Overview

overview

10

Static

static

3

JaffaCakes...f0.dll

windows7-x64

10

JaffaCakes...f0.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_638c8d56be149f65514cbc3aa88706f0.dll

  • Size

    256KB

  • MD5

    638c8d56be149f65514cbc3aa88706f0

  • SHA1

    1402274978db717d48dce7c57f1b2d1c54f058b4

  • SHA256

    7f2a814bec6ea582d988824fa4eac80fd42ded6c13875a05e77c4799b861ba2d

  • SHA512

    1eabc234f6907fa8db9fb335c5b478a4ffb96fb73c600c0a4243cadff319acd26d1df9267b31bb670ccc8493d11c548e2321cd357cf8a7c930c0fbc1546af06d

  • SSDEEP

    3072:UdcQ2ZNMSQvbajUTUItjT68+xS3l7AyAADvgr1XvPw1ZtyIV+KPLxZ3N363g3Vj4:WATSOjUQK93luADIr1AMbKjxBULP

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_638c8d56be149f65514cbc3aa88706f0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_638c8d56be149f65514cbc3aa88706f0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1628
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:352
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1100
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2872
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2720
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02c01471327100465a75266871195714

    SHA1

    3c0dde6539d4aacd13bb78ebb390ff85f638bf3d

    SHA256

    9e193326eeb0129c876b0aafbd1ca596ac1922080b1c637d6e7f2bdd4625902b

    SHA512

    154faf244dd20f0ef83abd50f2828641208c19556aaa7070dd19c006c43be6a813d4ed35f6e4f7b1c9bbe1a4259b180b3f2c40fb0422253d1f795e050869c9d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    158e60435ad791c31d9088ab82a14ab7

    SHA1

    b497858db028423f05ee2426b292a7a469a7d6f8

    SHA256

    2968ec91bfeaf270ab469935372ac4682b31d24751b3162a009c8d1353ec8d78

    SHA512

    a24cfbd9229b101e0ad3ec3ca7ed462b83a610d1d98d7536782401f06c3b5f08a961fadb31862d23a1c8af1782484d6ae44a5c959bc0c67695ad7793100fbbfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13b268c9685c7679bbb6e3a8fdd0715e

    SHA1

    375bf5161484fbfecf3cda78a1d98ef680cf4296

    SHA256

    0f42df7711a6a1954f8d582e5eebaa8d0302064b82eb4c6703b34e8f38b3c39a

    SHA512

    548ceae7ec048f0f6cf2766e6d4686e9f809d7a9d54268a6bd46e06a01a98531a663270153fdf16711c682b9b88b5c8c5c5216c3af13fb4d5ed2852718e5950d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    297a5fa58d900b0405169766a7e54011

    SHA1

    abc6c397c49421f8eef39a2b5645d41626632deb

    SHA256

    8115b5c3b201b8d47f95b8742d0e8a4dd8877b6d23fb9efa1ee3046725182b75

    SHA512

    6f9efb61f4fbc2d8574658bab1a24bed2f6025b29d01f5ddb17490c2b139b9ebd4c53089b79b77303cba664d66bad31732f24a715023c89ff3bb4364c62f4a9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9fa43cdf8a047da620a75285076b15d

    SHA1

    bdc0654f9454c0e2300649399ddb53d2bc0cdeb8

    SHA256

    15980d89e251bfeea6dcc642737899124ccf1c4008da874bf34c07d7b0683372

    SHA512

    f2b67123475f2738af5e281104959257552aac58ff678a39fad8397c5043c5798ebfe0dca081f8a1511827ddbc4d465d9c7357ec83e26022033529fe6dc5137f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2619daba5896e2a41d8d9a4ed92fe4f4

    SHA1

    2f4a385d9d4721ff5769b668c687022fd7ffc903

    SHA256

    0e279ed826c26477379b74c9a84123e485ce073be4a5156ba9a21a22a48daf0f

    SHA512

    64ed2a54249a5fccb40215e5b8da8769a0ec4f2f63f7827e94a088cb566bc404a11340ba017bf03e4b252be6f02e17a16093dec66729bec8971844e8044f20e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a7b31330df1c207f868fe222c672aa7

