Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04-01-2025 21:24
General
-
Target
JaffaCakes118_7bd3d4b2f316c2fd2defaa50749dbbb0.html
-
Size
155KB
-
MD5
7bd3d4b2f316c2fd2defaa50749dbbb0
-
SHA1
e1de6f8c71f0597debb17dcfba919445903b5b71
-
SHA256
6d64f995e0b7f985a1b807d6203ff9387773829c4ccfad324a9d46a488f8ed06
-
SHA512
e403a2ec0046521e90f3ea30dbf13bda348d18ad3ee3c912080c78ad20d1afa805953166eba81cb05a640c96de99e77e0582c100abeebe1492079912f24a419c
-
SSDEEP
1536:Spp8HlyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:SpGlyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7bd3d4b2f316c2fd2defaa50749dbbb0.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:209933 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD57975d610077d493c004387d72f12cabb
SHA1bf0427bd240edde327d7392d69220d882ebaa844
SHA256e2faa7e65c2bc5ae2bd50bd4b20965c9bed60f84605bde49c4238d022d11dd74
SHA5122d468145ccd8fdbf8aad0d5e8f3b3ce9626f5a1f1702fb7ac0bd127cdbcd85051ba1a02ad31eb381e0f42dec0d6e87c7d48e7260fb07f4d00d77ff061e1d3cfc
-
Filesize
342B
MD599f98ce5070011f427f3305976ea1e69
SHA1c21ad791cc43f7de0d4a00b2d380997b8e8a55b1
SHA2568d9f7bd05ebf49b709e04be4e996d82cb94d3486bb171d29b6c77c4745265d44
SHA512f6597b256aa22083e320e616eea7fcea2fc1e2fa7f8fee6e5d18bd3c3ce8d883fcb535c8ceb1b8d150b59917f8fd5e143be71e3d0b3afa48bf16d63d7534191d
-
Filesize
342B
MD5263adcd266262063e20c38f8ce9120e0
SHA174e6593914529e06d7c99a44e93f94d5be43f3f7
SHA2561ab48d6c997409a9cc503cd76f02f2ecb08baaa01edae373a2c899fa0a6f87b1
SHA5125d5dadcdb93b62823bbb5797b5db618ef64593d19e23aa6d0f17e4312c8a3fe5b37c3136c2880228e107a30f4a9d2d68bd2b96c462d5de23b3ba90b65e3250c1
-
Filesize
342B
MD511a455a79c2e337d7319d5e2fc582468
SHA1dc65b254bee149f0811f484f8d3d53fee48a2e1d
SHA256fbcb6b267ce93fe06d064a962275b66d7c4b8ab1aab16f7060596bf7a47d85ae
SHA51296792cba04293aa4070590e2db9c7ad720d26d7620421c4a32f6ebfafc9293efd521056d9230a957a87c91299b452ffa9f53122115963fae89c6de333585f43e
-
Filesize
342B
MD59e998b38902e123bcb50b9d34b43626a
SHA1373494067337617e921b82cd996b9c0476778a1d
SHA2561e3397551732e6c7c39b8eb764400f48079df8ad2a1a08fe25a36ffd9d2d4749
SHA51221691f91a29511c2ee01b7d52a89c3cadd5dff584455aedcbbe9fb7193935204a4b3a10a3cc29e1e1fbb2e9e058f6b46e56db213aefb3327e5c0c40cbc49b2bb
-
Filesize
342B
MD5c115883431b2733c24dcd5981b16747a
SHA16cebf73f8171b6d0735630d49da6e974f9c6eb59
SHA256fe9d550f6a184c41d8895ff0210a4264095fb316da57a80dc352093ca5337596
SHA51253e8d6d3d34c9b407644960f0d4612bf714835dbd77b8806891bd167e3f800f248cb8139ac27625586e2ec5947d0173a98b3ae1798b333e58602462c03263a85
-
Filesize
342B
MD594e1ba13507686f1c4b59fd2b587889c
SHA1faaa25b1c8ae788c0bbee833b24d5c5e41b80618
SHA2562fd17da2c33da05bf5512baadf116404cc734512430b392c0728fdbcfe5fdf53
SHA512f0d4dd42c470b685aa050acb25e1379be58130fcaeefe71ea6aa457de3c8b305be30c08b4ceaaa45472ba1f736e787ee44ca029abc42e30338163bfa487ff020
-
Filesize
342B
MD5d957e48baabee4e9a89a8133450c82fa
SHA11a50d91675435cb8a7ff234183ebf99f796bd58e
SHA256e733a8d347872a6448162567bf2a868f4743dd9b3cae0bed841daaad52df457e
SHA5123ba35198fbfdeb1cb9e82695cb9c97af625c37bb41c1fcf9b34d8a88a5eefc72177b68989b105a01587387838356ca99d2bff03253a1f5b0324f1465cb172fc3
