Overview

overview

10

Static

static

3

JaffaCakes...95.dll

windows7-x64

10

JaffaCakes...95.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    23-01-2025 00:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_127174fe9a8c19f58ef466ea84316295.dll

  • Size

    1.2MB

  • MD5

    127174fe9a8c19f58ef466ea84316295

  • SHA1

    330d313f3415de7d0ff2f59aafc616913183c33c

  • SHA256

    6e0cb9dc708b66806c60b6917735680528fe025574667fc36e0750e9e749aab1

  • SHA512

    26fde063b598703eabd8105d0116831f20b67e23474c5acc7558ae1795f746e2e1fe5df937dd468c201c3145f1e61b2b31f5f84cde67be139658744251115093

  • SSDEEP

    24576:/KMa+QECSwrS2yUJ0AvivK3hPAnYGLzRxahfTN9Wn+lNs6wWKyM7Bfft8ypGYRZb:IDJzDljp0X1yoHtjTjQYPPbxA8

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_127174fe9a8c19f58ef466ea84316295.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_127174fe9a8c19f58ef466ea84316295.dll
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2860
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2896
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2692
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2908
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1911a8621a8c40eeb2d0367f5b49965

    SHA1

    4b771690d6e3dd4596ccb6b90edd439d016ca81c

    SHA256

    b9ca005ff2da706aa8ef1459cae7889e2aee756bdb646ef4c313b6e05c78f041

    SHA512

    2112056d025bdbb6915f096cc38a1c40480e828de2e8f90ddc1d35b16d88e8b4309338b0e69507e1bbe5b96aa2302f7a3323159a990bb11fe659597f3e6688fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f46a8ac01e74e1d38d781433a77d8be6

    SHA1

    a5eca76a1eb34ab0763cac0fc8b30dad78945f0f

    SHA256

    aa6b4601f6430070f40b5a96f9db79af5f6b6655cbee616069fcecd84c922b02

    SHA512

    3bd7b9f8d5bc5aa5a8d4334defd335fd99655d62297b845fca59e5ac68fccf400b2cbcb0023adf596abaaed52fcf6799ceb7c0297e5a3c685929f79a577c7386

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72da3316abe2dd40a503d8e84b3d4152

    SHA1

    9d7449db1182a96f65654622c3060949f1381c91

    SHA256

    ed9caa92e7d2935b76c0bdae528aed5492ddd6d31080ede78373a65e20e012ed

    SHA512

    f05514c6fde8c5a001172e865eda9124203a35d73073f5eec14cd4ea5bef8161626bb90862ee7f3a9a3476c2bd57ceec9edc927dbe98cfa204767861314e64d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6ee3487c8d1c0b20abf357cd47858b0

    SHA1

    8bca6ef1c58a04638ad2ea7008fbc6536c5d1f13

    SHA256

    2afc68c05fc8c1307816ae1885a1af498162b60ae496c5b0d71009fbaaef794d

    SHA512

    4f522477ce3e4f0994e1c231393da1cc3513b0124e472009f7eedcd2017e6f112f8b4f4c2444fc0d9ff41c0ec7459ae1357203133e4f19dc48f560aa44757400

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee0412f2266e3404dd361724efb9aa13

    SHA1

    50f9656720351c2f6b2a8672731c4fd04c590494

    SHA256

    b0936d93cd50d917d3e3c568c9219f24373dee0ac35a3db1d33e9a98ea84c5dd

    SHA512

    f4f235a44966b289eb12e9bf2b33571335a9c2be91dcf586a17b422b6e711fc76c5a5d0c4bfaf1ce6cdb8f106e1ad113212f00decd1094559ebbcefb325c11f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecbe1590f714acfb6f3e3662b0ebe12f

    SHA1

    0e071fc009dab53fb0cb34d33f2970b8d9e95f72

    SHA256

    b86bc213a1e71964ce3b77bfdf7e1ca8d4090cbc45b87e32c20d7924162fe190

    SHA512

    f4afe1c9b2396bb776727ed1c114bbadacff9dc0524d565d6c907f62de90df573d77586e128bee159682e435004c69798b5ff474429f25240b6c136fc631beae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    718265d537bca824ab36d6803b907bd9

    SHA1

    5dac1bf0ff486c013b0853a431423093d8aef109

    SHA256

    30f5a84ba2ba872fd1d816b4ba27c575048100d9f7ece8524719072621640ddd

    SHA512

    b869e5dc8a695b8fa33fb9d1cba903c0cedc34dfe95f66247c32f2a9e9c68619034aaba97b16887f218e5a93a30532c4273494be350cf2653880b233347665d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58db4655f70e1884d697a5f028cdeebc

