Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02-01-2025 19:52
General
-
Target
JaffaCakes118_67dc9aa92104128ebf504256a8030920.exe
-
Size
556KB
-
MD5
67dc9aa92104128ebf504256a8030920
-
SHA1
3fdd3be687dd325d85123c69e5266288e16895cf
-
SHA256
aac629c32fc4b8e0958654b11fed1b5ecc555f7ae1a9f16d08e09b96b4250cc0
-
SHA512
458fe6c7290ec46ea641927a4cc6aa4458ed914b43200227e20f95fe3dc91c4ad744590cd6e7250e92e3313da1e920d62fdc0684c528fd4a986134a6c4766a38
-
SSDEEP
6144:WmuKPcDfVTrEFzfxtgNyDIQKzo+itaJkH2PSb14ACyZ5ntmNnOvR5FgmiMGkI:CVTsbgNslWLitaJkHLN6HR
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67dc9aa92104128ebf504256a8030920.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67dc9aa92104128ebf504256a8030920.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67dc9aa92104128ebf504256a8030920Srv.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67dc9aa92104128ebf504256a8030920Srv.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5ced7d221e0494a9c1a870a4d53e1c3ed
SHA1901f997a4568bb525f12605c45987c253983bc6b
SHA256c7dd6f7b948aaacf3d7167d34d0fda305cf690c1838bd34b67448177d6d8ee01
SHA512dd465c7d07af7e87f964dd0315b9bc635ddc8480375179e01d473cca09667c043e56c5b7bc3f5369bae2175546d6440f42003c1123e52027bed17be6912a7eb2
-
Filesize
342B
MD5e93dbc3f9975d14089eade212c5fcef0
SHA1f082bb542d2c21ccd744ca613d5cab19947e054f
SHA256d6075b0219ce8c9c72de3fd3b7b8dd3627b6ee75168d5fcc422f3eb5f30f97cf
SHA512f64b8b1a262ca1c468e4c5ed4b02b248aff6eb2e01907355f50aeb145460f832aabd9b276d476409086bc35b1933437a69b66d56324d0a87e98c972d5222e305
-
Filesize
342B
MD55893f8250c14125e041c28fbaabd69f7
SHA1d18fea952f2946b9cc6d5052bed4f1e890762090
SHA256e238fcd37a5ae81c246e14ced7f388c2453df2f6691ee9fe138291ffbf1ae8d9
SHA5120a2e37b58204cb3faff1a4f600b29d22ae418379f014b37ef68699a21555f2ea50a72c1f5600f1510e9a7c791d8d9ec9531cc820f9f6a50dbeeffdb54b9ef612
-
Filesize
342B
MD524da692f31430d045fe233dc6d84da4d
SHA1de513208628dfa4231ed8777c7fa3a255aa53dcc
SHA256c141f6b1905e2baf9dfef0e328ad1eab63866cf5bff83860771b3926f76de591
SHA512b5e3ad02044765eb803c5de6f0aa8fa0de4330ecebb0b289815e617dad3960b24516c96236de55ae8eb0a3e08b9e5558442b8f1738d53ee02e7d913e00ab5f5d
-
Filesize
342B
MD54be0b07a3d6db1b35ce9cf155779fabf
SHA13faf530d1f8f5b558335817a1ac103727d30b10c
SHA2568cfae28848798893d3ca47c6d64875fbd7d1a65db4a9eb8f8658e5db4b45643a
SHA51254d442abf86b163c462b374b5418fbbf4760b0c88f0b1f1a29bc2f0a0fcd6b566700e895c172be301de5c0fefb0943875fe4a932acf257985a496d85ded009b4
-
Filesize
342B
MD5891502776737d800058cc223d884b6fb
SHA11711fd4b135344fa4ae335f67784d330f8e3d4f9
SHA256860e3bc87b46e4e0c2cc94a31f242b28ff8c39125265527fce87252ee0b061d8
SHA51241074e4c79015cd1b2e06b3f15e65efc7d2a118e595a44cd4115300c5199494d606073c3f099d9899962fc0de809b79ce5ae6d7452d2e43faf999844e5767605
-
Filesize
342B
MD51b7d3711d0fab217e3bf295195c22668
SHA1a4fcd4ae476525790a34e7b962b7666949234c0d
SHA256c91600e68a37542b8f7a9e4d8c401ee8fe077c913864c8fe96d3db829bc5014f
SHA5129ba080376e12577ed211e2084d38c4f1e0bf19d3144b1e6f503ba1521c69e69fd728591c5efd4d3ed7f2de7fa348871f881d15900bea7d2170362fdc3ccfadf2
-
Filesize
342B
MD5b7a5d34702fd50b3b99434bbedcfba13
SHA12225ccc5cfd6b0c976eba8c1e606d6cfa0e69bd5
SHA256265ebefb2de6ca07f92dbc6faf3bc28e2a29de12b658380dcb2332ae878b4372
SHA512043070488c83573de27a4069f5a1527ae39430e8778b8df2c3a377af8f179bf54473fe5c41ba5f6f77f02a8a7fbe2bf2ab55e6fdfd04c2b3c2e830ec5539fe2b
-
Filesize
342B
MD53640b181f6d34236e5dd4e3ba5508915
SHA175292580e3f23c9af8908cc52aaf00ef4607e25d
SHA256c09326f4deb9602fda578133a36be8c99d37b68af608f0690eaab2959c3884ea
SHA5126bab6ad9afb194ea9e11d23e69c5ce0c4b26948b38dc7748c26ae1d80c758be1981bd5db8b046273774f58048d6cacc834bdf45bddcadddb297062a872396876
-
Filesize
342B
MD55a32bc997575387e7b72a7489c6cc079
SHA1208f627bc8b560f53cc493bdef99758e5a2cf68c
SHA2565bef2f929b80a215efa231df22b06f76ae57c0ef93dcb15937a1a3dbe2a28d6f
SHA512754b8c7a7ef11ab6a259de455cfd99b3fe559cff86b77927bbddabd6aa779519ca65726be931f14144b8a9699bc5b9c0254dbe2f1763494994524af6e1889adb
-
Filesize
342B
MD5fe7ae9ce70c66962e243c322a6174c1f
SHA17a96883d0d4faa9e36d4766d0b6112d8d805c9ce
SHA25665b0c2c1354c60426790f79c2ced5c613ff29f69552268270205c6ac6950b1b5
SHA512267da5cc86ada8f52fdaedd90a8be30ac7b639509e038c4d9aca76e925171c87df8784103bf4684ed3cab223ae709006bdf52b47f97570c2013d71c41bf12bf2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
1.5MB
-
Filesize
184KB
-
Filesize
1.5MB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB
-
Filesize
60KB
-
Filesize
184KB