Overview

overview

10

Static

static

3

JaffaCakes...b0.dll

windows7-x64

10

JaffaCakes...b0.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 19:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_67a16d6e5e4677ef98e9aa8200f0d5b0.dll

  • Size

    345KB

  • MD5

    67a16d6e5e4677ef98e9aa8200f0d5b0

  • SHA1

    882b5bd366e17219dbb8888eecc3563bcb433df1

  • SHA256

    b4fe386f96b3d70deb8e7fbd2a8c6f4c066e0a35e05665c7961947bd13da7ced

  • SHA512

    10e2661949ff8a55083d983693493917b826947aed3414ef4b2329f5d571473af622af22a97f0e5481cec62e64c780c1e56fef2ddbf5d42bda3f1985b3844748

  • SSDEEP

    6144:4N0yr1sO/wIKS0FKtOT/OrDtgUi0uvQee7Qee/0QeesQeeglQeekQeeDC7MOmsjv:YG6wndYtamDSU1jmsjwio3Qv3lP

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67a16d6e5e4677ef98e9aa8200f0d5b0.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67a16d6e5e4677ef98e9aa8200f0d5b0.dll
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:536
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1708
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1720
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2792
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2816
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78d57589baefe02d21a3cf64196d831d

    SHA1

    a3ff3f282f6b767a815a5dc1e29e1f671d23b2dd

    SHA256

    d106c4a6a7e7eba8a875f4b74d939513655d20dc6a373f2342025f936df8297e

    SHA512

    8da159ab516a0d4b41b2548def6bc73a454eb7643e6d2c376ff0e6bc6a410d3c73e93bab972584897b3f64afb2e6d95401f25acb4d5c860cbb16a58de2acc98a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1598041d5ee2f2a1cf09076bac47fffd

    SHA1

    a5d37aa271d00c7af19eb44ccbc9effee20926e8

    SHA256

    72645db780e2ecfaa2d4539f939e31736a74b4764b216048ae056c6f7c9b8a0b

    SHA512

    2acbca056135cfe55cd6a10327a03a031ee88eedcf3aa69b07eb0bd38ae7693ff7fc3856db065b9ccb08805982990e5a66eff6fb59c4d6906c01ad2614ce899a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0640425dc28ba0d11984a6a94b985ff

    SHA1

    8b187cf3c5eea0d013d32ecb9214bc386550d63f

    SHA256

    201ca6a5c674456b7d38897d38ac2a64e5fb016fdc6f54cc95593405a6c0238b

    SHA512

    95ee2a29b0fdf0c6f3993ae8191660b29f412fb1ba868815c384b6315f7d36586faa08730c41648366145584e518a78ef02d68495a01c07c036ebcd292c77cb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df6ae58a0a8a359ce18fc5d051e97ca3

    SHA1

    d02d8b2ef25e46a370bc76ad220e652c82de574d

    SHA256

    25d371933aafa7dbd77fc7a856564adc0059b5ee2ff25ea567ee77e797113cae

    SHA512

    4d8cdf12fdc59178c28ec91aaa97d65e93a3cc29f0159c3077ec2950c39feb818ee673bcdb8e51dfa7f8c9e0492417ed2faa0f258e883536aeafed6258174580

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b67544ded0fc7e40c3d2340f70fec61

    SHA1

    6733ac2827b044b86d8c180ab537f8b6b0e43479

    SHA256

    185bb898637d017b3d26948942f7de9d0a7cbfb7ca97be2cc5262b163f3e52a9

    SHA512

    001c8a88f79f0c32ef5827b148b40bbca1c1c6119c10e3374b2f20a482559aa9318bb46bfd8b9986d5d9c5acdfcbb31ff8a561a2b21fbea028b65594d1e611f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be5e57472eb187f52517024b7dd5d05f

    SHA1

    7c70a6994b5f7d1946e77971fde6a85cd80ac7fc

    SHA256

    21e6b0a688f3d9d350cf8e58b781db3606a7ba6a91532898a0e923739060d08d

    SHA512

    13d35490bda861a256ff8f032cdc95751b848d77b3f28a7f469f3cd2f53ffa970286f37e3114a098bd6339083883ae70e8519f2ec84eb682cd2212fdc5493bb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    508ca7a7ae2b24f670ada880b44424f4

