Overview

overview

10

Static

static

3

JaffaCakes...01.dll

windows7-x64

10

JaffaCakes...01.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2025 21:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_6fe18320028abd1d52a642aba5985201.dll

  • Size

    332KB

  • MD5

    6fe18320028abd1d52a642aba5985201

  • SHA1

    b1a22135f1fa45dca1c63275ffdffdcd502efc98

  • SHA256

    fee1b824e6c9a245cb4ddf32bdc5368f1486f750971f9d73af5b43a1e5a42223

  • SHA512

    f4bcad6acb82edf584b224fb7e5fab0390d08471dec56af1536e3468c60b2838617cbb07553474e0dab8486d2e714b8dfd14f04c6e46776f7c60674ee88548d7

  • SSDEEP

    6144:B7dHCc/ASsad1rasdUVUpLVLBsJ0uol9wnR:B7oc/2QraZiLZBsJSvOR

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6fe18320028abd1d52a642aba5985201.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6fe18320028abd1d52a642aba5985201.dll
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3032
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2776
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2492
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2340
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2796
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    046c76fe04a06855207ac48be8bc0ac9

    SHA1

    d876c1f9196bd8a4d57e527c5ad909acbb954194

    SHA256

    9d578c92c387897d895e362d3e2a7bd773c9e962ff001dddb673b48c1c3645e2

    SHA512

    858cc69bdf98d2736af974968d331772dce9f3a3926e6b2040b0c70680f6c696c491d38d9aa2e8d6ae047ec1be73382af49584d3ff1f134091b9472926a1f949

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    544c412c587a02ca55db06a0fcbd59d6

    SHA1

    d5b87a828e10e90e509970bd6a24dd5484f9ba55

    SHA256

    97c8f59e92a5fac2a820d7e433964f35a498f095016a6d6320d9f6da5183e3db

    SHA512

    9ad50df8e81837f73395498a2eaa9c80d7caee787e43fc7ea4ac4e06df6f075269980ef7a4836216741f9e2b13bd4ad2a4e7c9adb0e11819b7dae2e7b628ed21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a24f6bc08fe90412b2bdaa48357883a

    SHA1

    2c7757155fb2e6488d454e3af897b614888d9ad9

    SHA256

    342e1ff812d6c5b6db4c5c466c0fbad137b163e89a63072953fafb401668a759

    SHA512

    cb834fb32ec08660278db15493aca242f0bbdaf32beaf5cde9f1e2822b56af08d402fb21eb5aebf2964198ef150ba6d3e7390a7d165c2b1b266b66286727ea85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d12a0becec5250968d54ff98f28ed47

    SHA1

    3fc1605f5ca50281a7874058b7b045b1f60c7d05

    SHA256

    93f52bae986f247ef0b270138c2ffebcdcb795d20f5dcd63a507b6b1243baa8f

    SHA512

    29527366aad024a6d5e87163ac591fc2fcf3b4baf8ea33e3a3a7c543f59e89271e391e0d7afe9993891a56531dd078e9219aa102189fd9fc53e7ed40909d5898

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e18e8ec0811bd451e5565bbfcf1f44b5

    SHA1

    7e3e0d83e13ce2964a29267ac9ebdb3cd6ea506a

    SHA256

    42dd23cedbd250a4ebfb828684db057321d8c867449bc9c6420876cd80215e7d

    SHA512

    ee15d9758f98dfd610fceaa23c8999975939c5b7d4a07b58318a4ad337653e4a4acc7746730a9afa37fade2e818a07ab4daa0872fd6f22e9ddd4cfeb38c6d388

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e8f171c8fe8a7aee7c717b7982e55d7

    SHA1

    6c488950e9f7de191c907017a89a80c4c62d9365

    SHA256

    f08bf27b405ff3dc16bc5420faf54d021989143e01cb39fbfa9d12b477de96e1

    SHA512

    14f2c212fcb2b3928ce2cabdcabe014f7d856ca0c6012d77a44211ce60aa7a7b6690cead79bcf4c9c23822a8fa9bf10bb52078d1445d73a6380d7dd908b3e26f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    458aced0e560818267581bb392bc2b01

    SHA1

    df3a0102476c0b7f663138836e1f68ccfe249047

    SHA256

    117d9b9dc1be25fc5469faab7cdd9b1590501c3e9d968e16fa7c52dbf053beff

    SHA512

    6716f2e9aee77100a222204cf232ff15b8b831f20cd6da779869ce2659712bea12183f0f02c0fe73b9a2c851756822c891a29d9599f7b181169185c70fc73816

