Overview

overview

10

Static

static

5

JaffaCakes...39.exe

windows7-x64

10

JaffaCakes...39.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    121s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_79a5c65b3419e1cb4c91e99300fd4339.exe

  • Size

    247KB

  • MD5

    79a5c65b3419e1cb4c91e99300fd4339

  • SHA1

    27e7df2d62aa364192c8d895a3aad4a0fdfb4f3c

  • SHA256

    25c988c9776dcaa6837e0cff96e4a3c3e306157c9051a09a33f6df7971ece7e8

  • SHA512

    01a9291ad2cb9be3c51c79f370758bc12ee1d88c82458931ae013ba7a64a1a2029bea707a9620ec1b7e97de20708f331920bfa262b23f5f047463818dffc900b

  • SSDEEP

    3072:uwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8cUykeqKs:uMzzILGFkzhr0pGj9orKs

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_79a5c65b3419e1cb4c91e99300fd4339.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_79a5c65b3419e1cb4c91e99300fd4339.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2080
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2820
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3044
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f46393b79f5193407cfb5d5be7b8fb6

    SHA1

    0293ac6b00cf6f28c1d3a19f207a0286cd5e39d2

    SHA256

    bb962adb81bec32cc3867cd30e4398f665a8bf3abc088de057157ba26eb78686

    SHA512

    b4381b713c0a370b00355fd074bf6e99e290509ae82eb7711349ed661cd8a60add253519c2208675ef80f0b6df393d53d7178d3a68a7bebc93d7da759ede9fea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6173833c76ff8db187ba4bd2678425f7

    SHA1

    19ec1e7143d65b828452a01535e3226c2e18dcd4

    SHA256

    64c72625a321bee5314622df503e4995ddd1ab2ef582af3186a742b779f26a79

    SHA512

    b7c1a6ef16284041f65b896fd5821de7b78b973170ad19b1cd90f5d5015cbc6282e3c6b3adf52e82a2b25031e9c66528e5b4502b8b8738cdb6a8cc569a3bfcd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30b96b65cf13cd1a49ab3c601825fbfe

    SHA1

    1c30679573884559a311f6766b4c3fa4a9ba23aa

    SHA256

    cd64cc05071d8ecf8e3cbe1bd50f5269b8ae25f9c18409104a8ce79b3e0cf625

    SHA512

    edab25bd21795ebde29e77575603af2ac989d3dffab8be929848a94e8dddb01fc2fcad38eb03849c082e98093cc8be5b8ae0d1c172694057fa6e15db26fbaf1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    662afcf1e5b1e03c549ea15417c30f80

    SHA1

    307f1ab7eef398a2bf97e7164ee2a6aa8435bc59

    SHA256

    fb85a257aec27df758ddd52246afb8deb6735794be33ad3a74d7f501aca925d4

    SHA512

    5af44dd79b9a998cea791ad4dc9e92926e1db186ea17b3ee1f97fbffb9f2237e8b47d02895ea0be9beb6486562aa0f7e52b81cc7e30c9b2eddfceefff392efc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd0e598b0032e92ba4809a4f12297cd1

    SHA1

    1c1bb943cdcd25fc83e9adf57c5da6d75ca69e1b

    SHA256

    21f562e6a8bbb1d2b3839e9f2816d5ac6f23806d6e44a76ec6c3ae42f9fc7174

    SHA512

    d6ec6ea0d19178a430271e26131a1d6e19663a9420cee5c693b153ce373e43f8c6ae7e6536e32fc70bd0c8069bfa968e4796601943a5f67ed22968cd3adabc19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ffc9ade382bdf2478081b1a6bd67b68

    SHA1

    8b24914e51e44a51780b636dc7525833ade7cb7d

    SHA256

    b100794644d9510220aa66115a0ae61f850d1403529a87955b986368ee8bdf53

    SHA512

    dbb2b5cb01534c04bddff341f7bc87015ce690c82c4bd4cc6cd8893e805aa36e2977ec8890793cf5354a47cfe8fef1dcea6a0acb5d13ae873a65351a0fc179c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc31938f31af6aa84efa96152793c76a

