Overview

overview

10

Static

static

3

JaffaCakes...b0.dll

windows7-x64

10

JaffaCakes...b0.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2025 00:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_693ee3cf7c8ba77980af66f8b023f8b0.dll

  • Size

    156KB

  • MD5

    693ee3cf7c8ba77980af66f8b023f8b0

  • SHA1

    059f3dd5a6aa38612cade0f2c5b5cab54d1c53ec

  • SHA256

    07bca7bd4f05c833f6a0dbf66cd2ab07f64adfcf810e6c5675089336fec011c3

  • SHA512

    bba7efeb073abf17487f17512e6f5a71c02bb2d581540b905440595defe559737feaf6bee7b8ab6009057e05788ec6c4fe35e8882b294fb902e44b05ca56d489

  • SSDEEP

    3072:g7x/gEUOOQxB1aNGmERuZSUhrafmSt5tL+gO6f7OKiUXlvKJZXvf/5USm:g5gROOQxBM0HUqmSt5tL+YqK5KJ1n/yJ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_693ee3cf7c8ba77980af66f8b023f8b0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_693ee3cf7c8ba77980af66f8b023f8b0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2664
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2392
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2856
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1548
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1548 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52ffdee86aedc3db5ca086e8bea499db

    SHA1

    aa9c77bf619b527a9bcffe9a9dea87b186aaa0f8

    SHA256

    b20ef40a30dcb0a60d19e86d425156698d1a42b4881aebe3d56a2cb3920a5147

    SHA512

    3795f1124f89a7a9cb6bd9b49efcabd45db2447da82c3a537f056f1491957efe9ea5b069a1ac065e58f8137e4756ae567b7805946ca61d2bc22d6b80e4049a2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0261a975387394cd57b2c7f5162b2540

    SHA1

    19fe85306cd71e59a7682d10e05c2ecb75b66ad0

    SHA256

    d84eb1459f52993ddb6da1153a87901611122033f293a6b324be9cb061a16e48

    SHA512

    a20fd4820eb28dd05acf8f4d2f02ef0c3d32e2ee7957477cad638848e52933d5a3f233631f35cf0bfebbf60e9a3abb0a02fb08b0436c977c0e69e1c073a89230

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d3d839b54cac048b3e6752c71680ccd

    SHA1

    bfb7812aec5ffd2170c9a02d125847064c48f299

    SHA256

    fe1d8d0c2c4b963301dd5449de3a6a1dff550c141952f47e6e0a79b9c13849e1

    SHA512

    29490d73ad97b564ddf18d03691ed8f3b9f95f9780dfb53842aa00848807ab20accbe0009f55a3fafaaf96b0e31999f70a7f111a9df1ec1bd1ecc8141cc0c267

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    474039f208b0ccb7f04827cff48c2fad

    SHA1

    61a0ddc3474dd7ea9a0920e0ec38f40b2c69397a

    SHA256

    66e8650b75ae3515ec5073a0041f4d5f9662b90eea48d51eac01ebf44a369cbe

    SHA512

    9ec3b3391a7bed34db140cdcc5ab5c13470a0d46f58b97779fa1137b014c287ea31dd7fc9d814d7f9f4c4d4adb6317a87945d0430f7a09cdd84d4867ac52cf55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e788dc795914b37ba135735f81d6d308

    SHA1

    37f6ed2203558db6fc44619617ddc10e0b5e6db9

    SHA256

    4e5fc78df0018720a8d3e2d4a4ede3dc0ba34b8b272267dfb58e8dd869a523fc

    SHA512

    10c1afd70e539cbacde4b41681bd1f884d6460b477183a11f2f0e41e9b43a2fbddf91c78a9671afabb3710546d2807c67026ba03457e1f4569bc262f276d6452

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff883aeb29760b6b7389d4116106c411

    SHA1

    acaffbcee2a826ec5ea69e45d633e2decb898ccf

    SHA256

    a3e2e863cf5a036ca9da2e017f28655a383f60ddfc4a8bc019ae61362332d2d8

    SHA512

    b2e789a4468db336b275f3fee4c6b33f5d1c2462a1f898bf2012b0ca460b202f9f8eb53c00dc23ccd249b6b96673ce725bcbab403a3337cd7d254475f45a6dfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fcf83a13a3330dc8da3eeda3809d2115

