Overview

overview

10

Static

static

3

JaffaCakes...00.dll

windows7-x64

10

JaffaCakes...00.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2025 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_1fcb401b799491305226a3076e3b2d00.dll

  • Size

    1.3MB

  • MD5

    1fcb401b799491305226a3076e3b2d00

  • SHA1

    785fc2423cd8baba0250012493fe8d2a892c3015

  • SHA256

    7c71e58387b0570caa491503d6fbf2dad6b10aa1573ce65ff04854c9c36d3c17

  • SHA512

    0597777d0eee4321967144ab90200f0f827ea79a9fabd0f695e113d67dff99e1187944f53d12620ece37361d2f699d961804330131f9196ed8d7249e7c8c5f73

  • SSDEEP

    12288:DSfXvPnSkeJr2F21G0ukd/W8YmU/fI60KbKIkWTVurjUc0u99ARk1FM83pm0OyP+:OPvP8T2onlOYHc4v2aXFI4NCV

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1fcb401b799491305226a3076e3b2d00.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1fcb401b799491305226a3076e3b2d00.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1840
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2044
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2820
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2772
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2836
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2736
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 228
        3⤵
        • Program crash
        PID:2460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4b97e40bf4f3d61c22ad114239ca9b1

    SHA1

    6eb9067155d1db6e33a1ddb9cdc0d3d5a16bfd25

    SHA256

    74b6c6b0255fa11bd5d8574d2dc873ed995757c5917b8273657f28d52eaba31b

    SHA512

    72848b43598adf485c5db8eb076c484fa81ac0b577931c52a16e0e6cec9b4075b7aaea22e5e92a014f80b36f8e21b136d8b3642b72cd3ad8ffbf716954f5f3a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb9b95fe1b56f2a32a26dcbb69429a15

    SHA1

    fe6f61c513244891131a5e7b28063a1415cf755b

    SHA256

    87874059299b8a61ba893534f5314afaec25f49cb005cd7367c13d6d650c385e

    SHA512

    3df0a6db5b6a1b9fdc2147e1df421b4c8e95c17862a639d87a303e92dbeaac3ead7cd5a1bc8a0f334034624a9a489876d3b11423dd7e6d3fd111ecc384c7e882

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    369c6a155636f844319d5965ea2f2028

    SHA1

    3d01419277136fcc546d4201744df116a36a6636

    SHA256

    c92b480163c0dc0129c1dabba19d3b98979170272ec24bfae6fa24909439caf9

    SHA512

    3338756f711b7a7c62fd5806de12112b555c5996027d6657c4ec404b783d33b5cf921df1ceb28b7614c966593f4f9ab60ef78c5f64646002a64c54c2ceeb0597

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4077b39406738124b9be80441a2e1af6

    SHA1

    0e587f2eb4e6647f721258575d9ec4464c92bd4c

    SHA256

    e7e8cfe512743aac0fb732b1dbbce34da4bff423acdce2a46b84fac8be7ab0e9

    SHA512

    a31fe728a2b6ba3aeb58df254afc1da9794d8cb647df39c48a246b46ab129e999879e7139354d7f82aa1d9e29113c5e115b62082af7e07eb3ed3527406b2d151

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    208d5f92134dd73409eed6595d295b45

    SHA1

    53994892ca8e65a48aa364e532118deca18b7045

    SHA256

    d18c069aa0d08838e546b597126b7ea29271476fd761ecf7164d5a289d43840a

    SHA512

    c48ead096e1b182e1a312275c9c2772895d8457783001546b1a5afba8b5bd68f9e8db2426dc5672313a18e83f2b14d11e2ec5853b5627dbae67fb5e5f5c8bfe6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d731a8fe499781c8eef5717c85367f1e

