Overview

overview

10

Static

static

3

JaffaCakes...5a.dll

windows7-x64

10

JaffaCakes...5a.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    69s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21-01-2025 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_0731356f7ba2c1f0a01cdbe7757f535a.dll

  • Size

    340KB

  • MD5

    0731356f7ba2c1f0a01cdbe7757f535a

  • SHA1

    1bb8c35001bea7395584a7aff7e135484c9f172d

  • SHA256

    09c32452aa4f08d50293ffddf107b936d7900f8208abc3f50c6ad578662668fc

  • SHA512

    d51df401d50539584d976c04e11ee57e0107781fb7dbca64ce09cf444fad59f2045c8eac3e89172b23aec0c388af8abdc39376ce885183bfffebee36cc2a371a

  • SSDEEP

    6144:sl9XgnzxOP/sFR2h+9q1kih6ibUxrp3/vIyRHjp3C0xBOqxsuV0fSX2ioS40h7+o:slCzcMg+9YkDiQ3/QEHxsvfSXjThpNnb

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0731356f7ba2c1f0a01cdbe7757f535a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1176
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0731356f7ba2c1f0a01cdbe7757f535a.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3068
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2800
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2696
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2832
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2972
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 228
        3⤵
        • Program crash
        PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b06f051712058ebf54ebf3696f407fc9

    SHA1

    e1ec54c6d9966e9dbb82bb3a8fa9507f38fb4e5d

    SHA256

    2fb832315e3284d41dfcf36810219391b9f36bf01b8b0ca8b6e309179b089e9c

    SHA512

    2a25187b8e845f04ba95673822ee4a21c6db2ee544816f1b844108dbb4f4041ddd21e8057a676b6f30773263a133a26a7a143520a6ed0e21c9c0ebebd4b080ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    569e74d2a85f8dd9139bc311f99f6ab0

    SHA1

    a482a3e977ab07628fcdd72ce238b3dfe7f1f855

    SHA256

    dd2842e05991e5439498442e6e32973c0cf9d21f178026d856b3a5c1bede3e7a

    SHA512

    c52647233a4587b371c65b946a5d2f25c247cf91f2663680b8c38c9bcd0a01932af036e5441517d8677dbcd3dd39dfefee529e3ddf78f880484fe2a0c0a0d406

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bc6e2aa592862ba05b9c1eb10ef8b23

    SHA1

    e810a3a2b46feb04a057f93c0737b82eef1dfe81

    SHA256

    eecf86b54564c288df8e73db722ef35efe062716e1cd5faf35e9a0b9858bcf42

    SHA512

    d91ac64c60d624440f304f7ecb216f50f79f1be4a6a3bc1c46d526bc75360a8e5357bec1c6dc7be15673e277a4ae2b6ef53de848a671a668d72db0908a8231dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff15a62d4aa5c1096c0347a0259716f2

    SHA1

    ffedfd6215c6f4cdc0c1fd891a7b316ce780d0b2

    SHA256

    a9358f27b8ea584878b39e691ae819b20be1104b3d64d1c0b9aaaf7ae618d2d7

    SHA512

    8140611cccb0f8607ee4885367ce42bc9da3858043592431088dbff2e3337bf7afd817718c4ce5b0a070cb08ddbb0d1502cee5dc04586596b75c9437d4d72c8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b621aa059da109cb9836e0cdd863fb0d

    SHA1

    adb7db6f13365e45f692bc159f2ac8615e58af6a

    SHA256

    ed4c59442c2780869909f938e6c4776b5aa59e5aba8bf6c4bf5b593234fae77c

    SHA512

    3b3d43e3124db0e4bffa99caabc265b326bd34f247e9c2e7af871adc7b9645d88080f91d9c69ae065a9e57e70dab2b1683600158f2bfb77982734840772d8dd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    585857c0f7b97fba959d7b63c3c5b479

    SHA1

    8b00e28f2e1ec1d9ddc90e0c39ce9efc940250e0

    SHA256

    a7d34877e8ce3ec5f5f3f9166b01cc8199cb10e0a0c6db80d4726653a29d5b39

    SHA512

    74cf0b2c6f0773b0151228165f769f71ac586ced60a48ac249524e727a6a2ad086c64ea932a68d73fa68c90c83d4976da8b3d17745f7c8594d5e5a6a22477725

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    394e009370c87d1a0cdb8c6b7c6e8aef