    SHA1

    593e3d120c527c41cb326b1ab94e6cc4d92f6f34

    SHA256

    08cb25badb8a43a78aa3be0ba2860a9af590366254ac78d81b144ba8cdf7ec61

    SHA512

    3102fc6d7c819cf505084464844fc94e3aeb5964a199bc766b495796f838eae4dc0cc765627078d41062a9107eed71d8c2c1f89b96f9ba1667ad6e7331f1f682

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9b7db2307335d2040a3890b66329930

    SHA1

    ff836f25e76bfa7d88f29e1fbe517582298dab40

    SHA256

    a2678186db47d1be0ceb3e6956eb3e1c23f19f18f215f37e47ea0397596aec1c

    SHA512

    a572123d45bac425bd2cc6f0a4de786deff64dae18611d8e13dd88084478f145e5dd9b7c47360fb8b3693e4230733df12294623cd1ef296475047a00717c5b09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e36b4ed4b41714895f37a6afc404a070

    SHA1

    97927c21ff6d6ce219ebe1a653a131d53ec316b7

    SHA256

    13eaa4ee80578ec7f7335ad98fd269e1f1f35cd7a6bd0d2552d209a285ead102

    SHA512

    c9829a42158379c826f0ec103118b6d0b31e29c5fe1d15702c5de06f46929521b612ba00531bdce29f10383dd77a30176e9f8622cd0fbcc5b1fbaa9707328097

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d594ed96765f262fa8732bdb02a9b47

    SHA1

    a79995702ba7ecab33d3f99623af92aa8a5446ac

    SHA256

    719df81e614dc94d90afe28573f3cc87cf0258fc86fcd602f144e644ed2b2827

    SHA512

    ab9479b95806369ce0e145beb85eef654d16858449b5af8d9edcf4aa97ac7b024b3930d4f6d64c6ca3f863cbc4cfa7bc7832f6396acee96f930350f5432196a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ba94889baa7d89f4400f440da107a9c

    SHA1

    386ed2c4cb4493ba3eef165c31a2ef8712d20d98

    SHA256

    571dd8d363bbb22d5c235b6426f50dce81e607702731050af8b212e214babcef

    SHA512

    4764007bfb1b94d4414d9d0ce23f6a81c33933a929f710afc5aee13af48a661d0deb1a1aa6e18707a6d74325649ced40a9e7086520e20d79cb380fd3105885ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    496744546fa83fe770b6d33138aeb084

    SHA1

    ec1a8cfa0ad6d6b8398b3ffc4fbec637298653d1

    SHA256

    1ff605c34a86dbc45f3f55ddad776fdf198388800de799feb1884f74f2403232

    SHA512

    d266afce6a2899c95129b04b234a84aee7cbe43b8609898f03db3002e4bf80d38c8d16f06b04a274afec31508ac3caf47395143d49ab898f32c93e5e9fc3d9cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94674a9c6e4623caa19ffd76655bfef8

    SHA1

    53a9653f790ecb0a4acf6f0e55901b9be57a7c30

    SHA256

    e881cb0b65e12bdc1bcde322f5e56a3c18e5532dca26faf239f332064b1cd6b4

    SHA512

    ef53dfcc427baf8ebbfd00f4e31ec3d321fc728c04ed48a78c325c79bcb7bf6217e19a64a9a25e6cd8ccb4dc5b0fc8791471fa29bf35ee73b6f70417cc98745a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83de183e1faca5c42593933603173708

    SHA1

    936aedd8124de0549718e12d767d63b2b148c1bc

    SHA256

    c542e56298ce6d6cf43a1768b5cc111b97e8a8a200acf2096387ba154d96b928

    SHA512

    78db2a2475168596081e5283b6e586f895f0ee68088d02f457583027070619acfe5def112bd66743ab113695cb840d5aab968bc62065d0ab834cc179ce60f1d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79a86c9c30165e036010b617558d7ad6

    SHA1

    ff90e5ffc4c9af37245e052549a95ad081187567

    SHA256

    59e93cfe21aa8c621fad787b2fa07c156712ea11364991eb63f82119e2badb6e

    SHA512

    7270ca44a3d433c8401afb25f9a4769c001010cee5d0645fe58b17327154fa94e84324265339fed75d937256f436bcdacb1ddb9717b5618a337708b3105c1a86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f8cc579bae36fd489e674ca8455ad53