    SHA1

    21dcf2d4fb0e30e6a515a6a638c3a24526ba8b5b

    SHA256

    9944dd4279eb9577a6a7e4753a2ab35c609fc6ec517389aa7407ca792c9711b5

    SHA512

    1a58609ea34497d613d824d408baadc1dfb8413088c786f189fc0783fc35890b1b89d8e02d0fad101c815c9398f03e432dbf45c32a62836bf9d672ccbfa267aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c85c8c5072f241b194bcb8b2c65a641

    SHA1

    49ec893bcd50aa1e22a184c1c96d68bd2f05fd17

    SHA256

    faca0699d3d63087d05f4d9de8d62801d816a4fcca3eb1395cc3939c5dbc8a60

    SHA512

    f5ef80947dd9a2498c7120a257077f395529fed7226217198e9fd599731fc11b75c1f463a812fb762735318940128eee1fd84b978d983cc119710d0b95cb75f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e9f1fe8572adf425e49532981da61f2

    SHA1

    9f3a199a44c2cc6d51e62af3c71b7fc1c16b0b55

    SHA256

    82dcd643f081c0b37f7ba55975c5424aafe51af989c74893d64bac606c3791a0

    SHA512

    f9222480322a8ebf926cda54383a830276106cc989fa5e7168c05111925e3e372a4a08d040586c0bb810cadbad2b7b8cb33863765c6127a5a46caec34054b1cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    151715ff3885448477dab722db8d3eac

    SHA1

    3ea4458a593dda4cdcca399279e9fb5ee2d0790e

    SHA256

    aec4cc21f1b0ea62d8b8f193a7d56c91d769c14610c3dfc48e7c7d209ee27bc5

    SHA512

    00a8ed7a9bf4b364859113c7c5922128a6efb790b53f819b036ab1df81bf33a932c6ccaf12bd969326e1392b6776be0b1dc125636edf242333d162b0df4c0729

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5668ea1d8d4c16589cafe3d97b4716d

    SHA1

    8225dbf243c1ec44918e5d8a8df903bc4a979b78

    SHA256

    8cd6db5b8cec8116fc8b55802d21d9446d3943ee26270065f80768009ecd679e

    SHA512

    4996846a226f5a760e4ca84600fc3f983b73b23b389fde1972f3cd7172d9a64dc6bd94371b240899b21449afec51c2560039758e45d22b4f99add0077b76da2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7038bda4b4609e99ac328eb67f5c10f

    SHA1

    e8daed7a54a575a76939cada152fd0cda3f90639

    SHA256

    c7c13f2f041821ffd6af803eb7b22d61d55c9f658e2e9d1569f476426f208c38

    SHA512

    356268a7df248d1432678b6987337c0594dad02f00e123ae12a0a55d18686ccfe91280edb2d0f238342033b00e07383bdadd14562bc2959ec8156d40d8a9db13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87f78409c937a3ca83d44b36106f4286

    SHA1

    e85cb1930cd362bf78ae1b5825fee07eff491da7

    SHA256

    0e677f88b5ef3180d24906e36e63fa89cdb5a723be37e8d25044e0a46b899fbf

    SHA512

    70a3ac31f3ce7d08c774976eeebf02eb947f72b9351f4a00c2d19a31e724ba23589a983d39c8cef8190ef8bf4bfa4a6c9912db36eefbed5ac060149d9314374c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bea2426af99b2787a93717bdd4aa0404

    SHA1

    80a8dd9ab358ff00b99e79ba238112ff992bc785

    SHA256

    14f80c470d03100fedb560622be0a522e8f40831eb25544d04b6a6b48cb93e8e

    SHA512

    e2d37067088119b979d6c523aecea51e5a5b58dc1cb84f74d6471034bce00ff694707377a3c8fee34ec0598575a9f8aea0af2a75cf556f047c948a44879fdf0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1e10bc1190f1018decd4e77fde774d2

    SHA1

    99c589dd953dfde7ef2ebcddd19bf986d44e3c92

    SHA256

    f05126a4bb01ecc560be3d8fb4939c013e242c24813578f174883cb576581759

    SHA512

    68b455aa189fbb473a461a66ea96a47d07fde13fd8c459fd5bb94450e398fd72e8959f9a63e62c4137c1a792fc5e757706cb1e0d4bfea9b9527534d46b765303

