Overview

overview

10

Static

static

1

JaffaCakes...0.html

windows7-x64

10

JaffaCakes...0.html

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2025 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_6fd71752345b87e1fddbadce876180f0.html

  • Size

    120KB

  • MD5

    6fd71752345b87e1fddbadce876180f0

  • SHA1

    a853cc8f6d3163734ed11fa380bbf92bc619b575

  • SHA256

    f99038b7a436b63648cbc41571245e2b19fc5b9fd799beb27694241cb8a275e4

  • SHA512

    85979dace819687a75adff211bfc786c9d94cd3dea43190703042f96a215ff5d39f65711d758b86625a7dffc60c453d60bb49a671ceb8c9e837a7c5f96b1f2ab

  • SSDEEP

    1536:St4QZHyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:SZ5yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6fd71752345b87e1fddbadce876180f0.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1544
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2164
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1112
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:406545 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1512

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cacbd9adb38d8166def86bf58786e874

      SHA1

      c712455cab3bf94dc5b45ed66e581f728e5593ca

      SHA256

      38cfa4081e035bde17080e2630e7e855bed80f3f39114945c9a330af4302818a

      SHA512

      fdc7585442c6d34f0ed8b94509248692cfeda8e5bb4ee315ba4bbb4d147af0a9595e2e51a693a11af875a67ee44fe1fea142026886ebc2c78be5a09a5c914e4f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c53d6fcaa6564ba12765d9663c978034

      SHA1

      f19881cfea25b220eed4a4e2aaf4c3e5d88b88cd

      SHA256

      363cae50f90d6a5c094e453bf299708ce56adaf131bd16f605d0c158bd80d049

      SHA512

      f288bea6d9cf0fdb39d2d51f27b68fd06b1b4cc553250bb0fc5a3036714bdc3ec05278678a490d984e38019aa2dfd321c3f39fbe328c92cd6cc60b49c754b0c4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e83d56fc03531d030d3363d7e9e95232

      SHA1

      8ca98f0e688d90c3989ce4bf5db3a85de522ae99

      SHA256

      986a522dc74f48ebc627f43ccc4cfc3055a3de43bfdb497b4dc9dc808aef1beb

      SHA512

      5ec935a64df6b2ab23f846bdaa3e5fb3f83b78c21067536234842c680ca186f25b3558fa2e7a4c8c03dffd24400eb03024b818fc71b5f7410c26e9c224a8d1cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6374ea5a7478e7c7871f01579a624782

      SHA1

      3c74cacc53cfbdecc9e2ee0c75f9f32c46a6e788

      SHA256

      e1fe9a56aeed78abe13b73eed5370997ebb13ad240463b7eff14b2bf6aae2fb7

      SHA512

      5574ddbd89cbeb2adf548d3224bc0b66ed4b47bbb89670ef7d365d85747385c4d342612779e753d137423dfe103ffc6b1fde80af0ed82e61b3ed6d74deea428c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      838fb1b6fc9c9af32058c05844d952e6

      SHA1

      5120e9222c0746b1ac1c4e478b1d43d824b6edd6

      SHA256

      d7a908768e50d1a5d2991861ab33c3de270804e8a0bf2065adeddca385bcb95f

      SHA512

      ad469d2deddafd073199816c482ea6cc412b9060a4833831e0b5be821e4ba81614c43242614bffe44927c4d2e2be51525bb1295e7a2e39562fe4fed0a8a963e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7c466aef3186cae1846ed9ed7e3c4821

      SHA1

      5469132777b39bb065540c62a52fc1902df8be15

      SHA256

      3cd0191731bc86dc49e1608fa80e998aca2fa969b977e3a7bea7c58626b93057

      SHA512

      f341a5b0a4a5452cb1c89eea003901fe7091452ad2b6c305f973eee63aa7779268898666415a801ade7c8960e4af5eabda6a3a0422eec8f7cb2e21c949abe6ab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      693ce9e14bc9fd918bb0b8c298f73b43

      SHA1

      8430f3f10f6993b41b7d5d2f6e15eb7e009bca45

      SHA256

      e1661b9e70afcfc7992ed5d5c7a6b8fe6ca473637123a16835cf944619d3cff9

      SHA512

      87e89ce996545c5397a906429f486866fad804525a4f6227c314ec23ec7d1e9d8cac53b32f041811f0a1b2812a103106e50a57a48e7adb9df5014bfb43cbf7e7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8ee115ce9c964dab01606d5814058e20

      SHA1

      23c70974d83b3ab099f5c44bd4a7624d051eba1a

      SHA256

      c44dac9245883d6bc5e592625f941b5abb7733c6e931541ede4e38cf9f56e5ef

      SHA512

      0c902dd15f964767e0487396beac7ca1457b0b8fbb83f2eccd87db52309f514acf940168d64448d5d65f6b80d51cec058b2913dcb82419654fa72757d30ee9ee

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4803921285159b825c5632bb624e1fdd

      SHA1

      d10e499577b4a8c12eb6f908bee0e56d0e7e007a

      SHA256

      f79f98bc791a8b74917e6bd4ccb1c645cdada4e527011cc6c52c9303eb4d9b32

      SHA512

      f99b0f3997b8211d59a0b793ba1df1917df02872808c5c4259cb35c002f1b30eaf677e37b5cb184a54315517888cb402ae240be3a71d3a39eabf02fc8b869d27

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9C21.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9C93.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1112-19-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1112-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1112-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2164-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2164-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2164-7-0x00000000003C0000-0x00000000003CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2164-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download