    SHA1

    28243cd5c1c2aaeed432c6e506157595d8768b9f

    SHA256

    6eb4394eb2e3af2d250cda516c42f3b0ec5deb7bae0737011d38088f55ce3ab6

    SHA512

    9842c56830e850f6d27edb7b7960081e807f75b1733ff265d81cf11a8d1096e5594b78331e429d25fd9f42a725f602d4b2ee7cdfdbe8ea112d4b1efdc63ec945

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3a1d1f57c3efcd3be7e693b0dda1b4f

    SHA1

    a3c546956004675fefb1a70989f6e504f1a1eba2

    SHA256

    39d7d2f37de40ce2a828a47cb744eaae561b28b17762e629c2da2031a5ecdd6b

    SHA512

    91165864c2e7d473c575cac99f9cc6e548b0866da9c60226123313fb9148e0a407753bde61e5213269a92201d5158a8c8ba9a5bc86fa52ff011d100ebf2e2160

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a828a51bd96c6b21d98c6cce57f94d7d

    SHA1

    c60a8ab595f166912bc2a07e247422a730eb274f

    SHA256

    a76d24fba274a09e0c91817aec6ffeea755fb0a490bf6f8b4877bd3c839be2e4

    SHA512

    4e765904ffb66d7bce461eeeb6885b6b1258e0d3fb133f2a90b22d3bce2a5086c0f81ce3a50d5ad57a51f533482ffe24285ce48222c69a519f6b05036867624b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    771be44ed661e3754289e2a068b41c37

    SHA1

    9be3a77f11cec91ea36947f486e1fe61234e147b

    SHA256

    6cd01aa51613d4cca82b4f758e1263b070731f7d5343d6db5b5b8ee1cd0ac73b

    SHA512

    e2f7ce7110ea638d454f6683f89e3898826eee36660afbe04e7f2fa2d4d8ca9350f6509995b3d516d80d18429ddc593d3bde083f844a5d8282cfaeed9d1db0b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73c436587a595e267362e105a9f639a0

    SHA1

    c163cc5447965a7f69ca19eb84dfda387e495614

    SHA256

    4e0cd42b31216d42b597f0f9e2096ca6c2ccbb328874230c13c8b35b9577cd1e

    SHA512

    ff9083634e89cd34dc23941f1308a463d648e68206cd11fe6ecb53b13c4ce700795a01f2632ec97a75562c7416959b90e154295d6b363522132afd13e817c774

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ef7b4e1221606ce2e98ebb69bd9fe35

    SHA1

    de885576e91fb35b5609af0419856845538553ba

    SHA256

    40ee741bf63e3d4e5a5df5b9bed9ea53a18fd7ccb021274792bef8d5bd9ed17f

    SHA512

    b7776bc665daae14dcf75f9a2c4dd0f9811e6f41884c62204115e049b6e4389da39aca52e304aa6f9159e3a3b6b29331523db1fcf7e55aaf3487b464db5664e0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1810BC31-D925-11EF-A88A-DE8CFA0D7791}.dat
    Filesize

    5KB

    MD5

    f9a418607f09d21ea527e70d3a041d4c

    SHA1

    34fdfdbd5ad72c2f81e22f93ab2d0e5bc604e0a5

    SHA256

    734c011f7df803f43f4c081b7dcf26f167c3d6d6f26aa841e553fea9f200a4e8

    SHA512

    8806e2f2ac931296ebdb5fb30a9ebb555f60a6f388757afe7fd8d6c04332c59282bd08da93c51cc96ae1e09f87b7a235263148d9364cd2f4586e48e4c3480c33

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5370.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar546D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    99KB

    MD5

    f57eee1185dee33198b752dd1f66ad55

    SHA1

    b60f88d65f8805bf2ca095ecd1727b15eed4ff12

    SHA256

    6bb93bea58d84b9c6a562a6b888ec84ba0ecb7575b6c8f3264a9e9fb44ee37f7

    SHA512

    cd97a2207d7ad6178cc7c9fb13fda7015bc30a924aa43b6e8ba07961ef878a841e6d025047a35e3b60ef23a3ab9b59b16d1abe09f39dc0cd6e5515d46630ad40

    Download Submit

  • memory/2840-9-0x0000000001DC0000-0x0000000001E14000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2840-1-0x0000000069B10000-0x0000000069C3E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2840-50-0x0000000001DC0000-0x0000000001E14000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2860-15-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2860-12-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2860-16-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2860-14-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2860-18-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2860-13-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2860-11-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2860-10-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download