    SHA1

    1793649204237d3ad56d115f37533b0bff03cee2

    SHA256

    74e36b4a76459402ed6fd47588b4e40920b2bb1ae038b98a1f5c12336148659a

    SHA512

    0ae18abffe3537196383d087a14f482135dc2867c25bbd2cb299c6b465c5ae3ef68c21480c6ea720266318815b9a309599a0a0002c90726451a3aadab296d129

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efc115b6629260708f12e1e506b5ba3f

    SHA1

    f58121cbb05a8341ec875d402ef22aec8f40552f

    SHA256

    9c9d75dc34f89617a8b5d1aa51ead057c66f324da6aba6923de6eac4e45dd7ad

    SHA512

    794f19a3b15782b612b39a4c09f1df3648081192c3338103d7ca7aa9966c51fdae9cda4367e44bd60963a299ff03ba2ee95c2686088d0f4faee79c0560f220cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20385509c4bedf08089449fb906d459a

    SHA1

    008aea659adba088c96ed293cdfa13b0569d5eae

    SHA256

    62670cfcac64df57fb5031284d8dd0f0321512a4f32c8e1ed369430d7f709824

    SHA512

    fbffbec5e96f11c6ce8ffbad87511e3558e4034814a4f3ba15e75d31961454b314d433b9703e9e400a2951335bd7029d014d486a31d10e32fe169a509907c91b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6e4504f3f96f24b4829c4a3949d5216

    SHA1

    dd929c3578cac2c30fd79a49896b6728164d91ea

    SHA256

    906934225f47d4db1194e2f2863b0b9108e7e24bc565742b44546a8d9901dce0

    SHA512

    24afd7f8245fd15e3d2ed794fac4b27a91959c792b7b23b4ce9792c4b6d3a7e8e8fe56b0742ff1bd8c095dca7db1885cf3221b5f51228b0653b98c86c934644e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27f091952b8cbdd402a31da58ab39806

    SHA1

    abb5e5f89fed00b877deddca9666a173691f8ffa

    SHA256

    273ab83a5f6f0ea95b86e2758bfcc599325ed9da87685673354eee69dd59d11c

    SHA512

    100ee1d84f6ef5c6f8de301ef5e7b66431d00faf2b7d2645200099e777bfeb21ce505f1ff2265c442df8c0afe2660e3c384aab9be2f9bb66f85831de98239ab0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80e6c3bff2be0ef7216e0923a13ebdf3

    SHA1

    0ff99bb8636a39466eb210a87b65858522f3c25e

    SHA256

    6dca17b8b303664c84a279cff29a6129ae08475b523e01e370661052cc7e5a83

    SHA512

    36f1d6011a100041c682f47eb8dfe9da10468b1f834d6b74b539e1699ab805670cd0cbcd57c1175ccfaa529fda1e764a0e780690743967bd2f89b7d963a35396

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1899e91c159ca65f56276c4063c2d284

    SHA1

    babdc855ff581d6340b2c503fa6ee08d3de2e6e7

    SHA256

    22e3a8ecb7c5b4c4b470d3932543ad790d1d4a4bc8af917287bb9f18f299222b

    SHA512

    6c83c6e9081bc1f531dc4995d7a0a5d9e9054b97e5bcfd7d29b2d9de96eb6e78a72390863382dd4584fda7c48f254978fb96600db015aa2f129624b53ae7c47b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ded46e74d254bf79464da347a10005de

    SHA1

    de2c5b603b0fef9759f81e7bf990e9d2606d5141

    SHA256

    2447c9efdd2337b1e70456b6be5b9bd8fe6d45d3e152a93f5baa1d0e3ee4f0ec

    SHA512

    aeb7913f49eab7a22992b0e40bb90a4e0395b47e7862be4ffe40475510e484c92f7e47b97036ec88bad8599e196882a35da17fa3f2979e31aeb7ad79c6f715c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aae8fcf6df2672860b05d0469f093c28

    SHA1

    cbd95315df580c42f7d05e8efe07c074a5facb6a

    SHA256

    30f0efc614990367d2fbeb238dacbf200d159a959fa6f07ad4b86b888b37b377

    SHA512

    c872cb77bd4adc4a4f3d3594607490e4fee8c5d9f06946952eadaa1dce15e92457ee68ce0448c122590b4d73b695755f065a2a628007e1a033e5b4f924646e26

