Overview

overview

10

Static

static

3

JaffaCakes...d0.exe

windows7-x64

10

JaffaCakes...d0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 18:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_6765bde639db810f5b5317a2ee16dfd0.exe

  • Size

    196KB

  • MD5

    6765bde639db810f5b5317a2ee16dfd0

  • SHA1

    3338d177f50f63f2a9f7d6d2d432a261d69fac34

  • SHA256

    f2c87e4a2171d844303d328873f39cb20c506dc9a22ab8ca8023ad6afb671e8d

  • SHA512

    33f3e58e032e0f6da9cf9c3ae4a57d96a55ab42d42a6ebb8f179f194c1970b9f9261d74404771e082f0aad7dae0bd014dc6e128f0d11e1290771614821a2e7f0

  • SSDEEP

    3072:g4elsUeaEXW6BQZv6NSgapKbDsnplerDRBjZqMNehMa7pVX5QGA:gpyrZdBQZvGakbHxveBa

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6765bde639db810f5b5317a2ee16dfd0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6765bde639db810f5b5317a2ee16dfd0.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6765bde639db810f5b5317a2ee16dfd0Srv.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6765bde639db810f5b5317a2ee16dfd0Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2700
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2844
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21b510a6853fa372607fcb2fac35f4df

    SHA1

    79e04d161dfceabd6306a3076e24824ecbefdd98

    SHA256

    946e2ee8b0f95fa23db99e73883d80c65be287198eb06e7d78a6ebe0c3eb8e80

    SHA512

    b096384d27d59b9b6e707d877e343ba725706870fdefb5b00d487e0d104b7eaf0fbf273c360b22981c0c88c0eeec19f62804175cf873b76e19f7dfe3610a8bae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c973601c925854525e943e86ef6328c4

    SHA1

    e684285f3f027dc61d341e1f22f153cbb3d5dee1

    SHA256

    91c263eed05c8c194c6ed7ad26d424c0b24528f775ef8a4ffc373db869a7bfa0

    SHA512

    df3038cb47da2e0d2a2167191cc4bff5186e06a67e3c01ca116ce56805b3adedb571f927c8da883a559d3d028b60836e7bd09fc4095056371e54ec73fba5b814

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d998d02017a8f9764bf9b1b52ff25603

    SHA1

    86fa52e835d77c26f786f97982cd670b475f355c

    SHA256

    3f93440e293217238cf37de0065476ab4c76d88908bd386dac451c77ba77d3b5

    SHA512

    b1ce8be87da8a9db0e3b51fc6444e9237a4a2209340cf99cbba56f242ce14238a18e0f96184571cdbb40b5b8d1dd71d5e6cd12bc4c255ff8bfe978a45767bdc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f39b193b0a1dafaeb562f0dc53659f5

    SHA1

    1581aa860bc053519988d81b4d4af101c33facdd

    SHA256

    387b9bb979f0e2f6caba7f08bb1d96da96af6b575f95746b056c95fe29a64fb0

    SHA512

    d388eb9f80e624e9aa3f843097b313d5c8b3a0bd74389d2dcd2dfb2eddd5a58f4ad8d587480a88e90b4ef22f711ec0755e6b31b862e9ff7d9fafb25f5caf6990

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d975f0cf2d1a5fdac4b715b3b78f803

    SHA1

    ac0e418ac3fcd71a8d35a69a09c5e6291b7b3f65

    SHA256

    bd6558f74fbb94eb8c680f948aa1c4e2995833a372752797da2abff8a3e54cad

    SHA512

    512df82d59199c2f4ce0889dafb5d5786b4795e4a6ae3a4d6f18e7786693dd733d56606a68575fce92aa6b8545ef0de6d99fbe58b17b3e65378f1940133e4848

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4527aee3ca512add6ed2e30c3e22078b

    SHA1

    16652f0d080f89eda0c2099517aa8a15620b05be

    SHA256

    c1b08699324a2c99ca9b38677cd53d7aa94bdc4466b49ab175432a25e92095d1

    SHA512

    c156e6a9490b1778c56690baeedc048b627848bc8bd3af058942904fd5bad55ec57e2f5391d76a637dc9fe109d8b3ae251d5683e95d07ee5fea5cfbf8b1d66c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c56bd3887dedaeb18038cb0ae40c9d59

    SHA1

    9c69ddd0e525e0eebf4821c7580692de212e6f07

    SHA256

    aa028c38c5ea3a30a6f2d04196e919f00ca13b9e8d1ba1ab58e3ec898069584d

    SHA512

    2d91cfdce147532212d52cd65b040d9ceb20a9c439fe8f043b4ccf4106f0735b8da994455908af7a87721b239603a6708781dde490322d612cea6f9f263db78d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48201b3bd69926eeacdf3f4fd33ccf6e

    SHA1

    23f95b6a75746c29f956ec296d1a07e296fa87eb

    SHA256

    acffb0134c41eddfbd266a08fdf0e388b9c8267f5ec52f4d2b5640fae2a42d45

    SHA512

    047499f6d6d9786b7081156dbb712a3aac3cf4f04e967c1d0a7211cf36b8287099502ee942b6f8f7cb2e0a7e0a71e61d75a8ec0b80c0963d6839f68433cbf66d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    310cd2cad8c3afda470c9c5e481d76cd