    SHA1

    0cd030797489f07f9a8adbe3f5e6b8a0de6629ce

    SHA256

    5176e87c2c8ac7167ae1ec4f7ac9b558871b2998483c0a7cfe269eb7502a4653

    SHA512

    fe58e45d79b2fb7683a09b6c91fcea88b10e8ca8f69a4ba15efc03b06e2fd9bf79596cbc69cea4ec06d8d69c29a61bfd175dcdc4f3109b9c1aacb14665d14eed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffd3ac9364cfc17444d9f89779e052aa

    SHA1

    744a785329ed28eae3d9b25b2a7f1e31a1629885

    SHA256

    49868735191a3e947cf8ef151c3f2ab469b84b340cbf542e121fab57355b4ff5

    SHA512

    049a2861d414e8547dec79a8d6a0127bfdc2404ae1ba32f0a5fa2297d6c8fe71c5e23e8997e75bb36bf67cddae2b1b3c5e3be66eab1e6bc3ae98c995e09959d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed71f620cf4a0fc62802b2cb0a9d5649

    SHA1

    a16965867638bafb84d890314a6fd4b0ab30ed81

    SHA256

    a94a0094c3a5e67c473677108a3ff0ab4373860109af06f786b883739ad3bb7a

    SHA512

    65d1eb5d687a006df7e2356632600a40606fbead944c1a830747b3b4730ffde82cc346f78f277611bca090facdb09a8ffaad8a80facf2a89561174e828b31700

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47ccc6a5d71a47a54451962b3006544c

    SHA1

    88bb956b4498fdaa077cb1b0e23cd84ab7e07878

    SHA256

    b8d0537aec8f1fc3541a205e426e2364fba212281653472b482035e4381911b9

    SHA512

    5aa2a4ea5393f1c8ffaae4fc856cf3cf7a4e286097acc2597a78eb32b3c71861f61f3525bb592358a288a7abf389e01a685b2d51a913081be5a8bd523189486d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67192992e78b5a4fc88d1c9fcdfbc064

    SHA1

    e2f071fffb2ab44f3c7cac0b7c14d6c3bc3fa512

    SHA256

    2778c5880e92709544c12e8d12508c55442a2fc6d420569c663138601c0cdb6d

    SHA512

    f0a1bdbf8e4b581156286387b01fd8b76908285c4804b7fcfdf1a5cdc2aab334ef630674385523026196776b48937a9fefe67db91de5fb3b338019b9fab4f6f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3ddd693ed989942204cebd41f8485a9

    SHA1

    2ae9f8c004302583bb1dbab693043a7321530dfd

    SHA256

    879757abeb4e3b7ce7589d667a49b54a36435ede02bd40150cb3eb74c985e06d

    SHA512

    9d091722686d2f3fac9eb2a28909f9f6b39aa24140e42a8bbe510b485baf42a935cb505da07e5befcc67d446df202ade58caa0cf21fbe5a7f2691e55804ce08c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d0d20821d071eea4f2f1a69ee89f3b6

    SHA1

    f0b525341792a2f993543966dcbdfdc89df5e082

    SHA256

    be12acb43bf975840d1541d6d8abba27e430c82448e4f2c0b84d0c8ff7325cae

    SHA512

    0fe3fa48ca60dfc4b49e3c734f5d701620ae3e3b729e9921cfb7b3cc6eadacc72a39b3c0db81f7f3a4cbc15cc3114cd7d515fd246713013f07a6bcbcbca7749e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    267b1f43dc2da3c59c90959f45cdf375

    SHA1

    4fb19cfdec22ab79b6a4fe0a535ea214b26a32e8

    SHA256

    c39bebdefda8db95e94ca706ed07a463da74b14ab0dc2e04aa2b67485fe83ea5

    SHA512

    dbeff5b05f90abfad4f560af65a4cf2082bd1c5ab621191aa8816de5520a1a5cefba68b0ca711db35a863063c2e3773aa34a9d170d2e9220934da7cfb86719ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    614f1ef24145d32824dbbaa0824980d3

