Overview

overview

10

Static

static

3

JaffaCakes...70.dll

windows7-x64

10

JaffaCakes...70.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_621b397173f97eee1cb9fb4a95871270.dll

  • Size

    91KB

  • MD5

    621b397173f97eee1cb9fb4a95871270

  • SHA1

    f5a3cb20ad5e3716342eeeb959182c09200ff948

  • SHA256

    b3f03ea75b077ceb00900446565ebd141a96dc7cc3e67735fd81631d9876b83b

  • SHA512

    fb2d1d6a2d8d55464a8c0a1d2c09fc6f720bac075c07a0090eafe49c98040b1cd6a3aaf935071840b52d9b0d53aeaa82b69ea286fd800b92cedf805db816f675

  • SSDEEP

    1536:0PdRzeNwp25MY8nC83+LJmEDTeVUwpibblwzmfSHYdvoZe0X+1Qexk7OM2soPzai:0P3EneC83AJm0Tt+uwzmaHow/X8nM2sU

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_621b397173f97eee1cb9fb4a95871270.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_621b397173f97eee1cb9fb4a95871270.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2488
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2876
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2988
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1660
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        3⤵
        • Program crash
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    450f35bc7c30338f5c24c810820afea8

    SHA1

    cab62dac154750a3a31b6e86e68ce26f827db519

    SHA256

    26be85449f037b40a9dcbebf505f8130e5edf9bac51856f08ebf7df8aa2a6030

    SHA512

    c9bd0798c560662fd5fb006784a278f00bca1f12525303194f8b98437562387ec34c99590c5ff19542ce3b9b0a2184599404322a6117230a85ef462dfa8abf3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d5c06fcf478f29b0848003c1ab9fab8

    SHA1

    40f23e82e1e7af32a780f3d5c7ad8ba2ed5691b1

    SHA256

    4417f36533236b2dfe24d091e9a7f575c908dc6fafcabd0c16d52290628a6960

    SHA512

    1a30f7b459d6a2caa61f042e999e5726f08482ef3ce4fbead5d4ad87fc7e439c4fbd80c077ee6d139cfa098d0b87c4bbc350be68ed045d06c98f88c0fdfaf567

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da317b335869afae74501b1f51ff9143

    SHA1

    aee7a0248f5665200f0b1953adffed8d02c07a77

    SHA256

    1792981488394b8ec4131f8adf1598eb4c1ffcbfe9316479d4300f5fe39c14ac

    SHA512

    aa5ab74fffb1aed76fbe6e717c45dbba928714132fdbc3ac0d2c7865ea79c5ebc1bc14299fb9e2d36743d8360803cc7ef7ff2f7dcf15196db1cd737279c3ed04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9503e8e122b4170ce8d464f2cbe69930

    SHA1

    707069c7abd79f0570482cca5f23ed0643d2744e

    SHA256

    4e1c2066c239939260ff608dd91cb9497f9a0615fd34e79219f8e05a5cd6dcbf

    SHA512

    9db02412610eff708f27086eb8bf94cf010bdcdd723021386bacb4becdf2c9b221dc58cae61018d3cd12f67dfa08fd1a8697a6b304b21f8cd8accda3bc63a940

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1d0f059c069fb834697b9dd9cf8df83

    SHA1

    ff2097d11bd54b34953ad6a04154fd3fa0dea2f8

    SHA256

    7e5ff7c7aff2642f92dafad85b20861493403faf47ceaa23e7fc6e4b45a39e91

    SHA512

    8048177735bcb09cfb272742c5be43cba5682078714df6bbe737c02f75e889d71eec1aa08b075e102d48d043bc6512049b845b2e5c4f6bc97acfc18a8971f56c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2cba547750d39e45fcc0a26bb7cd5cd

    SHA1

    4eba4c0777535144d4f608d8493889f853c63517

    SHA256

    c63a5c45341e29f59d04a36fdd1916a51d3957ca91e340141d2af16926e259d6

    SHA512

    62789538d1af692bb6eefe26067fd3ee73acd53810c605c20641666976699b815b1dc00f0399393c3916c795ec05d9b59ec217e01b8d3058757fc7ace33ae098

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecd2953d39affb71940911f9dda7a4b6

