Overview

overview

10

Static

static

3

JaffaCakes...30.dll

windows7-x64

10

JaffaCakes...30.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 17:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_7b0b77f2387d7fe9c35d417be4445a30.dll

  • Size

    132KB

  • MD5

    7b0b77f2387d7fe9c35d417be4445a30

  • SHA1

    286381ae8435f357a1c26a3bc8b9ecf07f27884a

  • SHA256

    bf570075d47aec28ab3ea6243c23242bc8725d58c3d9317c56e2f91fedb91188

  • SHA512

    dd1877df69b655f92513edd6149fba4eb4abd6e094f343dafbfa2595af79e2616e04df7d02880488c397f50fef8d4616e1f0d9de719a5fd35ea63058094efef3

  • SSDEEP

    3072:VduM0UZVrq1eiresVpA8O1Y3fJMyyBxDlEJ:xFqRy4q46LEJ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7b0b77f2387d7fe9c35d417be4445a30.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7b0b77f2387d7fe9c35d417be4445a30.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2808
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2876
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2752
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2872
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    919bdf13c95d88db974e88177d836261

    SHA1

    af304ce6c9aa7d99493da719399f2cd15eaef47e

    SHA256

    4b02cd551f989f70115f567172bff29023d38474d848a8a46616057e501e26a4

    SHA512

    56f090699b17d17382ee0b10a6062b749107fb38ef2eb1b0defa6b2dff7479663e81c9ff28605ecdc152a7f20591a839905a299c185f5d63a0857e88941cc712

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84615de08affdb0bcaa490db8d9c3844

    SHA1

    79ec1ca8732538522b8281d793fdea251588926b

    SHA256

    6da06aa90a9e549e300acbd87ed399e17640f8ad17441bc59873f1187a711ec8

    SHA512

    6f2cc5576b117799ddd9e8267fa3f16a81e617954fcdf050086cb8e4b3f8b8b8c62f00234a222ed68f6f6f0928421f79e08e30386219d2abbeb809e319679837

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac2b6dfc97dd40bc5ca363df0829c72c

    SHA1

    c21a5fa23f51f17166bfdf38325c1364e020a4c1

    SHA256

    a5c41c7b9d3195bc9c71cc942ee7df8e2844b475bcdd9f174e1af6c8fb687d5b

    SHA512

    f15f78e453b51c50209986addbad8cec3b0555127c61899bc700d9fed90a8592c402c8642be90df7483b2076a6b3cca3bcb74f8406c15e2acbbcdc0aa60a5f8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df931a6601e730c4bc40754f1a8db7d8

    SHA1

    7320bf7b58382a988ce75dbac380f44d5c0741af

    SHA256

    03e8ab6919632c9d2e60da7e3fa06d3bad1a59cd6bcb543eed87192ee6e1055a

    SHA512

    88de5b28511dd9d278043fc9f1206761304da21fcda468d5b27ad2cde8b19748ac9bfd736e6336ba1963a2441daecc70ed1fc981783195cdf93f629c2cd92314

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3de7f2a514d0bed04d51e99e3df9a65

    SHA1

    88fce13543e121377d91855fb6db29a8e2ac4ce4

    SHA256

    82a57d5c94dec7bec7b5bf18fbea1856103d57808ce3083395d1c8b192fe859e

    SHA512

    9da994cc78a36322c0fe7ce6d6cf6ff7d63bc8e44e35879e9083e24587ccc01101bc5234c34fe31200b02d36661603ef89319ee19d80d8d031762134ee774423

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d434dbb173a24168e069578f9b9455c0

    SHA1

    eef50305eb2b9e45d440c4fddd560c30586600e5

    SHA256

    6e5d59487618740513e6d74700736557e725e9bb40ca31ee4a6a573a5b104845

    SHA512

    66583c13f9d79fd5aa67c167a49a54d2cb6ac65bedc36b29de811ecbce237b297664f0afeb39d55e5f5d8469d442674506de24cbb6a27f8152d7d9503d34f46a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9650b96c2a130293682573ce8a97b90

