Overview

overview

10

Static

static

3

JaffaCakes...23.exe

windows7-x64

10

JaffaCakes...23.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 02:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_6225869797a75bc27c83a75fd47c4923.exe

  • Size

    10.9MB

  • MD5

    6225869797a75bc27c83a75fd47c4923

  • SHA1

    387fa41e3b7ac43cd403cbff1695ae95d305a694

  • SHA256

    e2d4261f838190fca21f21d3c5299c632912e0673371c6cd8c893a9e59cc315a

  • SHA512

    5b049c881f97c4188389f0e6190160dab219cc2a4dd0c4372ab4503f7c4f667224ba49f0d7faab350a222e5948ed8c49e83cde35a40be082377861a79d9353ca

  • SSDEEP

    196608:SkWnE2xV9W5QIUSE+qRs/Far1ePlkzSEp1Ji16nZWKf7E7AgwTlqgYhLkN8ZKNGg:SkWnpxV9W5QIUSEdRsdar1ePlkTDi1Uv

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6225869797a75bc27c83a75fd47c4923.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6225869797a75bc27c83a75fd47c4923.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6225869797a75bc27c83a75fd47c4923mgr.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6225869797a75bc27c83a75fd47c4923mgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2876
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2536
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2664
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ee41a04bd75d1959bdbbea64e0c8863

    SHA1

    2536d2121afc150ebf8749f5e5781590c0a91abb

    SHA256

    5b7e7eb0889421fe97fb7aebaccba66fb25699ec104cdb7b800fb0cd5440e794

    SHA512

    0b9799e945e2d57804f62b60bdac5182f96cdfa84d973fe76c9b24b756f20ecfdfce5c05b5ca06d9e1df19c79505b9a39b544688758702595ae3eb5a9d8d0795

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e48318ef98df5a64bb8698034aab305e

    SHA1

    7cce15a4691dbfc7d8980d7e2dd3e36db36ae0ba

    SHA256

    032d7c5b14d4c6983df41ccb973c959dcb610f5bff4f84bdb0c5b8c9c185069c

    SHA512

    2c7cba526a525497ac8d3b8b8e94d60c3af2a7de94977498f02316336065e1fb31e49b3a4fe188c0382975a09d4c1ed67462c81e5897abbdd6382c193769c6ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7545adfe9cacd1b2330fc590273c518

    SHA1

    7af6856bbce7adabe7106280e5704a0b8ff3d1fa

    SHA256

    13499cb3dbf212cf6b138fca750e3453f817bca53869c444af6d1e55a8393677

    SHA512

    3736ceb48a2ab400e5545b72f7914c20848857b570c071c4507b588bb4aea2f8f1a008c99a97a9d786942a34bdd7985d2839b40e0de0366c7b162c687b781105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cb94a7f3ea6d712b9b31fac3a47ddf8

    SHA1

    0b364e01447be7c4d65a78a31079de2bb0899a04

    SHA256

    e93a830389b34c764552b55d11981a27cbc47b49e45086bb2383f631cd0e6363

    SHA512

    cf29dedf2a4fca9bc56d341f34aa28cdfa6362308e2c0c6223f3aee560244f22751d58433bbe0947478752d2662136fb08634a1d5de0fc3e89e6b3410250580f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00b5037655fdd3140b72c092bd6990ca

    SHA1

    540bb945f6c0a917d004c9c81eaa4663d4e986c4

    SHA256

    1dbaf0ec6942dd2dae2801a0f7511cc98d982f27985e4341037b3ecf6619f5f6

    SHA512

    b2240969070b3a1662ae58eaa2539585080bcdc7e00c3b17c3af3bd24d8467cdee374f7d23016a366cbf7e12dd55373ba12674a8cb302ad6acb84e3e7d3636ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3640c8ce107216474168ce0e5cd97ecc

    SHA1

    dbe6892a7db12f04f99e5887ad20e67671b93dc8

    SHA256

    21c342d7fb22120653679240fc9114864626eeb4d24bb9f2f960bab2780ad238

    SHA512

    6b37258d4a91a635741c266767c37fb244115ace619a65c2ed3889a42ef2b8975be45f1130dd37e6f22ef4a675e2535c4b7278dd76b08e3674bd2b2e715eae63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d04fdd66b847870bd08b57cf61ab26a

    SHA1

    6e2aa682140a3953687cb78af916a56d14f2885a

    SHA256

    310170bf86460f8ed939b8091ef2588c4744b201f09f146349c4d62e49c6973b

    SHA512

    cc1bb58b72b612578a005b8e95f9233916150b79d17deb3179909246d0854e772b12baa2911b5939daf04b6c75d0ea39df65f4846afa196a3b515014fe942835

