Overview

overview

10

Static

static

3

JaffaCakes...50.dll

windows7-x64

10

JaffaCakes...50.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    70s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_796094b4207050e77206e8bbe1c4f950.dll

  • Size

    428KB

  • MD5

    796094b4207050e77206e8bbe1c4f950

  • SHA1

    399d1ab2f85b5cd4e2561928cc931a01ea218af4

  • SHA256

    6e2421522ac21d7db8a56e099db37f365e0c8cf216685994a1a80914031e437c

  • SHA512

    a07f08c609dc3c01bf5d69096b1bb45ccc45756c8dca75931cb44bec499ed3ed4be9700ddedbe27e8009cb91f71a7561dd8a1efb786684c52b38b5a194e1cf0b

  • SSDEEP

    6144:L8hddGKYbN+u8JWLUOKXR2R1PIWOokiv3bfz6twHt0ZkAKkUFe0rZlif/onqFHfY:ohdddJWL+CI1iP3N0ZtHUFe03iIqFHaZ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_796094b4207050e77206e8bbe1c4f950.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_796094b4207050e77206e8bbe1c4f950.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2860
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2116
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3032
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2848
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b9edeca3255ef6fcf4664ccd3c06c07

    SHA1

    036d0e824d39aa66768f7feb51be85cb3828b1ac

    SHA256

    8368dcafc4d8b40d78ec01ca81ef994acd43d71ca5c65ca272c47458b35294ff

    SHA512

    66913a383a65a8c9d55172a7e1687909805176cba315c9d1b27eb615c924eb89bbc9c6c5d833c404f012d899187d990d35874a730afd92bf4c0ab4694aebd062

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd2d07daeb5b6f6ad0df7911a7002963

    SHA1

    675a39d4a1ac058b6e55bf517ad771f9680c3309

    SHA256

    8311938b896862c8e1f66fbd791a56b0d58985d040110a58ad3a50fb70837f70

    SHA512

    af8d952ee1fd1d14fc4028b09503812c0f39d534911e1cb862456645bd1f7f65420a3a5b957d24521640ed6e56bc1620d4fcb35ea2f023a7f8d02277f8fed61a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c67f222babe2d5da3b8d7d1b956b65c7

    SHA1

    b1407b4bf8a68c8058af59257810354ee297939a

    SHA256

    9f9818ef616247766820bf8e2468266a3764a6731a38ce41f1fb5175b356a961

    SHA512

    c2d72588bba9f6ababb22aa77f05a40c57500a742ee2670c0bcce52ec2c2e002e8b59559580a39ee345b990dbe97a4a0922d757d59d3dbdf50ddac7e1e669575

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ae6eb4096839fc2c6c19b6496dd3a53

    SHA1

    bdf4b1af9d32a10f9483a81b68156f290a4c033c

    SHA256

    d2db8fe26002760625f799c10ea2f08e76c618e6ed0ccaf9fa06a5f6837be7d7

    SHA512

    88f9803dfd307f8f2e9392f6f1435534663d08d65db4e1ab392119f25eca7b292e0c10d991d121108fdc61233e9258c612a87c272d46d00bba2bcf6711600a8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    892f5eaaa1c19b2ba152220ac569e8f1

    SHA1

    147805a3f0ce35dcffa8c22e7afd6a6530642a24

    SHA256

    e16f7c9039ca6f38af319b8f8261431cb10a181eb171931828171f3e412b905d

    SHA512

    dd51402e9d971aea12f8fcc5bb2386ae9d72947635e9fae4b06144e68aa487c445b200cf3e37394d125ec019b7b9a98a511bdbed94c1cc6fdc4f29a7ccbd88c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    254c76fbf1cbc3658e333d6397486351

