Overview

overview

10

Static

static

3

JaffaCakes...20.exe

windows7-x64

10

JaffaCakes...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    69s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_7b5421b63e6f8bf61bb4bf86367c8b20.exe

  • Size

    178KB

  • MD5

    7b5421b63e6f8bf61bb4bf86367c8b20

  • SHA1

    5e5e307e2c1ef2d11b8255d8658a1c7bd43f5be7

  • SHA256

    914d132564b58604caefaee827292de7d3ee811917ef8125100958ce68839b9a

  • SHA512

    eb63054fd285e5489e0969b8c4c91bde24e89baff68d80850eb7a1fa5bcec0f61eacef1160d52d51ab094ee3643bb248f2c2b8a6d2510a1b6bd600336341b94e

  • SSDEEP

    3072:akAwOzhjdRmSZiAqFbrnp+KsYGngdyec886Vw7ZcpjX8od+Sv3JyXOZdQwRJkx:+w8h/7PCkKsYGgd6667YjDPZRc

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7b5421b63e6f8bf61bb4bf86367c8b20.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7b5421b63e6f8bf61bb4bf86367c8b20.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7b5421b63e6f8bf61bb4bf86367c8b20mgr.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7b5421b63e6f8bf61bb4bf86367c8b20mgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2880
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2720
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    646214e47bed95c0a0967375076d9fa2

    SHA1

    9de215e07bf66f18f8d8f390e7861c0d852777ee

    SHA256

    32201ebc980d680c75216cfa289e4eaafee1dc3cad1ae3261c0ddc7f312567a3

    SHA512

    5d5806772ea5bb7a16ac43f9788756db1e2a7f3493ceabd87ac963679300fd241b2e6f834c5f876fa6afa93b4ec5267442d2019595db3c696c977959f4c9df2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eda90080fbbba6c16b14357256e98d90

    SHA1

    cd3f38d6ea2d68844671dbdb21047b3ebd4df445

    SHA256

    93c0436dfcef0b01bc8b63d25541dc806976aaabfb78bb6428dc6a610344536f

    SHA512

    9fe510e19e17fc33395effe34c5f4f6073bee5a511e81d46de519f97623b7b3d3537a71ca00963e91c99fae540d1eab46503cbd21d9765957ab48e4ab2483f5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35f8c0c84b0f42d48ec4195191670a62

    SHA1

    960a9d4c1525902e711644a63b62e3bfef27c90d

    SHA256

    962013eabb2ecbd7d73515af3fe179ee1fa92b8b8c4d392d4117e4d35f4ede33

    SHA512

    ab36b3f63d644c5b29963cfb161aa5089a81c033acc5054bddd6db4b5df79832b743b65c5ad54b29743a330b1d1feeaf1033677f935243cf22a91e05f8e5eef3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    774f26b2fc712a205de95f6c5015aa6c

    SHA1

    1a2dd92be94c9f6141fbdb10f6091141b5fbb6ae

    SHA256

    2276d0eed50d21d557efc1739daa0111496867b9f981ac277a687104d5ee0d3c

    SHA512

    03f59cff16a78b94a1fa2955454538a2df8b79d492a8b2d8ac4304799597e913f6fa5e2490c2281e165c31e74f349e1b0c44e68ca3b0e4046cbafd6ee0149471

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc54ef2a61c56b7b5637e95d89fa0a83

    SHA1

    e99895686abf7b159f40632b78a5ae4b6ff790a8

    SHA256

    59f4db4fdf28ca797b75264a0573e8036b16c2e57c48ba27732f6d8725ad7353

    SHA512

    7af6a8e12e3bfca48b3c9df99bc74d47646f90fa0462aa850b2e0dd0467486f669c43c4ea47f530b04a0ba934c56dc30bb18bffb2e93b758cb4625126b340d40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb6f40180bea68a06ff95e346f9686b1

    SHA1

    6026d2b3153d5511fd9ee960262895fdf3b07c71

    SHA256

    962cc7593c5b154d9f02f58f80e52c355abbc887d9b32b7588d0cb83c917c209

    SHA512

    00c3022d8a11acda7d316900eaa8d62a659df8f95f773f3dd1253e9f5d924b65b046c9bb612be5162582f7ba9706f765ace8f9934c948592c1dee5ee581b0cb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ce52ca41f23891edfa985361b36382c

    SHA1

    7fd05fd65220a741e48860f238c365510539a17b

    SHA256

    6a27c6655558de1b38163157c93d6ac06a2b154e6d33214554b14e5761298099

    SHA512

    e7afdd3178ad44c363ef7d6658214dae3663a86d4b883a5dd1adf5ee2d628fee33294affb16bef035f063170dd403ff66888c9a6dafc41316ac3a09f2c231a3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62e1919270ccd24ad1d37b9a3026f35f

    SHA1

    3514739762d2e46a3a91f6c155c2a998738fcefb

    SHA256

    c4b147e85bde978e03b0765b94b3350326234e9c9bd4854439cb6557dd67f11a

    SHA512

    22ae605f7eceb7dbaf7463a27ffe9d0ae5593d85d78222682dc7c0fb486fbf13d3aea846fd331c6e03a80b671b3c6920570873f2a5d69255717e893a7aa1d5f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f774f1d711765510f8feb38e135db866