-
Filesize
342B
MD5ac1dfa4df2bf3d2a9d72d00f16a31913
SHA1c65da54f0424e6fa982fb5e8e1769f590a6b1ac6
SHA256aafffd3857965e8ae2f9702628c4b8357d0e2fbaab54d71c5cf20819940b2468
SHA5129e8e2fe0deae3dca53f6ad9842f347adb52243f6d02c754f21bba6f4a7ddd8975517155181b4d94994ea809c313208b8f068b4c6bb0cb5f2d2ed165e4e7f561b
-
Filesize
342B
MD5387483151094d4930a490bfec5c4738b
SHA1ab2dd115f7219b746df66d74fb6888f82c7d14f8
SHA256a07720befb00110f8d005ec34b9077f6d12947d3e6ce55149d82ea19f28541a5
SHA512b70127881007f31d67b1deb175e9411d4de364cef49d9e3e2fff63bf14195731118f9d4688f411ae8fb96c327a1c41b1c0d2fe2009b8ad39649774bbbb1cab99
-
Filesize
342B
MD50cd0f7b81c6c054ddbc1ec4dc565a365
SHA1ef79744eb156c5a2e7ff759f669bc383ba745293
SHA2567ed4eab0aa77221848dcf02eddde3a2a9222121dfbb82ded2bfb1da96e2bc7ba
SHA512b63b942800a33eb3b8afcfc4e759f1173024a3cd0ad4d1ec75b1273a13dc21b609e9e1892b5ebbd7ea77e5a42694d9c44afb0e96d015e2f0e9aebabdc25d496f
-
Filesize
342B
MD51aad068ff8168947d2a31decf9415177
SHA1626d50ce2b5974556ae1ffb6f210387ee1d806e0
SHA2567d4aede3a3177311010a91056bce89ebe0a2eb3054ca4f9ac5d57974a8578d2f
SHA512e07066838f0a2f23bde9381d1b23c0eb4dde34c8f44c55ab45f5f596c7f251251201c58ee09626299577f5da2ea59955070ba0b4a28cbbe11b7418e09f65ceb4
-
Filesize
342B
MD50e5ae4c38cad1f91281b7452aac56079
SHA1e6c773dc139b5c9912d57d55c4e555b33a51c44d
SHA256fba5859939a58e4cb58acd95c0cd457ecb04632a504a2c5a7d2ac21c72da7b39
SHA512e042054df1240c71f51cd6782825ba0f47452ad1f8aebe998b94d5d805a825052ac4e3f1104478e07dec701ea38163f74a4b7455dd1bec9ef881ba3468c2d169
-
Filesize
342B
MD5ab53773cdd9f3a3a437580ea2365c1cd
SHA1916ec320fbb70ab51abb8549221f8515dba4d623
SHA256dbc2d70b93c5ea3a249b9cc8894eccb333c9fe8efa565dd8d06bd5a201f89bbe
SHA5127ec47575a6ec8724568b313de9a535f222ca01979b345ce85ed92edd4e5c8f11708b8e965a10663bd2d1439476ad1a3df0a1a1aaab71a8c7c2852cba58714b37
-
Filesize
342B
MD5e3bba39dc0e34264b33433367e2a8d1a
SHA116b8a388df7cd7528b74e2ea3b917c94063fbabf
SHA2561f44e6b7167108e36d0158294d978b85a87ef491c1734ee97fca6b824cbf0667
SHA51293e27b503cb27c7e559ff401bc4ec695640ae9dfd01dd3158353406cecdb42718523fd9d74f852d3abbb0b40129dc278d59532e6c9ec690bcd87110bfde43e09
-
Filesize
342B
MD5c296f0dc398b48fca10e00c054d5f9c1
SHA18d56331556929aa1253d89f0cc0de47bc20b76e7
SHA2563b308320f6779b9c1835187db1fa9af91cf1bc19b7acc6f6b3c5dc1f4fa9da05
SHA512599a24a3707aa615d9084bfd6834f6587ef0d11a7647003a252a7474f264bb601e0e50c36dc10402fdb271006c80e77ba857db83ce8088dfaac1ddaa85d33b4f
-
Filesize
342B
MD5abe90d49838f34b350085a52307d00b4
SHA16945fa70544d96000485c7b7d8a0208ae440d536
SHA256e44cfc10fb8d29ea22c391a3d837ee1d55f3d7dfcd68f1dae2cc3f043dbe13ec
SHA5122ec3d1b716315d0d2a8c2705afc14476d62e7e3d7d344cd31e71316a1a3405fae0a70f3e575b8cd2fa144e51a54a6be5ba784e4321e9e9b2e7ae732ebd5ce633
-
Filesize
342B
MD5dd6d1ee8a17e420929e1b8a92383b2e3
SHA1b9d8b3373f507e97a6c5d6f7fd38f58ecd79f5ac
SHA2567edc6a5a11d0fa954c6f073559015553a7975f33d2a1b9292cc0a529e3a29f46
SHA512da1ff7dd4f2560cf112bbc71c7b342f8989c0946e876d93fd7d7fbda1119ebdacf8b6be1c522e0a714cd1bf7a780bec3552c2bd242dd84861b3c1d1be25e8006
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB