Overview

overview

10

Static

static

5

JaffaCakes...e0.exe

windows7-x64

10

JaffaCakes...e0.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 10:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_64766dc6ed34b6d86fb981a108abeee0.exe

  • Size

    329KB

  • MD5

    64766dc6ed34b6d86fb981a108abeee0

  • SHA1

    6bdaf42b1e58d4e13be89c80657eeaf3575f0bb5

  • SHA256

    588f12cbaced0e6907bb3714192a7a8fa37b6de846957c790b1efebf8337c079

  • SHA512

    34d0aafb83e4e90122677dea79802332df662d0613146703642df3efdf0fd6913346c11970a5e9cf24fd4ae31cb7fdbe8590fc863ed96b95254163e093d911c3

  • SSDEEP

    3072:krSFhxp7xHSc7qzPKb/0at9ayXAVJlz0rpl:lhxFxy8qeb/9zaw+zyp

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_64766dc6ed34b6d86fb981a108abeee0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_64766dc6ed34b6d86fb981a108abeee0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2400
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04a79a84bf344ecf8a9b69dc8984a047

    SHA1

    d83bcd0e03196b8b005712c77125a25784ed9c07

    SHA256

    fe525e301a47a1e74d2de10ef4a3c9a9dbf684e34bbdc94862d8340e3d8e0504

    SHA512

    6f96587c5071244c69cad58847cd281578d0346a7c9ea0b6f5d7419cf40bea3745516faeec567244a9065025a393bad651776124086c81f829f60c27c7de5beb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3795eb462997ed4db2e219f3360e6bbc

    SHA1

    b712232e92f0287e4c166edcd1ad2fa713acc200

    SHA256

    760d070496f754c0aff30d37e20a9178512be76d1977c9b78b5c3a51f6393cf4

    SHA512

    849a65d9e5c53873d05d52ca276fb3b62b76838e720414cf3a9c7338539bb916c25410acddc93157596932d36a8fbe644be89924242286aeaa6926fa2e4f027f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    999eb7dedcafbcaa99524c73fcba3e76

    SHA1

    633d8a561db14266eda2153238feb477469368eb

    SHA256

    ca6e0e0355dfde9311989de0bee12f4b0c5bf05ab61398143dbba00792d15dbc

    SHA512

    d61bc47074f1e4cdb3243193916008f53f10751afadc744c4acc2a96b6eaca4fb001eb608a66fd0d2a4365ca0ff76e3bd421f29f80d06c6f42cf921b0773c7ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e309f48ff90dfb8c665dc632452b47e

    SHA1

    53aea166b8b324439a704f0edbb6be3be2b25c54

    SHA256

    9fc7c6c9741c29ab02275ef7dc4bffb6d2eed3d977f30782559ba8aaeb276d36

    SHA512

    4e522bada863f49f7214335a10da77a8ce8fdcdeececffdd2670dbc9586a1b97af0a40df6b7499a100433f1c222a205d5a13a0c68b7361639c4c7eebc877d63d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8dc6e477d5f6b9241e23c86332ae6d7

    SHA1

    b137975778c92dfa63b6cd9097d2eb114f8629eb

    SHA256

    7fc3c6ea07d82ec20d10b792fba923ba0d7c6135f9736e282fe2187915cbdcec

    SHA512

    bab7082ab59b541dfc3afb37649e315e5a08d3fe33caa9d968306cdb9c8b7d58c3244786fccf1229ab7e8242c464bb567cc1bab5bb4fd54c312155f67abb430b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    526f5e4c925d5299b93c556594087c4b

    SHA1

    dbe5296c040082c73357f4308e1df26899c41f5e

    SHA256

    008f6a306461af3f5f2bc71930018dba0c1abd266d3d5613021ff6a2472e7829

    SHA512

    515508f440e8d470bc2de6f4623102d451857cc684b9fd7078e2177d2ac9d7987fb4df29009263f0e991a71ff7221cf86579c09376db8cfef605f71b29ac0a59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4582c13504bf163a6a5bf60ce0c75b7