    SHA1

    adb371a7f8e551e1d0934093c9e081ab0a746997

    SHA256

    284eae616829997c29285a5ca03541a3f48fdc67765b1c0e1d04bc1584e48a95

    SHA512

    a8bcc36d35a49348daccdea0fd6951f60cbeb8fdada23830fc48004c69764630f207658fd116a260340754b55d52bae4ca9228016b6c2e5d09f19c78753a0b2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d7d8b1c4f75ea5d6ab28b4f9f4c59a4

    SHA1

    cdaedfbd9d83e9ece674c365be2fbc5c64592d39

    SHA256

    dd17e54b37e226eb0928787dda2185570726b8b26fba0ff2c329cdef166711be

    SHA512

    f9fe72054974ea8080645501750800af218540f32d844b37e94db3532f4b648cba7cc72f3ad02435e30fc02bed13840a3befad64fb2310cad225f23614f6c485

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e25bdb08652ae9ffcee5567140c6dcb

    SHA1

    affa64a6d70fc0e5cc61207cdc8a08612bb1c3e2

    SHA256

    8554fa14afa72d66aea2f52c81c91973e50ca56bef8c37d5bf4b4d419926e457

    SHA512

    07f0c66101867196538e9cb251559a278b0f43c5564c62feffccf83642a33780d2762b8d05e078c5ee2c9f54074446744dab39d8e36e2de2bff8a8595f0d0017

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7562cd326bea0f3c1e5a4a9340b0c159

    SHA1

    efcaca1209aa71dcc6069c0a7f3cb96c0f68cd8a

    SHA256

    d1aa99b0e3d13167a5fc6354f9ea43e6ba6b1360726f0a6845b20b46a0d7c0ba

    SHA512

    48cd311ee242017aa42b566355772e883dd17cc7e74de00cc432fc40149fd70850547a198183ebf4ebd7d416f2a5e5ba6d713178c83f4b20c01eb8407fbc2aa9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e260934e7b8c22da1435d9d7fca44321

    SHA1

    51871693119cc5ad53c96c5c6cf0dfd687539d0d

    SHA256

    4692c6697625141618914ae4eb65880f8562245b39b85c1734402456fb6a8d7b

    SHA512

    2325680603d5598c420a2d32e3a4bf3c93572a54fd424807078b4c68c174e85191bc44fcf17d575aa4f990f30a87beba3fac51ab666ff8bee3af238f2e9873f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad7350a4d6d369a2464c8e36ecf8375b

    SHA1

    4f8cd81546ad92047668cd4b95f0a33e488ec06e

    SHA256

    632b60857eb3e20055c7cf60b636c5a1f9b8097466ae2de54a12287d31bd104c

    SHA512

    f279ce63ef96dc95c37bc181a86e626c1292aaf00320b03873bbf8233c02cd83b073048610459afe5c8241714a35eaf7d5e8c9ef11e48b25999e76f47c3b85a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b966ca86c3abf58ca31899e1aefea755

    SHA1

    2dea6761aedd5eb5ce20f9c6923a88992a6f2bbc

    SHA256

    7b6be3441893747bd0bad62ed5eef1f1985f4722862e97e14deb37d5ce27a92f

    SHA512

    b46d80596e255ed399d40b8955b939a3c14e5a1105b17b439772a4e3cedfd43a38bd805fa46746b6e770e76c904911d977deafad04dfa39ef075a7e69daa107d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4af047c890b9e3e4239b9f08059c7a57

    SHA1

    e395448eaa43b7a96a2aaf7880aa99144807405d

    SHA256

    85a9c8c41c0709c64ef6fd50a15c683d293e378dc3cb11fddefd8d11d9c62cee

    SHA512

    931be2811c3921e048ead79d89af3e61798b2a53d0c2646a6abbc7b120b74a019440510385164db20f911d8a959675c8c9bb8a2e58965f2dc59255af9c631e82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51d65129240bbfe7a2240b1b0bcc5316

    SHA1

    106f6dc456f46056cc993acaaeba5548a745b86e

    SHA256

    4842d431138386fefa40595de8d896795d1903b3192da69b863545a29e144c93

    SHA512

    1cb74cc853fe77b1f256e0f2147fcbd8ce6e7fb2b3c6cf610c0dbbce6063dec86cdf307707556e252e68ff5dc4ae6245076bac4ca6a7dc7cd0828563228f46bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d23fd812b5883b9ae509022161d8a98

