Overview

overview

10

Static

static

1

JaffaCakes...0.html

windows7-x64

10

JaffaCakes...0.html

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_79687b0e0de5d1e4accd31ba533f71b0.html

  • Size

    153KB

  • MD5

    79687b0e0de5d1e4accd31ba533f71b0

  • SHA1

    eabb5e3233cca2ab1486aecb2ebc239f3835f994

  • SHA256

    695a5533b4f6fb836a3addd0f639eb4175f5bb5555ac1a9a09ce537ea50e0b47

  • SHA512

    54446e79bf2b6d2ee263ac74356b2aed453babfe592645704f97f121bd8f1e36fc61df6db9fd148b38090cec65baa89978ee6969871ec7bd3c33a93f6026512c

  • SSDEEP

    3072:S0ubt0GgSuyfkMY+BES09JXAnyrZalI+YQ:SzLsMYod+X3oI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_79687b0e0de5d1e4accd31ba533f71b0.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2828
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1660
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2720
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:537604 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:580

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ba2257412afe068be9c9960a8f6c9f17

      SHA1

      03c7600e5636ceb46b148c5a92c6a403d89a1919

      SHA256

      9b1e81e7486f6c76d51e211386592e5dff72611e62c7afef6270bdd120913740

      SHA512

      cb2eb6590da3c252e217206c3f0a83316a544da6a529604b0179da69ee8da97a05b5f483d699146f25fd77f837ffec25b11b57dbfac295d1ad7ce6dafc3f607c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fca3708e663e7bf39bcb24f741f8a400

      SHA1

      ab84312ea5bb31e8ae8ab26056dd35fe169746fa

      SHA256

      fb120c8ae02eef14f787d06d4883896f902049dd94116312da060b5d58b19381

      SHA512

      475782117abf547c4b8b188aa116201d9eddf146b0c8664f052bd0a2b2c517e917257930ee6ac8d6ba94b635467e69ee31fa1eb0f6edf5a3a75f1d1b45432f42

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b1a351c284d150183dd6214cd7dff044

      SHA1

      63d4b6b4b6af6bf5af13714097b60da2d776d782

      SHA256

      1a4da4de7ce891daf2e5e0e7d0e3bd3f226c9bb8bc2d903614d61c9f181edfee

      SHA512

      d32de4bb0e2c43766c7ec07cb169d14894f8c7b7b716b3a922a3257662d8fb659bf690ee88a2abafe3db8f6cb5203cd109e0fffd68607429ad3aefd959d78ba9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7cbf7432d598d68ec80a4dfca585c84e

      SHA1

      ac07151fedc8fa4850cd3b1fdcf6d00660fc740d

      SHA256

      69fa8a6070076defe129d9df9730a3c0fd3e31ea1332af60a1531560c3f69289

      SHA512

      114246464fa4ef07f773074776a7e03dd0b779c3700d5eeee25ca45806457147da3db9b024b965cdaa56a34c4d51f3bb7b37790b7c7095273e46aff76d7aea40

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      345d8f1f5bd7a7d8363a431588c56f43

      SHA1

      d5344fd3abde54bbff1c588d343a34b8de156c9a

      SHA256

      3fd518f7a69006d52c26545f23ceff9d46246670dc4216ecad2bba4eb936818b

      SHA512

      f9fc3413dbf58e823a6b9ba5989068bf2146d4532dd00eb0324105460c1a9e9769f125ad7a1e21020125f51da0051edcce3f6140a96c7b7ef22cb28197937129

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      619789d6f752b302834e3d7fa9b71006

      SHA1

      9d98fed7ccc656e71ebc3655343f140a81d20d55

      SHA256

      982588adb7446843c38f0b201d533c9bf4ede555bcb87e15c4dbd7d719d56906

      SHA512

      e412e01e0268e8a9b6f29c2d6cbe6db1da6f6a4b3fb689eb00cd40e4c9f986ec300e434b5ff190c32cc01a215de6a95194fb4ee1eb47d20db3e419ea36e37337

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f9d9016407686e9326c6edb9bcbce91b

      SHA1

      cc102ab1de7d750e8542551d9f49c9a8b77da68d

      SHA256

      7e96324da290c8ddc57ef2570a3d5ed6faeafb107177fc21af9eba119aef56cc

      SHA512

      25acab76cae68720b73ed0131445a6df823c6cf104b1128bd2a98f366154f41604fb037ea99b254c8e112cdc4a9ab678a5555a2381d4b70191fda0c3ad9d0cd8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e0fc74e707468cf75781d7f2fd2b49de

      SHA1

      0cce7ad3c71599a7774bd2be000b333a3a19f8d4

      SHA256

      188cdb0d4341366b7d77e5bda12a7605ea45d8dc2a8d12b329a55b4fc5f0ecd6

      SHA512

      712eaeb6f5205f01d8425cf43050bbb89da3f226f42b52f6e9f1381e3ac63c90f7e5109757c157479f4bfe239a3578dac10a8a724afd80cb374ecea105dbd072

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7075c70ee2959a4bfd25659a4854c0ad

      SHA1

      59a77852fac450991a2472bcbd2db7ebcef1e1f8

      SHA256

      01777b7a4e824564a745dce396a1b7465a2ac95c7823099b6e592c99f3d3b4c0

      SHA512

      caeed2febb1861b7a85adfdb666a7f65b08a09624e416ad8f7d78e5abbabce34219b151e8177b1ee14960c2a4579601dac7961306adb5c202a6624962275e191