    SHA1

    abbde06b31ea19cc5759f3941838bde30cc95324

    SHA256

    d8af8cd1b2e0ff54a9d96695d81f323eb83408e9b8bb8450bd1d8e72c9fdd574

    SHA512

    14ea68c3c74bb2b5956c6297f4a269701fd8aad31e668853af7796c490c61764b6c39259d6677a5bd80a522eb127b85fcefd84ce850bdf4940f0dcbd6120c9b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49e1c142ca970c3cbeb572156cbb6a9b

    SHA1

    074a9ba23e403ee5698a3647709508cde569e81e

    SHA256

    174d70d1fa109a2ccc0ddce285419922b0a89275a1fc5f5231197ed71189b882

    SHA512

    6c25fccce5ab9d320bd3771ef71aa4bb4128e17aec3f88b476280dfd70524a023a9c98f915fc95904967f86bdce53171c79030e04015c952c15e0d133877ef7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4cd2328df8041da94efbb57a3dc18c92

    SHA1

    5f393afa7321c8acaf9a49c2a2e399ba83c92e2f

    SHA256

    2e1fbb3307f4a972352179fbef0a944752342988d797422daeb897d57122e29a

    SHA512

    123ee81e7a61d4013fe24e3c760263143095409fffdb02bc73cf20a1e48f9565d828478a174a88800b7a967c4ec61bba18d9a5d28ebd552347cecabe953863a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b60e35032f5a979b676ebe197f344cc

    SHA1

    c9fe7f7648d8e70bcc61dddf30163dbff24f905e

    SHA256

    a78dc25d52745f17ae75e9bf99854d5a22695fc66ef8733387a0fc7087be303f

    SHA512

    1cd3a7756b1e93ee054880092acd680384757e4cc255352f0a68b1ff203c7a219e70a3e9259d72f3f31e7ee770252de77be4abbcd9dfbf8204a7b836bf5f1add

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0f04603f6bc286a75fc443c6583b4c4

    SHA1

    afc36fafa1ae65bed550a201f61ad21a4fa5d929

    SHA256

    3e11b2c23b2b1f5521f0029d821ee187b4fe6c3c055f504965f98f6578775e2e

    SHA512

    61433305e45b964c22e4d25b266b7f790d16ce1bfc738805327a6ae8c0ba925a733a136cc4932b7bbf36935a2c2767dbb76155ce79e4167fb7f08bf9f1e01620

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8611fe9b33e41556cc2ad066c2c59550

    SHA1

    812e9a3414093b5fe75a85369d887c1d025f4507

    SHA256

    b784e6f3df0ba91469bac8b71837196741926e8faf84dfb156de5783743fa414

    SHA512

    5e8601c7f0be52421fca9c8ae337c64dc24a222fd85e7b8e036fef773516bc9da93e59a9966d84e9d0dd80116015a4f7e85536dd31f45fedb05b849cfc41c797

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77345db924ee35a58570f1809fc3bdec

    SHA1

    d1edb20ea0efb29d7d9a9c25cd1af1d39a25cc24

    SHA256

    abb6580df146822556d774d58173e9adc1e046b4460f65b867d098f5a161d96b

    SHA512

    5e0b8974855795fe24b0cc880e650460480fa7201b76aecff725dfb823b5e23cf00a4147a808cb28ba4cb8eaef2b688269af56a01159e4bb4e955cd1d0643880

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    423bd92240f024154d8c1524e6166ab1

    SHA1

    6956330086dc15bff28fb4c1e5f0f598eb57849d

    SHA256

    838dc1432370d2adc503952d3f74f82ed8ed15b624de94b939cd341d88959ffa

    SHA512

    afa894934e469f0d3d8fa447146380005e072262c1ba537b4359e18e22080d00b6a69f66cff4917ea7581001b5dade63236e6e7ae8db9fddab79e0e3fd9ea34a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da8a668153e9c0c4ddc7ddfc1c2dac66