    SHA1

    3664cc92ab1bb514002263be9f346851e5578802

    SHA256

    5e5675d48ae2b184524f2ce57cd11e5c873249ae4fc3d6985f5b33f911af769a

    SHA512

    348acc16632c0cff02266e5d2c9d60aba5d80cd1b29f8357623f36b0f94c3997734426bc919a96982a8bf977b88266b92da3f3eae0e20b4996b82f8c3e54fce9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f218d777d524e114d0029ad6a6f77d73

    SHA1

    fc98ff4580cfbd369bb0db1e3b016c5453063c90

    SHA256

    20ac18b62c7368e77fe397f91317feb18906b4ed9074d34faa37c23769d637cf

    SHA512

    cb87504d9cc03d63c604ea7dcb70992e09efff2106b0576b768d5dadaf86b1b8011c9a672120e7b2bf910f1a8b1ab7249245edddc919ab6ce9299d552dd4e825

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    284c84da14b0f42bfc6a7ddd8667a1b5

    SHA1

    4255550ed21de6151b4de5b797aeacfa9fec78c8

    SHA256

    f218d7074acaa28de1d45843946fa32fee663bc253edaf76640ffc7f46b0e493

    SHA512

    223a32f2de63d58673bbd8a9ad390aea3de4da0265d748b39f0984473fffd7380fa0d2c9509c2d0775b5a0f2d4233229e180fe9ec1f13d79c46e6cf76ea11b83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    911d5b4b30bf04315567f10bbfa20c22

    SHA1

    370e1727edf7e6f1a4edb6086212984201dbea2f

    SHA256

    9fd595547f68aa610785156a3e507a32d9ba8f0c6ad49bdcebc09167e61122c5

    SHA512

    088fbf50dbcf029d192c0164bea7602e6fe6a044965f6c32f16b32d1c2fe6ab65ab07b351b0813855635d6462ac88958419be7f871764080761f17409827de38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31f9ec5c5ed9708d817824408e2fdeb1

    SHA1

    0fa23d5269e8a80ffdbd8c0fbd88cccfd4961e85

    SHA256

    5eda198f4b0bf0de3f971b61f4bf05cf63daf338f9d22519edd09af313e00823

    SHA512

    3a96faaa7374e3cc4c6c979af2232c1d5982496c5aab972762810093664db0376d6c3b02481901049359d02a8f1a98ca0a1cfdc8bdd9abf3ee74bf300814f513

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ab63683feac802111ed1189d3e6d51c

    SHA1

    1eb35b1e2ab64174d59260236bee2250dabdeeed

    SHA256

    522e9eaaee5a80c031688e6fa6694a1834f438fac299dfd70d3c37e11d6590ae

    SHA512

    0c68b9fa7ae47f1cdbb6aa75f04718733c93bcb53d205aa5a83ad374f823b9c110b57e019a5c103bff53dec5a643e3193da45c525d0b700354a909536c7c6a66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0012464cac23a1d03c4fd3143d3fbf39

    SHA1

    6c3efaccc595e1564820f0675263bbeeec90e94a

    SHA256

    d42cdae8224f80d0302c61f8fe7d2ff3bc51bf8ee34b6da0d0e67b55752a25ea

    SHA512

    725be0e4ee0b9403d602a31d1732c1cee6216b2606bd75a093742f440c166fa7edb63f2c8ad54175a6810546d4a1d644eb2bff6b576b4384bfb6b42068515572

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e35197f8646a466500be8f90a428b331

    SHA1

    0e413ff3e4ad4f021ba0d7a35e7a5234eefe3269

    SHA256

    6e28f4db05983b6e6329b46ce23e239df48540e8848650f8e7f72218737f9547

    SHA512

    41405ab8c86a112baa6538d445a59b0fff46d390c5d5008a2ad92c796ea5b239af1242b98f9f8049107a9c4dca2cd5b433622bcb2b32267351edeab121e54d6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    340f9b4186a370ae8557010119ff8938