    SHA1

    ff51efcf7e6cc850f8184eb9f4cf776f4c200e28

    SHA256

    35f5fb5cc2f8991a4a293db3cd12ad9d663dbfecdd339065f9fa5e6cfd7da2d4

    SHA512

    f3e7bf94650f0db6a806f8422325b2c1d8cbfe11fb8ca3c0c79226f0090aceabe2f615100c89e599b017821c23caa06d6a458bc11bebc614f0a7ca1598ee7f67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fbe152ff1d68cd6d3f37b77b4c3efda

    SHA1

    1e20d987a4772cd720bbd4b28626a21e60b3473d

    SHA256

    e5e053fa0b087c0fc197d3d074ced6c525780b877725ff8eefe1530fa17ab288

    SHA512

    e777e0615c5716f12f46eb062f76264ab3e70457c28ec9eb37be51712338844cd3fdfaeb938fe1f8a5def5204d1b883a928c8a328f8523de1d70b76ecc6cbdde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27b15a5bc87cb13ba0b0db5d68393096

    SHA1

    6fe4343366b7806c8974179583186dba7d63d96c

    SHA256

    c27403a9bffeff3c705d329f52400db97b755d2b7d5fce8d4377d801421ade66

    SHA512

    2caec68c29214704dda95c9259be725625f23b05a3bc48dd8b641d6159337b4c256b6057e76680d77069c991dcaafe587172458f57965ef5f6ee3526b77bb755

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9dc69f55c3c25ffe594e70ef0660cfc3

    SHA1

    12974df3ac9a74263b275c3f1f09c07697ff222a

    SHA256

    45c112e5ef5dbf294e726b0ec535234875ce0ce9a0186fc7cc5e114df6cb00e3

    SHA512

    b0272d7978c8a00dd74a7b763356895413bbd7114499581ff4210ba4b63919e9463fb96a8317f25f7f6a6bc4ce5d2ba8ff0fc6d54001e543943c8251288d0dde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4bd0684ee2a5d779b460a2bdba9cb468

    SHA1

    ec63b8e900e4786d84aa084e57d5db4905b4f2de

    SHA256

    ded3e8d20f082859eba51c8b55477df4f9b2f614c8e18b42805e857ccfa36c87

    SHA512

    5985968a32c9597070332d6e557936e2f9fcb6f3dc7a903fcbb49346e4571f354a0360e6dd4ba76824d9026425822fa11b9cb0b2b9b27e340042d162767d5030

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3cce7d53bbc6feace9f885f07bb8ba33

    SHA1

    23663f10213fa2fbbc2b8959161935b8c7dc8ea2

    SHA256

    2b517e80f3d85929c848b6d310ff8e21d340e7c5d0ed7e2e7a9bb7f7e1467e05

    SHA512

    9d0be9bf94141a3f69a0e80310bfa62279eb88068304ca14f5eb79e39c524775252c5581500d77c6a8cb81b6b5220567d1ad994ff4e6b9abc6a8a03127d44d4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd27dfd0d3713b3f0d0e8744e74fd19f

    SHA1

    fb85039d463008680edc6b6dd8931302fd43380b

    SHA256

    89b311414ae08961e807bf8a23d1c5cf65360175ffec505f15e284859803fd83

    SHA512

    2d483570d49b88233b3c536c2f91e851dbe0d01315eefab00ea669bba4d37088320aeaca6de78aee6ca2749dbb052bd1ed7c19dd79f8566224c70751d98e95bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b09d0ca1f74880319bcc5d2ecf23e84

    SHA1

    ffccb97c853cb9371859f1aaef9edb82c08abe2c

    SHA256

    8770b561c49cdfe6718cc451c6ad1b41388b8a30630d95e8d6c084d0e316ac48

    SHA512

    36b20ecbf75a8ea33ea9b91f985e780008562c2bd204b291ee835f6e716ac10395d9aa96cc78b59c53bb16fe48c73bdb25c037b3c057328671f7e995a6af4c69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a145c817141bda0657d4876e33a0e00