    SHA1

    abd417c02ca92c7d070af716395b61611d68f429

    SHA256

    2af148f3f112d6246fd06ed9a9eb75a8292e1b6275d5f5fadbfdf486dff27c14

    SHA512

    51f93488a72455310d45b3af99602314abbe80649cb48cf16324c11c25b79aed75898e8c379ddc28f9381b44f841f80f7cc8c1d83c1dbd25861a4d6b6a71059a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e661c3a6e9bb111fa6389ef9c52e8c7

    SHA1

    9a79598efb7cd6ece06837ede53992b8ce97f5fb

    SHA256

    6f2cdc911e8a6181682c49d6934fe19955e9f601e0149a5b5cac0f659965bd78

    SHA512

    cb22639b2d6936e66fef7a50618e700905d186b20a37f49d4602bce52ca0da7fb1e00122d28a263b1ba3593628d2378675796d58f919c8656000afc0553ff2fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6c01688e7040b8cb627c519244fca71

    SHA1

    a04b183e5b469f35da1b76392e37976f324e7bb3

    SHA256

    669c475c279f6be3c44515f21feb017753990754eddf94ccf50d99daecdcc0d6

    SHA512

    11b480e363e9a87e26dbfa7fb963ed760928bbe347ca0cb7aa43be9bf899bd37adede9696b8364c77cca65682a7cbd3a5c5b318631613fe8884e741c8d21c33e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88b824dd03ec2197cf38c1594827e579

    SHA1

    21c660a3790e785fd54516ccce219becbee14af7

    SHA256

    a8ba16a7d3b58aa8da75fc00e4d015c9830c29899c6ad5125fd2b9e7bc901d29

    SHA512

    b5a6a484bc54a0b154cca0eb344b684cb801d46705e78924c56fccff4ff3cac18360cb7f7322472f3c37f08bda0df30f93d5b77e932e86b17786f293bf8c1288

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63c8cefac516d9d5519f1f719d4c31ae

    SHA1

    719870bb6bb8dbdcfdaca945b8801926656f8daa

    SHA256

    a16e21dc3b1a9a23890f5584f49545eb6c7ffb718c6229b3a587752b72fffa92

    SHA512

    226e46264016e0292d6429467eba28eeca6259d031d454822909878b23399fe80b3bddf5414438a7e638c20fb2c8a49581cc3a1d937ccb0435bf1ab39e06b2c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d9b861cabfc551606385f4bd4c0b6b2

    SHA1

    13a43280825d33439a3a9de576d32fe61668edb6

    SHA256

    9afa0b081e3eb4dc86564e1af0a6c991c3ecbacd2d6a12aa1613474a077d8690

    SHA512

    b139fece0844dc2a28317a27bcc4858ad37a6be21959eb575f1a133e6b0cf839e0957950a7cefa17c72a9d205945ee50726b24bbf30c3a271e69fa34b9367a99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9269749c37303f94d487e717c3cc06a

    SHA1

    7d763ac42f1ae99bf6ae93c991d1cd5395e94eb9

    SHA256

    23a66be9991cfc464ee0816047fb664a88203ccb172aa73b85a723f7f0ed3c34

    SHA512

    1e964f22b54129ec54942637013085911d9d6e5145f70ceb24692d5644710f249dbfc16e7857e31c378fd09081f7eca5227d998f4e2d5838622870d1ed7e6038

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    946321d91a93dc5bc08bce212dfba34e

    SHA1

    9c5f22363d1d7b077e2405c6b85dc916810201e0

    SHA256

    aa4b0c2ec00756f6adeec7efa298f1c1582c2e117389dfbd1a7b345c702eccea

    SHA512

    61046d5573f585dd38132821be28cec25e69ab2c56b5238bfebd91e6c8b71d9e51492943166a1ad38f7e4097591dd6c605ab9046772ad449f2496351989b2128

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0C0CEA21-CAD0-11EF-B66C-7E31667997D6}.dat
    Filesize

    5KB

    MD5

    3609b39eec54753b7168a360616c6994

    SHA1

    288f4966df1474d43a7cdda4886bcafb47e2d2d9

    SHA256

    6515c0a24a38d22f476f3ebce1774b272ad140164dad5a30e9c3cf7ff7012d80

    SHA512

    9696f5936fbde2cfcbe2072d2028019b3220f44429092ca38e7bb7fbbeea6bfa2a1a5b378310d29d70006d577626cad4f8ef7da9b72c02f716dea6543e0b9250

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0C1352C1-CAD0-11EF-B66C-7E31667997D6}.dat
    Filesize

    4KB

    MD5

    c4e5e2f9362e03480192ac37c0b8e47f

    SHA1

    c80ba0aeb4e236bf340b0ae8d0c20d97628fbf1b

    SHA256

    31be9fa15cc0b42a743009177f87ca709dc3907849e27bbfd8b2947ef84312c6

    SHA512

    4a48e5f9f755dc801fe1d8c598c660c31402bbfc51d09e021a53117950111c0c4942f0768ab2493ec992b1091c317d1146825e33bee335d33462bd78d054f096

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8BA0.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7b5421b63e6f8bf61bb4bf86367c8b20mgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8C7D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1268-13-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1268-9-0x0000000000320000-0x0000000000340000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1268-10-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1268-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1268-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1268-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1268-8-0x0000000000320000-0x0000000000340000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1268-29-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1268-18-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1268-0-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1268-14-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1268-30-0x0000000077E1F000-0x0000000077E20000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2288-17-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2288-27-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2288-33-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download