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f13fbf03bf9886dfbe3f843a4f7ee1cc

    SHA1

    d6761e7f5d3becabfb41d03bf77e5c5c2ab9e41a

    SHA256

    3dafce52e7f26ef90f7550a4fd9c76c72f8fd061da82519569f1dfd9e78e54ae

    SHA512

    1017b2f173a3400480adc6ce6037283bb23784c7c45d587e93e55da5cfade94c24ed924bbd4ec4d29a5466416e8c371c379f1b68e420f2823f87e99acf23a850

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    adefab1c92922c1b8fca9710eab8d8d1

    SHA1

    270f6c9a32ff0e8468048cfa58c8d76f2d8836cf

    SHA256

    df4be3acde271bef35cc3ae7c024c38f35c593aca9411659afe7262c1d791fb7

    SHA512

    cb2d8bc5edc3c179570d22acbf2a68020ec239d62078c9e432527bb15ce637b9b4ec93320a95df2bb0c6a14ebf1c5dc77fdb8a1bb7d134780aa5e7aae3229b4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a575d153b594c0f13c39b4df36d83b2

    SHA1

    beb4e697e33d55c47e23ca1541abf32bd7927ab0

    SHA256

    048727a4a48f4d3e1371b9928b67772d750222a992dc7e74902d1d29df374c62

    SHA512

    4b849ab32a18ce81a1ae61956a04b8f9c9c114bef848cc9b4fc2ed1cda2e5231fd1b8395b8d95699775744ac0f543312ad8aa4903db85be2e239366670764c7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d78226fa8170e226377c94770f889783

    SHA1

    d1a07e15906a75cccae4845d031c1239eb7963aa

    SHA256

    2c7f263c026893277e238d754bcc5f8bf016fec65b49c0342e52485c7aae026e

    SHA512

    e532503b18a6ca6af00288f611736c48f7f8a9f30adb8f9a7140b1e91130fbc44822e3efe1b7156ed197c50b00bf552e658f4ed9ebee0b2807022cb6136d3007

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c762d3b38d7ceecd4eed829b6366bbf7

    SHA1

    02d93e11d623d9481c0999f2930776f7e7f03be2

    SHA256

    0a97213148a479122d05e52c53cce9c49c4390e7aa6558daa5c19835e38b45b7

    SHA512

    80e6a2d315d9bf56778259597a6f9eaad766eac99acc8ba57c5d3e1f44227ddfb4ef768f6e125996bfce390a3bffa8f79c2289cbc67acfe0c6d349fc253050e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3b97505bbddeac2fcc26e16936f4f98

    SHA1

    f43967552d1920b9407785fb29d58f32f1df6f32

    SHA256

    28181129beb87158fb8af89f63f166aca56382f1cf36bfb099e98bd2a06791b4

    SHA512

    0ae20060d2ac991142b1ae86090c9c6be3adff3d3e9a5bdd32a100619264a61b012ed7bd3b102b1aa3d824c52f9a39263a7cd10ae639c30affe1852ca36a48e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fb84846831b5f610519d0e4b4855ecb

    SHA1

    31bd85a6837840878caa8fda67a6fca32188ed7b

    SHA256

    7c3ff18cdbee9d93b5e6fd83dfec9298b0b160bb7822d822cd89a2aff96c03d5

    SHA512

    3859d6bd46151897d2c154d1d8af7b45d64d4b1b02729d7bd756e341cd4fd1cb55313531d63e59fd6801f767a256578fa1e1a789dbcce4dc5ba833436affb001

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1344848d41d2e03063c8c9c75549b53d

    SHA1

    839368e8578c33a25eff5970d0eb02c7363f286e

    SHA256

    6b28e7c34292442918c036920671600dd20afe20cf979a301b058a2df487de3e

    SHA512

    f06651d3867866847a6a863aa78b5f45cf9d6233a5d69e9a7a674e28bea8f9ee02cc8c03888210a423ef07a76a690f95048abe959b47ddf57f29a2ab85843f36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b12ed4d25976e0a80db27b382dfd688a

    SHA1

    44f9710185cc154b3f3825a852f4d2b5eff1adb8

    SHA256

    1cd899890f004943aa0ea0d2c2eb93e15543c2571bb46c98fa80210080b357c2

    SHA512

    fc339fe4e197a4179fd358abbc966f8a4d6805aea03727aaf0dbbf24fa7b412014446298a9a539b89e6ffeb6953337103d2876e6483099c9c6a71860fe350e7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c198522cc1a388f13417ad91f5157ec6