    SHA1

    f10da2322bc062e70c35d57b8f7432effbfc0b6d

    SHA256

    37d9d5ce9fc5cb3b36d4f585b021cb81d9c1a1f149f14873e3f09cb2a85c2d14

    SHA512

    d321e6e156b7b246f2572fff3bba7abe0acf8f60ed5d4be7b50e86fe3a61aaf71bf2ad154bd4dab751d9bccf8b39b86678dfcacd40194b10ab95d2672724ea47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9686ddb2c20cb572b702e79b63a1ba6

    SHA1

    216b5b017d885edc22838d6688842abbfca1bc67

    SHA256

    bdb57fb591ecf8512361ffaef3d52a57792aa0763f400fa23ae77cdb509d7b6d

    SHA512

    bf6a68c249ce2ddb16e18bfc4b1bac658139e55f3da98e6d4eaee05ce377aaf8217622d982b3b9e30f2b78534116c00f88ef4421d0c1f052ea9fb99e0410a62a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b84cb5c9d02db54cd256f2e6dc0a164

    SHA1

    cc57f0fe9ad11b90c838f7c0177684347ccf7684

    SHA256

    d58d691bba3057129bb72d333d72a26ef137e02bec2dc80a5fdd0b4f2568fb5a

    SHA512

    a8ce9eb51c2f99de229a049d224d9823dc1f4de54a0cf35dd7e051ad3944a4f042aeb6f4fca422fb09b586eae358ecb2a2f352a6bf279dac2ff2a047f00e40ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ea375eb0f36c6c628026e015d4c3f71

    SHA1

    9937d4a16f3d0e4174c09d0a0210b85dbc449e09

    SHA256

    029b29a68d6103df7650f498519346036a72990e0fcad08d16ca6de61a04da40

    SHA512

    9ffad70e8ae547c3585fd5c315a24a39cbc790ab8c5854a5141f3cb09b94187e1105c6ed17a2a24f0b4722dc989b735b800bd6a79c254046c162bc49e98c434b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74b4f9592f90bce7a25848e7f92b965e

    SHA1

    ab05b0fba2035dfaf09ccf8f63f90dd49dc7c4e9

    SHA256

    cc1fcbb8cead5280bb06efe0a7a718a4816c93503375ff5a38020d2e8fccf466

    SHA512

    a8239c9cbf2a63fb3a656bc242fc47b98c96401a2b4459199a2238eec65f2cbe1ab1b0eb016309b4c96b8df5f973179e295f69da4bbaa1aa354fd7fd42425ab4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88816178d6010e3bff7bd1464cc8002f

    SHA1

    eb807f166b691ef991bbf57540432664ce4cd4ce

    SHA256

    652ca670e5bdcf78f402a89d0534324046b78f53c3c4fb803d6728c9dbf812b2

    SHA512

    c018fe9550e4a65ce2fb5c8d123031d6e0dd034dda7714b9c06c2bf060a1c0238b4c7a7eae3121853c8366b88f999480dea4eb79e90e8a0fd0d8e25740b20c66

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{873D50E1-C8F5-11EF-8B3C-EA879B6441F2}.dat
    Filesize

    3KB

    MD5

    ccd66fe92f8d2ad31099f0ccc8d75a15

    SHA1

    964c20681ed0c3fb67a2fbb75411cd72b710a4e9

    SHA256

    51a054a7dddf6bf98ff64205baa443b3d6042161d64b469868b390130af3222c

    SHA512

    d5177331d2d09a33440692cb93596d4815d463e3882b2c58b63bf3aed7a7d01178c7b33ea65b5d54e7d36ddc8d341c8d440e76f93b11fd04866d93925d5e8970

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{874382D1-C8F5-11EF-8B3C-EA879B6441F2}.dat
    Filesize

    5KB

    MD5

    71f17d1b281727c4af415bf36af9de5b

    SHA1

    817ea43193723943feb720733c9081b4e509a9cb

    SHA256

    cf2d0efbe42f4d14b9644b3fa17356ad21964ab0545940078e340109c434692f

    SHA512

    346502868c925b4f0ba7b8605d849aa8d3829f1127a3a5c2c20c4f5ab16657ce7845dfdc4102b110f97459fcba00014c489729ba04dbc9d058f14a0fb0a1bc31

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD28E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD36B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2556-5-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2556-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2556-2-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2556-0-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2556-4-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2556-6-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2556-3-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2556-9-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download