    SHA1

    62d1d8a466b53d39a2f4255a709e1b3134b3d94e

    SHA256

    e61114e0a291b88937247f82a7901252bf788b0eda9eb5a7c6d8e7e8a46c4e2d

    SHA512

    7f21c4a6e37de76b973c77bfeca687bb88bf074d8b1d57caf9fa9d29ef0eba458090b31a69995d17f0bd7b250909be01fae5f535a685655cce89aee8656c8e4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c03577211686a650f43a62efa065397

    SHA1

    d5254d96e163c154532bd6fc2b9e5b278d53e8a0

    SHA256

    f0383e758e002950afa2cdb968ba1bd37ddb2052e944f4a7fb451dd97a5c5309

    SHA512

    a42e46b2db3b1aa90b61a86244108345ad32e30c169d468e339154cece2b8f60b84a6323374efefdd1a5269ebb09cefaea3caf3591d08bf80f3e83d51b3d9c98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5ec99a6b37a3fb4e22aafff87dbfe5f

    SHA1

    f0e44b722ff0771d6180e29030ecb7d4c2074083

    SHA256

    5d5f12aea8cc0474937b42453cdbf36fb9198df6a7ab64d36acaee9a5ea95d5f

    SHA512

    d8ab61766592e8084c021415382f4909fe9a3c26423fb489cd8c01377d5f7875c32f773ae5e154269710bbe75e0018647c57864f62e2bcd7639df6d8f2542386

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73f471d77915ef8bb2b5a7a25760c055

    SHA1

    d606a86146a8492f2e87f56b0e6dc8591646726b

    SHA256

    5d7c01be1814b4428b1480c4242660121fbf83355f41fd76ac06b52ce7a2c0a0

    SHA512

    10612535441b9f0025aaaaa82ee37f4846227fb8603aac287252bcc8045f8220e40303a07c8a968ffa35127b667c18b160061170b526048866c31e3acec9443d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eda3de2a9c26700ab31a4b4f016421b4

    SHA1

    3378968798d1bf45af542c4216e17425b8ad1bd4

    SHA256

    31e44d77ad8188e41289c879ca4bb8b84a383be8bf842918fff097caaec9ed37

    SHA512

    2595c217cfd11fd5a07824127ef99b690be1f74c0701df8853b34cdef90e25edc6e6b400498aa7950c173648a4f6a6872f578f3e7e7044b167383501d2a3afce

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F532171-C93F-11EF-AA6E-5A85C185DB3E}.dat
    Filesize

    5KB

    MD5

    78d0b26c952930d58f4d85513f8c7838

    SHA1

    57daeca21802c755bafa3c3364bcafaa0024f128

    SHA256

    ea3df744fbe58b51770a37d44f146be266bc035a191cc22f9e7fb5fe05ed8d63

    SHA512

    4a9694aa0f0fc4b266d55627eda7e626c7a0627048071ea39808095458a9a7b38172472f4d3803d112afc37f04114e27ad672c4823c06924e41e335b52978aaf

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F5582D1-C93F-11EF-AA6E-5A85C185DB3E}.dat
    Filesize

    3KB

    MD5

    a626c49edd589b4126f82856d1ae7e91

    SHA1

    0c1e98f34af1447663b2c6d2e57d2de6f1775148

    SHA256

    c7e6b40c0c0fd0e33050281f12b2e33ea3d28c2e248460fb493de781c2c55211

    SHA512

    75db59832e6c01c906dcff84cbe4552dd81a15ff3b7abafbc69c4c3e7039ee40031867fcbd9880cf77cad521b3c06ded0864fe1b5a05c4299d2feb334ae9e697

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEA52.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEB10.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    104KB

    MD5

    84b7783804fa7506672a409e9899c6be

    SHA1

    2da8a6e9c04662564e18cdf98f73e224a5662533

    SHA256

    b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef

    SHA512

    8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c

    Download Submit

  • memory/536-8-0x0000000000980000-0x00000000009D6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/536-1-0x0000000074620000-0x0000000074679000-memory.dmp

    Filesize

    356KB

    Download

  • memory/1708-10-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1708-15-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1708-14-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1708-13-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1708-12-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1708-18-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1708-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download