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    857cee72157c62ba14c7edacfd752c22

    SHA1

    e073f206257469c2393a49009b0d0530e0a347c7

    SHA256

    af5d4727bf3bc4535a5a6d37d317da98a31cbe83db81350605aa5d295e098812

    SHA512

    c6e784b8dbfec6c8f61f9bf8f0f13c08d6bed0c7ef3bd840dd4455c828c4ce5e69bcbf48e92462d8086993b0a634a0d5c7b0c7c46f17f9b0485893ac1a2bbd74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffeb87e503abdd4f258b9eedb299c860

    SHA1

    e77cb64c250d8907e638c470a4dc4bcf0df3026b

    SHA256

    be7fba328bdad2df04b3d9e626ce7eb58525ada4f754a7a6f289eb53e9df545d

    SHA512

    786a4604dc4b27eac24752726c5e0e887034bc7079ff409a23a736764bda4fe7c2a3d4f44820d6d31759dcc7c2ff3be328b70e6c2deda069e90f1ae6bb52cb69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16df6807f9d5cbf1416575a4dd481a2c

    SHA1

    9275fa4aac5f3a7b0fc1a675df4eca1ebe38e8d1

    SHA256

    da4616e0f41bd23e32cb9880df194b746ec49c0502bee1b0426c5713aa1e6419

    SHA512

    7ed575af29edc02d2ccb2b87109f2031b741728756c4589114c909f9e90b92a0ceef64645cc134c97ee43c11d9f26923edeaa6b9511b20690fb260a58f5a8121

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9071397ac20dcf2888faf2bfdd2083b

    SHA1

    1f9c0a364dd122efdabc5cca3a5c67336d62c0e3

    SHA256

    8942c3d4ba739f272ac16ffb6ce4fe7db2f0cea808b1448ad423e2505560a434

    SHA512

    888ecc92ee503a2ebbdb44498f5551d02c0b5ce2520b12e1e8ced1f6b3277d8a61961f670138c3a49cdd233ee922a01886db7241f833acd2de4db07111b1cfd1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B6B2D361-CA1A-11EF-B4EC-5E7C7FDA70D7}.dat
    Filesize

    5KB

    MD5

    ed545b266234fb4249eab4661c00eff2

    SHA1

    f7727f7ff2896b47b08bcb11478fcfc25b364aad

    SHA256

    ac882c1c150796c0603052a1ed7afbe88102d4a76345be87024eb3a983e75218

    SHA512

    47515cc23f1712df0f21b98546f4415c23533d28d34040d794fb333536f1e8f866d9cf34a4b43f412237d8983e77cef7d97352634fabdd128961c1213ccb95f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B6BC58E1-CA1A-11EF-B4EC-5E7C7FDA70D7}.dat
    Filesize

    4KB

    MD5

    87c3a39847261cba1e47a52fff1e6cc7

    SHA1

    d0e0af598e96b61af009090c797378aa344c4cac

    SHA256

    dfc6aa4a5200e0899615d356a6e324c73d7da542bbcd4e44969fe56715656770

    SHA512

    4e6b6f1baa47ebd5f0c323fe2c49640ebc87837e0727c8f8311616701eff3938631a8ab622d5cd67324b3b7475d2c3751761891c53186d567e480566fd8d4f7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab478E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar487B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    125KB

    MD5

    12d840fc0b79a745c013e73c4c470467

    SHA1

    f47b3c28974d6199e596c365f5e7161656480100

    SHA256

    7ee9098ea2bc30eaea20eceb5e8cda620772c4ba2d7d6945e34ea93fb6054ccb

    SHA512

    de5f3cb695f1a10d897968668ea403721e09f9c66db796d932b8152edb1681dbac777efb63a2cff9d81380d09452f90470a8b77363a99f21421b9ff61fcb930a

    Download Submit

  • memory/2776-14-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2776-19-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2776-12-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2776-13-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2776-15-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2776-10-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2776-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3032-20-0x0000000000360000-0x00000000003B6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3032-1-0x0000000010000000-0x0000000010055000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3032-4-0x0000000000360000-0x00000000003B6000-memory.dmp

    Filesize

    344KB

    Download