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6964031ece2defe47184908ee0b337a1

      SHA1

      7f081d078dcd98096438c8474fe48322b20033d9

      SHA256

      0f3bb77f4d20be0be0f653004722e972fb0b2baf75633a502c2b36d9be6744c0

      SHA512

      43e6c4f20fbe4181e837cfe5c67d1913c065e3f15fc6435909d20048bc34b6e0ea82b12f38bd65f5e3be7baa5f07895d4ecaaf79891b0b85f91b352946240879

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      77df37264fc7d07f5b023d026decaae9

      SHA1

      45329513395b2f76a887a622ef6dba7771f37322

      SHA256

      7b7c57330a29215ef847cebaf3c7ac25a936782473fc1f500fe8e5aae8eba3b1

      SHA512

      8a4b48242ae6c179eaadde6856b0448b44fce0d4af2256fa9a80cb62485a784f22de04a5b2369bb83c66f57fe0dd35333ed606db1b34ea75380b0eb328204804

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      354cc1e4cd62126f928b166549241c26

      SHA1

      ecf346f22d5c043b225351fee7a230c99eb67d45

      SHA256

      f97d5d80f92da09f17f8970cbbf289cd8dd0eaaef2bf6a0e87c9fc2caa065e48

      SHA512

      c06629e5d74016813bac4ec743dda31adf8d012aa580be591d7f8d9ed3f58ba6379cd70d356e4bf0df8982c13a49744fff7f1f7f42a834c73bf010500fa13995

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      764f58c7a4ff60497e02fe69017f6f56

      SHA1

      5fc56448727fe72c3f216d7d2a00d41a7abff6ef

      SHA256

      8aa44d2b9132974814a13473b558665522246308966c3400b5cf45b94b0a96c2

      SHA512

      d7ae34fb8a183b9657530ed8a1c4dc5d94d2f44b58dc059d972884f3b6294e9b22e0985559abb89a20d7b7336b7622c1f0af9f39b227334ad82c683cde4a030c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      819683a62a7deacc8374e8887d046506

      SHA1

      f4b7aecdacf8649046002cdf1420b58faf0bb3f2

      SHA256

      e944a5e5ec14b7647e8d10bfe98e2cc608b762b3bf67f422ec295644c880bc92

      SHA512

      7e49a69af526bd18ff6223880499443ad6db29308b2413a4f313b599bc3be8f08e3c56172ed4b34884ed7684194fb40f21356a6d23577239dbed7332fb062b99

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      35deffa69908e26dfd247cf6556f8c4a

      SHA1

      595ff5682ea3ac5b3ba48e2ca1851ce232203ddb

      SHA256

      bed617796abe607f375039cd24dc8c27c8043fbdcdce84621ea4053ecef246a4

      SHA512

      5096e124326553e278dbb3d2aabc2b8561897a215c46e024e3e06e7743d7a3a71695be86e0bfb722a58cebe7712b9dbe533215262abde8b1f2a920656a91047d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      180b5ceae48da60725694178d6b8cd33

      SHA1

      36569f2531659685bd9dba7340aab3e38a7a7c61

      SHA256

      7b01da186c23aab03ea50ab5a6b3dece0be0201378973503f52156d1c40ee845

      SHA512

      9ba3df9056a058bd5a99d32ec378b820d50ece01159620cb0228cc0d9897bc91a3df57ed8bbe062148a03a9620a32348c36f7a70a2c4a54cce312ef2446b9c13

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      938be5e40422e1cb364ef67d3b71b132

      SHA1

      b2d0fe054ec44d1ce8b0568e6b571e17f2d314ce

      SHA256

      ed2091d07ef55a170473449181473054e1027a800b49561a0f42f532c1adcea2

      SHA512

      59b89a85ff67635b7ac4eb2be97a06e005ae2dfb115085a9a96df5f226145150204f39aafc15f8ce6b8345ba9de472372fc2a4afbb764a6f00dfda75b973b95e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      921c2e2c26b289028d7bc9d1525d2575

      SHA1

      33150924f1126e821054dad8cf9be3d62fb00f38

      SHA256

      1e4b0469d7fe07dbbfc0d31fc626806189efd1d0444b7d979c2cb201aced99ba

      SHA512

      64b5f3491c1d73d90d56d7dbf51369582dac0747832cb2a3afe04ce0a262beed2ca558ceefdffbbaf1f635108dc693200232cd1446fb5301aad137db5eca6057

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e1e1c054f816ebb1206b3d58e10cd922

      SHA1

      b40b0dbf937f140d62db36c2b6bd3adef88f5266

      SHA256

      a30768b9358827f1ffb841b1013431c8512ef36ce16619db6376ce45b33e04b7

      SHA512

      7690049671a94b881afe73adf5e6290b8fce1441d15aa51aa8acddd2d9144b50d9f140dce94da3e4dd7fa4b8cbafeed8790f9beaefc4b32b6604c3e529035eda

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab801B.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar80F9.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1660-8-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1660-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1660-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1660-14-0x00000000001F0000-0x000000000021E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2720-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2720-19-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2720-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download