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f8c832416549ea6d4b72e27de8ac461

    SHA1

    b420a6afd147183b7234116fe23f2a008771a112

    SHA256

    cb7b652de0731709206ae4cf00176e6be15a153b9d1e061d0b3bba8d5eaf10c9

    SHA512

    5278f0e6cee59d46cd3e9973e24fee53cbc46414092d9f35debdd8006f83feb9767d7609661e2f7bff0d9169a55de6b8f78098b7106773481639dcc6da5c4fec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04784f1691c3f9b7aba695549c7a27cb

    SHA1

    c66f0eeb53eec7c3c2cdc708d638bd1e46e207d2

    SHA256

    542acc7cac0be0f569ac2034888b7f477d363bf28a1bf3b3c3addaabd230f3ec

    SHA512

    79524e83b4eca3d833a6f6fd89f7ced94108e7a3ef22819812b9b85e3120d12b80037c7622f78043b61c1548225e9221ae07384f6e8fb7bc6494b49296eaab48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4eaa70f2b456c8de0d08b3dd0cf727e5

    SHA1

    6013ce50e43142a651d2d56215294970420f81a6

    SHA256

    3946d799f5e4d3f2201d3efe27a7eb88788fe3554af1c610e3dc4a8126cb1368

    SHA512

    2be7c345a3cdd2a0d2a07523ee31a716337515770dc08213afaed190207e4cffccbe17043e8391cd445f4a66e6f984df905b78845cfc219b5f069f8f4bf71ce4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4077bb6c3c3660347fe4c832e63ecea

    SHA1

    50bac236b17aabec9f7f17dbdf6d1c8c893fbcea

    SHA256

    4b2d6e769b87bf3cb729fc85df904ad0f1703bd3202801fa3424bbf719a77206

    SHA512

    683c388573a09aa75c146f6be753f89b436eb6c76f0ebb7702c753a63448da30c464a9e7e27e846459c54a8c619cc43457a7cc02ef6bfbd59d254826d6e75ddb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C4C00B1-C8DC-11EF-9630-523A95B0E536}.dat
    Filesize

    4KB

    MD5

    ba9fb345030bd3226d16c17c3e469103

    SHA1

    afc49ed782c8ceadc85e6d6b031c06688cdef046

    SHA256

    3607ca1d205b5adade16436115f4bf80a1b50f9085d3a1c6460808296bb2aab4

    SHA512

    849f8f8126d071b95b88980d5ab9f3edeacae7c28935bdccaf5d7b9e3d558cc87cc44b6fc849bec9750186b847553bac6b590d55b77765450d3aca820cd338bc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C4C27C1-C8DC-11EF-9630-523A95B0E536}.dat
    Filesize

    5KB

    MD5

    60540d2242a22305179e438541e35083

    SHA1

    d35c3d7ae5f576dba9216b970d133c3705413204

    SHA256

    b9f075deff45788a66b42b9edbbe0528c844879c5a9f1e1e36a2058199941bc0

    SHA512

    acef8bc17bc77451be774ca27fa0f10f6f6a3ca7d8f9212eb0cf03648f73fe9c0a3f5b573fe53c50a037d70b7b0f2d2478a8aa9bb26db9cf757910690a70fb50

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA132.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA1B2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    27761550031391c56a3a59d3cb7229a5

    SHA1

    643e456a5fb02a820e79e33fc66e8496f15e5955

    SHA256

    b6b449ecd550692a3d8d5424e00885155e898d5cbbde98543a5b7b877073daab

    SHA512

    2aa9607f71e4cb99ab4ccabe33a5f192117b733306cd8d1f4f3054077572e522bc71e1eae679877b5554d0bc3c1281fd5bcf822a2da5da291e6630f65470d0d6

    Download Submit

  • memory/352-14-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/352-15-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/352-11-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/352-12-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/352-18-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/352-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1628-10-0x0000000000190000-0x00000000001E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1628-2-0x0000000010000000-0x0000000010042000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1628-0-0x0000000010000000-0x0000000010042000-memory.dmp

    Filesize

    264KB

    Download