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7bee2d1792f616fd22d612a19f781dcf

    SHA1

    12d71b629be62844c00e0af7c53d06fd7d8d291b

    SHA256

    9dd5301be673eef8f372bbd51451a77e98f12943fdd90eeffb46f9ac16ae49ed

    SHA512

    b67536c6efe059546a3657712ba94ba665eaaf3bb23ac8d11dc5af076ff048366c41dccd4b583fc218948c5c2b3d3693c81c89edc8e40a21b5f7ace77bfea3c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bdc5f0e08387d5ad165ca4b190e2118

    SHA1

    3a6fbc69b295fe6be2262eac9a4805af48f5845e

    SHA256

    23f40df8e947811ec091039618a84368a75adbc42b5aa2e56b191762bc66860c

    SHA512

    dffb8b24614e75cce352df364914ea31bc628de82eab7a93ebcae9cee6dbcb5020b98c8400ddf2bb2aa1996d9bbadfdc9bff3984daa876425e54c34944b19103

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ba844b913878b0fe8eb9c8f7cce7f5d

    SHA1

    111498b9b82ae46c633e2907a09b6fcb4d532abc

    SHA256

    1d3d4f9be3b5d168f7636d61d05a9a143d8f248f6deea8feb6807e832e257aff

    SHA512

    c8e72f95532ba34a8d069ff426495a24ba4a6b856b3b42acb1e90545d2295cf1f8de51d64c357f4b5d2e832af2f39441e65f1c3704a9f4d4dd43b5c63168479b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34c061320a56055512f605a47905aea0

    SHA1

    2f09ba78764d0cd1004c959598ea904387af0227

    SHA256

    66800e5d696666811282828b66c526d44faf45cd17c5c58fa5d2cee77c3fad7a

    SHA512

    8ec1f87718385c77ca9634fb66df2d2f20ceb8bb00aed8e001ca05fec7ba95201c7966d3f0149623b00b094d3fc4117e156ccdf3ea8162876d5a73cf093bd29d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E7D7B091-C96C-11EF-B462-D60C98DC526F}.dat
    Filesize

    5KB

    MD5

    7544fede39207455304bf7fc3ab1f1b4

    SHA1

    ebf8a1212bba746c20470b97ab047403d6e7f404

    SHA256

    d79293882b95c3b48482d8d68f569d5f35fbea3b3a956c9b7818f6212f72571d

    SHA512

    013ed433b9385b100e73175d277ec962b1c6d496be5be9e4a2e0a65ed429baf59bce28dc6d97ed97b347798a38f314ec865ca033a84efd14cae4a08c1c5dc22f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E7D7D7A1-C96C-11EF-B462-D60C98DC526F}.dat
    Filesize

    4KB

    MD5

    6d17df9ea845e77981bdc2163c0a5946

    SHA1

    d35f04d059771ea8ef8364009f1a69795300dab6

    SHA256

    a7942739be53494ddafc96d2950f5187a02322f3c046d76e01187ee5869db989

    SHA512

    479e4998a4460ef003a9e34c8e2a9289a7cb0b6ecee1e1a82ef447eb986ee9e7223b3f0d9018ce6c7c837e1cbed6c680b5fa5cdddd5d7659a92ef2b1f052b0b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEB7A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEBEB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    132KB

    MD5

    ebc35bf5774a4b75cd45638cecb74db3

    SHA1

    3a4858d3ab2074b6d2d5a999a7443c683af2417b

    SHA256

    52c970b575040b26c6c357f1aa64288544578a229b9be70acd0f860f55cca346

    SHA512

    365feb8dccdbf66ff9dd5e1aa08126b0c6da0cb1fe6cf7a986cbb6c66928f7c3282492c11946598652e18fa695f7ea7021cd3f5943a20650e9efe829a0891ca1

    Download Submit

  • memory/2376-0-0x00000000750A0000-0x00000000750CB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-11-0x0000000000200000-0x000000000025D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2376-3-0x0000000075070000-0x000000007509B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-1-0x0000000075070000-0x000000007509B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2376-22-0x0000000000200000-0x000000000025D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2664-13-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-12-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2664-17-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-15-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2664-16-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2664-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-18-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2664-21-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download