    SHA1

    86ce8de848f6e5cfe9e06dff134375fb6ceed166

    SHA256

    852e94ffb94c25c29ac2cc736f93db9aef564058743061b96ff6055cd8e6aa2a

    SHA512

    8eacc2994588c140c5bb85bcf5449780ceed1bbe1d1ef9058cf4a2dbb8551c8c4f15c74b3d2395faa8ee5cfe4be28aa0f5aec9ea2acc2491f445b8b164166c97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e99db9f082a6c9befbac36c4cd5884b

    SHA1

    6450565f607ead700c9ee112285be1cd68b8e6de

    SHA256

    5fbb94b8dae9e5c8be2979818e6a5110dc0d017fcbda9709146a4bd0ae26c114

    SHA512

    463677f44f0645046ff53c2dd92971091e0b7f791ebef9c1722d2eff54fa769e9161a7b9aa5a0fc310ea2ca7b0a84c77bcae78d9faff0b261651df03103668fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e25dcd496c98a8b71d5ab7e37fa32c01

    SHA1

    5475da4a97c229e161f64bb7697d74b21cd9076a

    SHA256

    36dddcc9945c4f29200242e8fa730e1b4512fefdd88e035e84b14f28f9518cfd

    SHA512

    80fadcc17a10b32829378df8dd0e8c93a1ca34ca7c3d929ef721433956aab4a74d9db0d315ebd8d3f83590343b2a3e5327c41602ff47b1e631c0147a872ba455

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fd8912c842a6124b504b40d705a7aa2

    SHA1

    6dc6784aa30012ff62f12e37994def71bafa03e4

    SHA256

    5bfd8f3415aa2c7500ca9f1f1ce0946f6f440260eefeec87a65e7009d2d3d817

    SHA512

    33549f2bbc8ee802cfd89f57b0e8bec392768fd76d8601d3ffdf927a28013d29010569b179cdf9d3f28eed651de5376f6fde0eee87be9a2c7fe5556fc4472a2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd95f7352c264f6fbbc47da926ee63c1

    SHA1

    2ff21d12a2ff7e8fd3ad9a17161229754eb3dd68

    SHA256

    7ad892e12179072ef1bf7996460621b20e53f2072d914e635bc45ed155a6472a

    SHA512

    e5a4ff14b15bc0bfc49c11bda96d02f5a4b7c467905a8922e24c93caabf0fe8280dabf906a220b898ed70664d41e1f388dea78237c0e16eac1fc0ad6803aa62b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebae62d4d5718c1700b859d0affcd4b9

    SHA1

    f0b6e3156752189d63109a41feb9eb05809f23b9

    SHA256

    be00c3811833b1468c82a8602d353e8d6cc55a012ff5ec5a1f70c4b6fc602742

    SHA512

    2faadaaa986a12dd81c555ebcb93fe24847d302c5fed5560a28511659aed335fae87dfa67e5d361ee9b7db28b97200449f4dea90bd188f3637fc2206b5ca8a9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b71297bcdf2084828cfa24386cf0b5e

    SHA1

    a9bdbf5a2ebd2e25e2d9f6fee4af2d74a65dea8b

    SHA256

    2bbea6b57191852cab18605fc76cc183e57e20be4d65ffededb09a2721fef090

    SHA512

    9950d051f23adfc6c76fbbee0471b923fe2b0be0f467f14ebcd7707e0697f344b447e8df8225103afdefb3b60e41ed9ab168e65c400d0f89c2b4d197427d41cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fec215d5ade588f21c2525ec4f0af34

    SHA1

    3b7416eec40b3c34805fea3b2ae7b15179a5fba9

    SHA256

    36e2ccadc824d6e07b154bffa39fd57dc2ebd7a10f0472b0ad26c015653c5747

    SHA512

    3211a80cb47fc49f0be21e3079462dc5750d23fabfe23360711d90f1649c0b82a9b454611948a91e28de893457119fc03ac4d452113e8428954a50518a5166c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15469972b243920e95531347ba9bde63

    SHA1

    3b6627e2d09e762c081fd315596a6a6f6788b34d

    SHA256

    2e63e90222bed167d96733001b54120e90378c4e82ae1d95360aa360c15dbd2b

    SHA512

    b5f86cb54c7e4ce34892e7f8bec60dc578dbb3e2371a88eaf688221cd406ca557c564b720c58dc0e9b7c6053150c2de7ac5d1e5c7bc7175442c11bbd3413d8f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4199484477f96b1fcfeff8098fd2b90b

