Overview

overview

10

Static

static

1

JaffaCakes...d.html

windows7-x64

10

JaffaCakes...d.html

windows10-2004-x64

3

Analysis

  • max time kernel
    73s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 22:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_7cb5243eb88064cc805d0f523a888d4d.html

  • Size

    352KB

  • MD5

    7cb5243eb88064cc805d0f523a888d4d

  • SHA1

    c7f0b045febef5e142db8739b7471603c51c3ffe

  • SHA256

    8e49f8052620135a7e55c3dfa28b5d88fa83bbf43c45196249e4de4287c84c17

  • SHA512

    b7345ab39cf49ea3d781936781d1cb54bb19c07e39bd1b7ff68d7ff092395a4e53a7864506cbc45bc6a7d53a332737033417fe50b63836dc213b000f4f313b0c

  • SSDEEP

    6144:S3DsMYod+X3oI+YpsMYod+X3oI+YrgsMYod+X3oI+YZ:UX5d+X3L5d+X3hO5d+X3f

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 7 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7cb5243eb88064cc805d0f523a888d4d.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2780
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2552
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2840
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1128
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2084
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2464
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              4⤵
                PID:2524
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:406533 /prefetch:2
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2328
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:406540 /prefetch:2
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2988
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:5846018 /prefetch:2
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1068

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          51e2a00b930e062906c589ed288ce4d9

          SHA1

          c51c8a20eeb3b744e723d4213ac78b77394d1f62

          SHA256

          b730815e4bb50d52e934fe48eaf74b2b534a55af04d838d8cd0e263af6157a79

          SHA512

          8003a9a9da21464bee2a8080512e5c2dd7d05ab51610a9aebe66787962c2cbd2f3e96f5513f8e154b937505c6466c2a653d8a796055fe19bf07aa029a3a755a1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b7fe005245281f37b57e50a7b29beb4f

          SHA1

          f129752804ce100b6616c6450510c3c482e38290

          SHA256

          157f87d8ef64c537f3ed5eea7619d52fb5f73bf163622ab1523342e04a6a8db9

          SHA512

          ce03dab1e440fa34758def9b1b3ddc3c9e3ea4ceba09eb6d8096ae45e42ee72d781fff00b6353d6eccc8effd1f6d7c0bef492a43a16167871756ccd3f59a21d6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a3e08dcf8cacf2841b303755da13a281

          SHA1

          ac1891392505bdede852302c3defc466d99963e6

          SHA256

          992e737dad2cfd0a7507e831148b3aa71c0860ce9d6afbc0e502edcaa9c9e8a7

          SHA512

          8b564d8c3a0efd7f98b8dde07744abfc8a76fb7a41277f215f9ed1f38e8ec648b4727aa51da9766e210e641b2167db47c888c013e494a3e947552bfbfaa8807d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3a432bed16269275e229dd78c36c6b9e

          SHA1

          b074cb83a4ac1ee9641b4d138728e5d9d76ede8f

          SHA256

          b112c244869ae5b27483b6502dd0497a056e52ce632e185b3e320f9cbfd89f5e

          SHA512

          84cb7b275ecf62bee053e2a3ba5a80928261236256bd5cec00674a14c44da1b80ee96a81521b0d8880ea68b70ddb087cde71f6188b7f99c1079a7ec195741265

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          853ee982cfde7393b419e5f5550e3a8a

          SHA1

          283ae917ee709c7d69956de88df2c72927b26cfd

          SHA256

          1230ed98b71f5c295f3a6a389184686335f73dba2a6f5fde5ea278ce73f9ab2b

          SHA512

          4c7efb75c8fbbb3773d4faebe689d1ec8deb18ecc745721da8a0c017d51cac5e51ab28a1df916dcf6eea170abb2c48022308b833fa92b367820d78b16324b372

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          31e39646a16ca93c1037eb9a23501f0c

          SHA1

          550f84fe7a49d56b077ee626e1003f8020f61ff0

          SHA256

          b180422ce7765fb92f774d016379482c4550f58874c0259151af82d941b45f8c

          SHA512

          84b296422040d412957bbc3412155fc819ad173a787b27036bf746ccc57ee242d9bc1cbbbed1dcaaae4797ea2dc2da780637398615d43d42dd3baa87690c6fe8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5e276cfbcea897b2108aa6e300db1650

          SHA1

          e84b7bbc60715870b528acf71f630e50b36ab3f9

          SHA256

          4e9c6eb870ed28015bf2aca6dd69b61cd02e44ef12b03b45d4296f6610fb6572

          SHA512

          9b92025f3c429e616628d977acee8935d2612b1a26aa1512de08f2b8b7ce0867d2bb3929e2ecdf819711a68247a317cf2cb11952307f3a9807aaeea63de8763f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4856b0b90cd63cfb6cc150603953b28f

          SHA1

          3e1c6edeaff2582adb258ccec68c69451ed6690b

          SHA256

          231409a092e3a57b319a3bfcd6cb5fe1040b5d883f0c439536a8620c312b5a75

          SHA512

          f55bb7d40df77fb8b3f80c16b57cf953497c3b3ea5092c03322739c35fb122e34d0d6cf64a201486a70818806fdd5accc06d4346169bedd53fb52680c110a7cb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e523e882448b5f95937a358cf7b64d35

          SHA1

          02b4cc75e91b8f5332a1999b425ff2d09f2ff2fe

          SHA256

          9cf429261caeb14995c05cf21887ea618b67c189dcd821bbf33f6d2549c8c114

          SHA512

          6a7c23fef5c5ccc0e25fa21e8b0c6583c7b6514ae29c1375e18a2108f3c42b776aee6124c6ca6425fb1f8b6a1bafe458c2dc82911d69f2d60e8a5a6de3e11e7f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab590B.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar596B.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\svchost.exe
          Filesize

          55KB

          MD5

          ff5e1f27193ce51eec318714ef038bef

          SHA1

          b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

          SHA256

          fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

          SHA512

          c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          Download Submit

        • memory/1128-22-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/1128-24-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/1128-23-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2552-19-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2552-17-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2780-6-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2780-9-0x0000000000240000-0x000000000024F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2780-10-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download