff5a31bedf4739ca1cd9cf4a1d2c02d448e707010ce4f5926c
-
Filesize
216KB
-
Filesize
216KB
-
Filesize
60KB
-
Filesize
4KB
-
Filesize
4KB