    SHA1

    39acee278b44463419d5ba24cca17fce9fedd370

    SHA256

    f2e6a2d7ff2d1d2df129c5550eecea42b8a77f2f7ac223a64a04e34811a0feb2

    SHA512

    eb87a9440c102014ccca55a03b860c874cea7b1b2ff31ba33a848e7c4d6dcc2d9981d7825329cc3c59438df93c6241861812642b8f123f60c6fad448db6e4fbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9532528443fdf372b9715b79f817923f

    SHA1

    f9ba891537c76edc16e01573c92499c3fffb1cc2

    SHA256

    10db7fa4fade1d33ca2cf80cf583c72bbb99d53403e5347bab585be9bd6fe462

    SHA512

    e1804630414f48bb607339d914ebf4b1c2cd5475da6f55c0b62d1da40e06ec842013ba90bf2c650b3c1673edc5e4da39fdd14fb8cd805822a400181e2b67b3a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c96155f1251cf62fd002e1c5525227a

    SHA1

    9b55175207a65d3ce7988dd4ab39250e2e7ad4c9

    SHA256

    571192ce28cbfce8a600cd7045ba99141d46921ff791618d8b603f6bea872b0b

    SHA512

    b0554d3a1e425d714bc4a6965d66cab382a7e7e431d9e3bfd13d50a6157094d2ad6bc601025067584316e529a9053fafd53a3699c188fdaa4ee102b6c9034406

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5b220ba733fd1f297f2d60241e61227

    SHA1

    2a65d65e66d42dc0cd46703e9847a15fa4bb322f

    SHA256

    e3546ed30dabc5f803466028f143c2a26a1b30e305ab8036005c98437a951f0c

    SHA512

    4e0e947649c60e3aaf062ac6085ccb841b692ea7e7171e89f2ef98d8790b4f2940f1987b85567f11bb99bdced9bfa3568a30debf0c5cd9001207cd06c3608952

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8603101-D833-11EF-AF7A-C23FE47451C3}.dat
    Filesize

    5KB

    MD5

    e6c944571df54aea3de1529a71b73c13

    SHA1

    e0f354f279c721cc34a4876ab485e81e5cd24a1c

    SHA256

    924cb3d657679484eaa5b2a171720e3fa5099ae9eead7a47134579e147f77ced

    SHA512

    8dc262af29d7b7864c15d10a4be364239dd076864fcd9a97f5ec6758f894b1b2cf446dc83a0e9bc19b7788c2a983829740d1a22f182c195df92ae35308dafe6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8629261-D833-11EF-AF7A-C23FE47451C3}.dat
    Filesize

    4KB

    MD5

    4244cfc807ef7a7330ead9f5b8806bff

    SHA1

    d61c2bfa7e2563e3e4e93fc1c21dc9bfb3e38731

    SHA256

    7d64efbe04a867bec02ae7d45703f25244f1b3d19266800d232be2a05f2b6544

    SHA512

    5ee6cfe0f50ad497808ded24a4cad8f09352542ebc96ccb98cdbe3c365610d492ac52083a80a06c34858df0cadc2a8b4e7b73292bd2a727cfef5078e05dee57f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab392D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3A0A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    9b49fec7e03c33277f188a2819b8d726

    SHA1

    a7b6b4a0ecbeab9075c3e36ec2586ce8debbbc4f

    SHA256

    9d3a78f72dbd7351a999d6fd6f60b0c6ba79bc4279a347fd590af94a0224afad

    SHA512

    049a0971913562ca8a134ac889d4750c71d89fe070fadcb06dfc49401f1b9b508275921e55f3f27a31f34d520e96784d4a50959fa1aab6bad878e9e5ea61755d

    Download Submit

  • memory/2028-23-0x0000000075270000-0x00000000752C5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2028-1-0x00000000752D0000-0x0000000075325000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2028-12-0x0000000001BF0000-0x0000000001C5E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2028-3-0x0000000075270000-0x00000000752C5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2028-2-0x0000000075270000-0x00000000752C5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2028-0-0x00000000752D0000-0x0000000075325000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3068-15-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/3068-17-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/3068-19-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/3068-18-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3068-16-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3068-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3068-13-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/3068-22-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download