    SHA1

    1ba2ca04c3e8bd5b4d894838dde25ecdbd2b9033

    SHA256

    8ed2e731f036ee12f386569670f0846458d1d9677920bdb12a58add3e803a04e

    SHA512

    710437f130f88ad5cfa9f07eb85310ca63e94f810303b1d45c0d0ffcc14d6f6ccaf50a80ddcf02088baed39de05fa043a27f71b5c47a6f292ea8f59a62822b3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    590fa43933c8f0d9f219b9c25eb58453

    SHA1

    cb3e4d4b17792e27166466333ef332269cf67fd9

    SHA256

    e77a45c4ade69ad90bd35d6b21384a348ca6fe5854fdf3ee7c656d87eba4e073

    SHA512

    d588ed5eeb61612489899b97715630de3b176b96f366b37be68149f7874280628d81c74d948c4168a6614631fdcfb1120b362372d8b8c7881c453f7b7249ec59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fe5f4321dae31ccd8ae574f6fd4fc8b

    SHA1

    7d2c9d709e9781a33a56427dca1bfa8feb948120

    SHA256

    a5963b545ed147b37ed093f159ad647978ba9be40aa2eb11559db169f101cfc7

    SHA512

    b0c596b81d04452d045698413896aa02347efb7dda3b16c3ac6c7a530fe4009a7e8dde2e8fcd9122e27a97b850e979dc9374ccca2213673236b104a3935a7bc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5ed3a75fe4cd59caf106052f747036c

    SHA1

    8745af12f1190a1e50ba52e5c432b4ab2bd3d052

    SHA256

    5fbb3c9cb6ce059ca2ed44fcaa3c70597735fc043b06707ff86d15d99b1b9a57

    SHA512

    f4f9d17302404f95cd95cc1c018fa5f15ea484e322c80f40d1b1f6f479e5d438c270ef8b2a4a47e5f4e685b7ea2917914d04b0cebba2067f56c4ee0c17eb067a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15852ed6277c674d3de4b6fccf6e9932

    SHA1

    ac105f5301401c65a04606e5479a2f6082cc4793

    SHA256

    9335893f7be877222ba9e28c6dddfac9fa1aba97c811e67531b26d8667153176

    SHA512

    6984ec610b4dcbf00bfd70eb39cd60aa3ed8ad09a0e2b36b02162711c9871dc7490ff713577c05c37e10c6c70482cc491272332f60d9c976756f6df99d0607a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9da045a7e3678d2fd5eb57467c015d60

    SHA1

    a3571bf36779e3b81a94de72b4329c3d0f060c63

    SHA256

    f3f867b487a9c9931aa3cceaa121278f9f497621686cce7a196b988e388d47ea

    SHA512

    831fd46878de575f631c71548999d9598eb6912b41ddba0207569ba9cd0c04d035380c8f76b8be7cd57ee851b76bb653672c9a8cba626cbbcfb5d8d00b03a874

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d23c66cbf6ce5a2af7b8d34d1c387b87

    SHA1

    b9eeb3e264f1e5a3ebd91e0d9561e5dca0589ae0

    SHA256

    73925ff68557b47aab5a10c5c19f2ee28e8d0f9638827a4b1f43ce0264702319

    SHA512

    4f3daf79a67774bc63d72ab838d8e3da0f7de0584e9d247708876242e2f6b1bc366ac001cabc8265829a4f4fded95107d12da3f09fbf819df86ab47cde87d396

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f952eeca34033f81077c8998ad33bcf

    SHA1

    bf13a5c6c765ea706c19a5d27bac0024442f2645

    SHA256

    d79530711b485af75d48c957d1c06a97e89efa95f3a3b97d88452385de38fc35

    SHA512

    58d5cfc631de20b8a6edee47639cbaea2171dd0c39a2eef4010384f669165c41b4ec4fbac9f1ad29b05f8028f87e42205d69bf5775629f6662e4b6da6a6ee076

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    894cadd25dd29e7e8183c8cede417964

    SHA1

    91e8517a9de11c00cf81c5d36d14c0e76873b909

    SHA256

    764592dd69d2dceb831b657c52858d246be923dc6a54ac16227bd071777163ed

    SHA512

    7f4cc9643765326a668ae7856ae3139e1ed2964e15c4c7799aef92bbb26e5d0bf5682ba31fd4ad7cd8bc70a157184d3d4df91df9bb932e76be28a24c6b83f87c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2487e4b28eac686d295411648af545a

    SHA1

    40d5f78594e8589b01d38c8a9aa2268207cd98be

    SHA256

    78133bb727ad3bad3dd27e26a82ee02ca997b72b9811f9699441001a078e424b

    SHA512

    a9e6541dfa917a05d60b8b8aa89d491f9035da6a7308914af678ffc75f380951c9e633ebc61bac5d7d9a83097b916a7469b80a69906dc8dba609bb7551509478

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3B6E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3BCE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\JaffaCakes118_6765bde639db810f5b5317a2ee16dfd0Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2700-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2700-19-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2700-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2704-4-0x0000000000250000-0x000000000027E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2704-0-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2704-451-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2704-22-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2784-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2784-8-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download