    SHA1

    4dc5008424ae52eb0429891424d25c756c5566b0

    SHA256

    42e05a15cd056c42702eccb32633d6b320f343c36e10e86236dd2d9a358cbe72

    SHA512

    e6c6b623cb541cf11e8b342e5a786be8058f7e2244ec7a12dd30c17a4741f3840e9b669cf0105d2ce98660745d0b5124e6547854095552c9a31e4e236a256104

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1dd5c595432bada82d87835a9943092

    SHA1

    12d217a0b0eed6696763338460a94978053f9f29

    SHA256

    62bf7748cb2f7e6347cd8960332518b42bae97a685f50e99cd2d2716a49d24e5

    SHA512

    7b3bba11baee0de2463df18d0eb97219cf46409e635ce9b277edaea27db38ac7d8ae2b776641eb28266bf443404710799717fb6646713a0b353f5a7b3c50c3ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b2bb30e56038927128fd83887ea564a

    SHA1

    50271374771b4638357077cf3514478cfed28853

    SHA256

    2b2ad4facc988094486b6935b021ca795bbf31a17ffef8ae57f29db44bb2007d

    SHA512

    ae6050ff05bb290ea59b51d1b9e87e7589c2a87072911cc2d1db6fa724feb48b108f2b826d0f449d70d43140531f5be088f0d3ae8f09059b3f95f95dc19531e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6fa67c74ed5fa0ca552b9a8fcdbae11

    SHA1

    053bc5a4d3ce6f84da771b26038b962c53537281

    SHA256

    9fee6b1b708c46c1a62e2b9d6725b00e2149ace643fee40f27479368a8d0ed76

    SHA512

    5a3abd95414ae36a09114413296b4ff76c68878aa36ae2054b5975fcfde53ee490ea8f2de5e180f59a487f7fb380ca2f4fc4928bc3af9ac46e95fcca05cb3f3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3cf24257656d65a71b664d8dc5fd36f

    SHA1

    f13f2540e85f7c8e8f5f5878b3617f61fea8a5eb

    SHA256

    40831778eef6d671347bb0f7b0415cbf631f6366d7184adf73e9baa2ee28b134

    SHA512

    c01a1b11257259f8e6e1a245de2c60f72fb2ee7d89cb7a585d3d2fc5fa6bdcfd0554bf0d0d7dc4cd4f2616843807614e77249cd105c6d53a974dcbe3cfc688b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3888ff7d326a222f8dfe0ee212dd3207

    SHA1

    242524d7ae5717b8047aeb74484648bb82a2ac06

    SHA256

    3b1918ad4c8910db9938c724fd682af334d691bcbe5fb28d5474cc1701ee61e9

    SHA512

    fde15c905eaa2933898c194f1527aea684df5bfdb41fbe5991e9b57adf13f33db795534abf4057ac808b36492b3f05c08b2dafe8d5c3764c82801ee75d11528c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8334aaf697abdec41343312e5668c39

    SHA1

    e4550fdd43951f31f3862c2997d558703321eace

    SHA256

    85d9bbb660c368609bd7e17f134391aa660b390e33fd7b3d6a8b08abbc894db7

    SHA512

    88b5b96739853b42ee75b863a8a4ed6b46caf59f99922856a7afeecc87fd535bceccec2bd68ec2197e6276f1795590d687dc12b83a2527d0374d2da974627c25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ee0fbf206c70af91c3d93299bff4d8d

    SHA1

    0ff49c44d26228a3ed141d410a1de3e9f66a41f5

    SHA256

    7b4ef84e4fc918351f278e13a5dbe64dcff104499a456c84ad2b39460f91d36c

    SHA512

    be581715497d5a3fc7fa228b3bff57ff4f084aedcf48d7a106fc215fb2ad0bfd361edf7d5c36eccbe15ab09c2d479c3735d4796691ebb9df81067d8249f61a32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc5d395266e9ba74d29e8cbcfdac04da