    SHA1

    b7c64bbabf220d3d388cdc35750594185468530f

    SHA256

    dac6d79a08a3e86093799fde6923d8766219ccdc0876c126dd6a6814a1e47c55

    SHA512

    32b365d228911b016bbb2b5529606302b31001f241c6d9cb56597b3fbb8930c7966f51a08d66663e2f4d9771d8f2f3e8726cfe2637fcad87f34c4b8b03e4b028

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c67494b0af374b635262ab893636bd7f

    SHA1

    f7c6f3da1aeec3b32741ade6fc50c65abf5c980e

    SHA256

    dc37cbd21a30459fcdd0ab4c989afedf28f624076489c1d10763c2823d09911c

    SHA512

    c3fdf726f0982a67d617fa6fa80a05c1cd10acd95b57fda80e057aeec251a27624d2df54bc33c0d0e7c5ae79e75b6f6bd4566f8b61c7e355f85d6ebde4e9159d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcb1bceb5d7b56993bea253a09203a73

    SHA1

    9d1960612976baa7869f47fd6e05f66be3fb0eaf

    SHA256

    762db891c06fe32621dae5283ed4068985c82044c19bc7cd07d14f65d1f17566

    SHA512

    d645b6191a04e792f9cac6d84a407658a09a3e219026de06ad829ca035c9647ae087b00ac4deb18bdc3bdf3980026f87f46d1e20f5adf0e7edfbe1b74d19f4b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    751d1eefb1c2ebac51b34c2bf1d58076

    SHA1

    51ddcccf2fcaccd714cc5f0caef7ca45bd79740b

    SHA256

    395b7f5726cd1e22dbcc1a297f67a394eb773234676b54eb5307649f8a2be999

    SHA512

    00e8e81390badb6aef0909bc2d112931b77213ec9a73ed61f5908fd7bb7c31a76c5b44cddc372847d81ba9fad5d662796f0c4189ef2e3d657108e3f8712ad576

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f298ed2469a786c6369dc144885e38a

    SHA1

    c049bf875617d23839e7f593ca4a226c4b517d55

    SHA256

    895a1cdd46c6c5140cb564d24b6585ccb8697d9c988dbee3757eabbcab34ee75

    SHA512

    a6e8c394c799161decbe16fd6698024320bda9fed8f1949a7c262fb63c11d6140138cf58a052a01da4f1b648cd8ee1502dfd5a6c552f3a7acac17a47a943e988

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8caf519fabd7fac9490402c25993be39

    SHA1

    4dd54e485fb5d1c8efd0643a930b5fe5ba31c9e5

    SHA256

    aa38b550f572cd77529d34aa2bc3624e4088a10896dd82d981904d3eccc3c69f

    SHA512

    edf14a9130b92b01b4144614862208baf0591ebf3ea26c53216d223426b79a5256e0336707f05a3e64ce4049b13d6b9eef6f03b086e4c042d2a107d0352f3e6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2F8BC141-CA96-11EF-9733-46BBF83CD43C}.dat
    Filesize

    5KB

    MD5

    e7ec1a01292d94253b836643cfe66c7f

    SHA1

    b88e1a28e9936018cc2a351103d1824a326964a4

    SHA256

    01135bc63153d61329bd3e649db02489630dc83e2c09fab6be13764272c7a11c

    SHA512

    d36edd90e3469754c67f9dc1f06ab79a24ad98101a50d84b96818a7d9924efae8225e2603f875a010e29eb64e1ae10205adeca43be97dfccc31f458aabbf2a53

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2F8BE851-CA96-11EF-9733-46BBF83CD43C}.dat
    Filesize

    4KB

    MD5

    c17abebb9debc9c2eaf4184a5f19f9b2

    SHA1

    743dbe004b7ad6a9cb0112353cbfcdd5aa406663

    SHA256

    e89e468b59da584a0011968d0f1008a5fab440d2c5e727b43a67595ea3cc6b9e

    SHA512

    a950ebf0ad1e848539d6fad18f4c80aa13ad939606e2301199836e76129b1b3f339dc7446acd466a3aa9858531147d6d0d8f989b053e474f1d8ec182d0b523e2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA299.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA376.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2376-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-2-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2376-0-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2376-6-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2376-4-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2376-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-3-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-9-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download