    SHA1

    c34b75a727f3dad3ae15d92daa645e5d5354b917

    SHA256

    a8363ea52d843cdf67be57b6614331f7814f81380860885f3f223fe24092d5a5

    SHA512

    69671f9e455677c27ac5d820cafa62441826ddeb16db047dbb1c66daee3a4beb07347c79ad3a45a6c7ab356f7b29b8421ae257265e31e3c841ba50f21a34aaf2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d40ce9de58f377b08f1ffd263902967

    SHA1

    a2dfd6ac3852d92632399255c49d7d8de1a1fa3b

    SHA256

    34b4d8987307a35493213cfded5ca87eb8d0f399ae257234237f66af14908f51

    SHA512

    d45b670cc839ababb4ce622c85d94b6ab5b2ef37ae5769e2eceb2b37983ebadcce18750edc2bd4e51940e5e6c0a37d7935766c531d99335c2712ad0c38b55f28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    352f25a610189f1a411e875ce525fa6a

    SHA1

    b39a791e782b67d7efa38734795e6a23e4fb36b1

    SHA256

    0538aafdccb55b4c34c2ddbb6e6c08c80c097090217a0f93974ffed101b495fa

    SHA512

    f8efbf9f941c9b4832735015c59aebb392a33202278e039e373b7bf29e83ef53f19ea20158ac5f22addbab3cf8cb33aa813d28e6c448c245a1f63b53c73039b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44a40280d34c57f9365162a8b31afcab

    SHA1

    2b1dd83082aa001f789033c669cbffa319e2ed91

    SHA256

    e2f218e5734ce15c1c662b27150fdc9f0609e6eb6e3077a0a8ee52a16a711ba4

    SHA512

    1c5d2875060d7b8b7b8533a0762b8926a8ccdd1868164280f1e88d8ffe69964189b889138612235eb97611f2af61f3e442a9a49c94ad1e53bfb549021a9313cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{926632D1-CAC5-11EF-8CE5-7A300BFEC721}.dat
    Filesize

    5KB

    MD5

    f169f67c534f18937eaea1ea78834c00

    SHA1

    86779520231b56180ad194622cac553e05e204da

    SHA256

    ba206a166091b5613927b2a8df50eada651fc18aca8f60099fb96dab629bd6a1

    SHA512

    e8d962c680e1143ba2f3eda91c135672c2f45edaea7ba2f62869c647897cf91727582dbc924dc645f90aafd5c59b496c88f935c4cbffc4fd0a609b5fb575f5c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{926D56F1-CAC5-11EF-8CE5-7A300BFEC721}.dat
    Filesize

    4KB

    MD5

    c3870cce3e926cac6b3d6447a03c798b

    SHA1

    65fad70c68b855ec680d07167e68577f4c417218

    SHA256

    6f058b641c2a8fe8de762a87bfa5ff50031834018e9fac65bea6a9d0eda2a6bc

    SHA512

    28cacdc4c4efd544b8ff591e10dd35ebe13e0964ecdf0e0138953eafc1769217552f942aeb3fd99c6f981e04385c9578153d210380e8745925647a6c42ac9b5a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7A51.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7B2F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    c0a37ec7d551f432e75f2ed5ae3df03f

    SHA1

    c13588266bbcb28dda5e47e7d6e109c62633dfdf

    SHA256

    23cc26a8ce27ec26d8ab8bace61141e530177e9610b0993d7206fd0b575b739d

    SHA512

    14a019e2941643f1eff8ea9ce0bcb59f27fa865257cf64247895a5ecbed27b23518fbb9b08f4efc6fcf884327b0a40fea6448acb2ee00e670de8ba15a70db59f

    Download Submit

  • memory/2780-9-0x00000000006D0000-0x000000000072D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2780-1-0x0000000010000000-0x0000000010021000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2808-16-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2808-14-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2808-13-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2808-12-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2808-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2808-15-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2808-10-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2808-19-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download