    SHA1

    2ba48190ae99075ec6fecd12c432b2f1e5c54fc4

    SHA256

    9d45d93824f5726409375e118ee808cde428f82f3b9c864d3add4391ea97150f

    SHA512

    f5f18091f349fc0faba93d54159fe5350ceba4989c0d36826bd2267af75a64f163e76f982701ab55dbc63b02e70945d7eee67436ab48459480a1a4e892675818

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07e1caf663beffcc6e77e5eae850cbce

    SHA1

    72fd5d7f05ab60a8a4b3d06e0aef7cb38936a0ca

    SHA256

    81b637cbd671ec9e16a11016f0baecebb79f8cf13f016457158713cbf8fd468d

    SHA512

    4a9113452d6b6a15f65cb92eb4bcfbe7ad0de4923bbd6c2c8298aa9cd84dfef6f1b3baf3bbf56b93b2ce2a5958cd7558ec4f23445ee095cf4b4a219a00e3cdd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5945d5997234705ff54328f247e54447

    SHA1

    26742d69e9e9753362d4d61727dd7758e56a88e5

    SHA256

    efc464fec4c3fe022c35543475836d4d580a7021d0478fb73f41797e916b6dcc

    SHA512

    668790be89599c3aaeb5740016d11047dca4dbe53183b4019042bdcf0be1aec0ac7010060e8d0382d751da82f5f7d60f8c5a0628af35a53c54fc4cdab7c07234

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2801749c40363e0b931bc685a50ed821

    SHA1

    0fced5f0c0c4da5fd6196641fad5de7cf616f6ca

    SHA256

    0e0576c834435261f7c641f6c4383711841cc8e3fd693b7a7437ce1ff92596bf

    SHA512

    d05e007409688308575807327826c954a5f10c831d4e7f8c26e038cf796c117df3dfc20a4bd1e0a28e46d91023c7bb582c8a48888fe01c3373f4d0053130ac0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc582b6f6d2f9e6919636dfadecdb016

    SHA1

    b6f1c8ee377c1d7212a104d6ab81f9fc9758d339

    SHA256

    c157a608b3d0cd1b8cf292de3c692ce97fdb611c20503f6b9a197b4afff0efca

    SHA512

    f6e3baf938934ce7a7128213278f122620c6b4a58d580050be77adf22cdf75b3306ef395e398e5e53f28273789bc10e6b5aebb41bde3a018755942aec658ce98

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3693EBB1-CA8D-11EF-87C7-F2088C279AF6}.dat
    Filesize

    5KB

    MD5

    77adb8eece51419c075c227a291aa482

    SHA1

    2a19ea36e3746d5f2c110dff6329d4aa91cd07d3

    SHA256

    91e4130e07e4a1a0f8513b5aa3a82cc0e8430952292ba055666f5f5bb662ad60

    SHA512

    83e25f7ca49ba55699343aad13947f96a58169954ca39e4b6119f948e62b23a65e2ae7182aa9d608cb843073266b5129246fa61f5816c5662808c6d6bd785a43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1077.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1136.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    276KB

    MD5

    5c11011d9e46b68c01757c328b1c8e92

    SHA1

    751f974fd2bf7d4b8bacfb3002f9ce4dc1093851

    SHA256

    581843b7f921b467bcba8b9b8343b953de41f5808b2044472c6e1768d6a469a3

    SHA512

    9edbf961b4f633199b7ad6bb9bc33dde3bb1fc6fae5fdf5331cdcbff67b1039bfa1ab0abc601648a17aaf7cb305037d23a616d966556e075f07a5fb86931d70b

    Download Submit

  • memory/2216-11-0x0000000000770000-0x00000000007D7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2216-2-0x0000000074C10000-0x0000000074C7E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2216-4-0x0000000074C20000-0x0000000074C8E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2216-0-0x0000000074C20000-0x0000000074C8E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2216-3-0x0000000074BA0000-0x0000000074C0E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2860-19-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2860-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2860-15-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2860-16-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2860-13-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2860-17-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2860-18-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2860-21-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download