    SHA1

    fba1c78de8b585db2fce30eb0b953bedf981113f

    SHA256

    37931e342338b0e134b59e2655679589ecf6bcc61ab5bbb52a6db697280cc231

    SHA512

    8cc597db0874d27b17feea73b34dda73f2a823c7ac0c3566bbd6fa8164dca2b531d42e25fb47fcd1133391fa8c0738151ecb7c4233b56472516bce2a6d8f538e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c72fa0d2fab812ee019a4aaf38038b89

    SHA1

    9afc9f893e9ddaca065a884c27d7749f1d404f5c

    SHA256

    67d7538e6a6ee928fa781a0218c32d04d52ffc0819743c4f3ffdd3971c15c348

    SHA512

    1c1a4f32e106a2459aba9365c146cecaf38ce0c1d8512a9193567f3a2b443d49a55881c3b14e4e37da8cf743c045d2d28252acd08715262784eef9079c5c8b20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6cba0f57622f926c2c07b79a801dba1

    SHA1

    3c3b61565e41b060f897d386e1c5103152650405

    SHA256

    6a92e7d808904bb3eb757e5b85ffe068d3383a20568c8eb002a097652bf5f5ea

    SHA512

    e72154a7b362e9d010829c6e69fcf58b4c1ce24927fcedb669a0ca5a3c617159936cf6c9948599c081636f7f2efb20d6992ae5ac29c15d922f2234b6e1e4127c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41ad6cdff1643d0412cf4f09bdf1f98b

    SHA1

    a2f71429e89c3874db45541aacfecaba01a23c4c

    SHA256

    617495ef678d8f95e47b2431915346a05495722e01b4c0c55831adc4f448808f

    SHA512

    0e00458816a285dd6708bcf866f7459334aab315dee776a2ff4a9e87939708977e8a8969e376acf7c041e1c17a257e4d075fb127226b7796bd60795f3a52b4da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6396efce30cadbbd08b55a1c5ea42323

    SHA1

    65d7ee6bc75cea1d68c7ff4721b7aececdc5c36b

    SHA256

    595ff9804d8594c6496216c0270542175b53526ad1778331917a396a7b09b88c

    SHA512

    6f9a9db5651e735284c6d525192f5853b9c51b1a4a190a6ed1c44423cc436314a351fae17f091678fc1d178a032146321b0d4f5e6d3ad6c2d50bef22bac1a352

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    226f8e9b66152b05187422ba12a8f1ec

    SHA1

    e5ed0c06018e84e8a43ea9a2cf42995cb1e8125c

    SHA256

    c0a12135f0e7f51cb41cacd977782718115944da1ffacbc8789c26b337dd010e

    SHA512

    04b7c49c796a0ea2c12e62787edbe42573207d7cd5b3fa714a34b96624897f1018351ae169eef7c48d1d72eea66bad39b6e861cd0e732968e3978812c36f4f53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad95795b773f3d543f4731ca40b88630

    SHA1

    ba1af5bfd22b260a18fcc453ca33beb9fb7c8c27

    SHA256

    4c464355177b4a7419120a57df5d4deccbf5d6a04085ada9e6450ea5d0a50154

    SHA512

    63394d5fc8200e67774c5ce7743c7bd2fc1d474d3dcd13b0b3e282de1229cd36c004fe4b2dcae0b4ce501b175dc7c132ef767a479805d5be8d2aa003d84c5cec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18737de800f154ab16be922057f97a50

    SHA1

    95659190d8927a37758fef02edfdd182824a16d4

    SHA256

    3ca64bdb73c198386ce3f6e06e2dc6d3bdb680e2cc7c33c41b79947ac9ae885a

    SHA512

    c9f70e0f6c52bf8534a3d4a0c4a30d417d3f4ed32851e2cb5940a6fd5d0a7cf98a0ec504f5bd4890b9b00320f47cdcdb61f89ad9f71735dbbaa805c301ce743b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87d7d1c8564c70e007ba22993eeae48c

    SHA1

    a3e396bcaa22d14d22b6609f691ca88fcf7df40a

    SHA256

    b25c37c1a5f18045c9a74da36af6da0de4181bdb926017aac423fc4aab99da5b

    SHA512

    83c33109a52ac4d12961db0240de6a386d1b2ee1173cd7b4187fad8a270d0c6ea2e5b9b03428516f5b09dd5da8207090448e35f6284107d0377d1527cc1badc0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7AFB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7BDA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2488-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2488-8-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2488-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2816-22-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2816-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2816-5-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2816-0-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2876-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2876-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2876-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2876-25-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2876-21-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download