    SHA1

    a31fee72e6a70aed9d0e7e302d91d45c75d33974

    SHA256

    a18b5c2e2274e198ba5a2ab43ea33737a4b7b240adb5ccb2ec7cf7eb01138721

    SHA512

    02330f5af1260257347e2fc27fb483055a4a8a0af730584f2cad0be36cde0d663341c3e407cc5fe811332eaa385df446f182c73b690af818e89f8e8ac9daebe4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c516f31cf5b929939245475ae7a0863

    SHA1

    41ed3f18e7ce09c912420aabf77e11efbbd7b946

    SHA256

    6366be8117cf8d78cd09145a9e9f979bef6b7010c4948f741e8c2eaefadb8409

    SHA512

    4eef4c118df3705849a554da0b31867ce94b209b181c1cb453b7b6b6a5e8464a02dadc474ab8676f5e1161c4877d68f2e2b9641e915693ea613c09d1fbee2d2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    348040e58e8713f35444f041952ab7e7

    SHA1

    fd5b7d2893debae9b1f60c3d0e3f3847fa9eed9b

    SHA256

    4fcaa8c332440076764df9b4c99c1d6f2b8a9fef40b0bbe41b723803b8eac26f

    SHA512

    99894b854c1e37209400f9b6b3234e06c08bf1eeb45af64506b030b6f410f29f92fa58b8010bd8225533399a1465add48d4c56d4671a0e4b3b78467fecc64803

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    571eb573190445a12b14474c5320accb

    SHA1

    f6527babad7619ac88c2d0519c4853cede75f318

    SHA256

    f6ce7ae34bd6a97e13f75c12c7beeb25ea8ef3a1fa419637485df45ee14f0b44

    SHA512

    5eeb0e8f71165b38c187b0eb41e4408530f5a73e80796b4e79237967c950cd21a2daeebcdf99d4787c83d10a68f2b6e33c84732b861dfe814fcf201c54692932

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F389821-C8B2-11EF-97FC-EA7747D117E6}.dat
    Filesize

    5KB

    MD5

    f94c964c5a7df672d47471f781dc307a

    SHA1

    93a3b87d62504fc517bc5c2a3923f87c13932b20

    SHA256

    4db1a818b0a25c68b1df5d34c2716106b067b33b962b4b23baf487f7489ee058

    SHA512

    b5a55d87efc0623badb2fe0ae76959629962e40be8b6a6c53efc5c1ad10cbc6389194a3afaa26fa29cbc4bc0d25e51e3cd09c60ac0c1b3ad3112a20d90fd43ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F3AF981-C8B2-11EF-97FC-EA7747D117E6}.dat
    Filesize

    4KB

    MD5

    9c4c09fdff6df034364430b632da8063

    SHA1

    34ce2a18dec148e695b80ed8b399880720a7ce24

    SHA256

    218cbcec08618fd2d94249704f3a974473a59764176f9eb76ef0942c852710a3

    SHA512

    bbb3c127da4884a8a2e986dbfbae46ed253366574bbd565bbf24b162344501d42a4f6ef08a0f5b17881066e131588638a4b7c1344c4d10fe3d26e0b02963a3bc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab235.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar296.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\JaffaCakes118_6225869797a75bc27c83a75fd47c4923mgr.exe
    Filesize

    173KB

    MD5

    77c5d1f7d9596e57a88f4dbcf3fef526

    SHA1

    fb265bb6a2cc331edb70b90d36d42ec6e61544ab

    SHA256

    d09416051d3a9cb33fa22cea2347fab648bfb262d58a5f26bde7da61a7fefae0

    SHA512

    4d24d309469c834d663f62ae31b52ccd1ca2d0dc73d07d0e4bb19d78fe955ae040554062a972d17106e1a6da738002ceb87a5ccb65517374ba2cca966bb87d3c

    Download Submit

  • memory/2084-445-0x0000000000FA0000-0x0000000001B31000-memory.dmp

    Filesize

    11.6MB

    Download

  • memory/2084-8-0x0000000000FA0000-0x0000000001B31000-memory.dmp

    Filesize

    11.6MB

    Download

  • memory/2084-11-0x0000000000250000-0x00000000002B7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2776-9-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2776-10-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2776-13-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2776-12-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2776-16-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download