    SHA1

    8603d375d139b8974b990de8dfe9286588254dee

    SHA256

    ff7181e8efbffd3b3476014762f1a5fa699d11008eb36ef11b171afbbd41a8a1

    SHA512

    2dbd405781b21f3c0b84f5655fc6ca380a702998a1a21d22ad3b531e9ad4fa6b1ea317aac942dca745c91bb94fa5799700f524367de8504183138111a9e1eee1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b70fa67bd14ce10c6230964c2e40b15a

    SHA1

    2930b1505b7121da8235c6353b25fcb0082154b6

    SHA256

    ffec3024aa5349979ace4b8cd5e457a38294867ef1644697e9d01538eb989af9

    SHA512

    35b26053bbed718bdfe7851781576899372e17f96b2a6d7dcdf1905ee69853a79d5daa2922297d237ed6953430ddce9b0f16a6cf41923002bc193c4fda6fdd7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21af6e48c2f2af3c0023b7eda1a4cad5

    SHA1

    3671d59edb122920dc8a1a9afb67baa9782ef072

    SHA256

    da9e2a46ef99ad579255ef1a12dc4dcd09c349ef117eece93b2f4b2c6a47deb6

    SHA512

    51ecb360036be3ce11b0ad66def58e1bdaf60f2834367094cd8497664e2cbcd3436b36e0c3c24e9c767c6075a6df055fa40c3a34515e28a46f5bfef91802e529

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2481a80f65828b929bc90b77e9855522

    SHA1

    c172787ca862af95400ea4cede3c76ea8cce8bbd

    SHA256

    ea410e83b734dadabed74c731674293e2bc899ce76034d8b80a2584bc928d61f

    SHA512

    ca3d7eed9d1febcb0af5774dbd07aa6876ff0be7f40233643c09ceff72fcc299357e4fb995ae24e18554dbe7bd1ff7bb7762ca52173a534981c911d15572e300

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a4e0056e41c664c88930be6e696757e

    SHA1

    10b7dbb8b975a3d3d92777d761d680cc478f7273

    SHA256

    f03928577c8aec83f5173e48cd8f182161cee2b7efb71bef60465c09a1205c90

    SHA512

    b2185bb0a62a2f8ed4f15e01ab4c3e564aa0d7ab0df504826f2dc214b4d05bbf9670232ccd67987e79929cc0ca360a09a698783058c002b26559f8e84df9ce71

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FECEA3C1-DA2F-11EF-B4B0-E62D5E492327}.dat
    Filesize

    5KB

    MD5

    5b63082e78d2bdb25bc2d9894407703a

    SHA1

    ff5b4cb5e4b239155bbd2b698fe00c798f45b181

    SHA256

    c23f366ca3a19a85ea426989e98b1999cf41663cdca51c2fa8bbef8c9efa84a9

    SHA512

    00fa9068a3b0e152b52a666b70b41410c37f92d0fb2062847269b019f8262c4651fba651d0ee14010252fd29f9e98c1e59b236ea475e29cf8267caea631735b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FED10521-DA2F-11EF-B4B0-E62D5E492327}.dat
    Filesize

    3KB

    MD5

    41075c38021527f5fe52b1eb4e005c75

    SHA1

    239dce5c309eb2a16ae12f072f0ac910620965e6

    SHA256

    dd4a82d89b03aa139a7712f83672624441d77cb8b0983aa3f82f6ee552fdf5bc

    SHA512

    5f4f2bad8e50cafc3a862f01b7f4ce82cdeb421a2a92be105a2d85f61178d470f3d7aab46a1fb62a41ed4290463f056b1e1215df3f9ed70578a320c546d8ab0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFA49.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFABA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    125KB

    MD5

    12d840fc0b79a745c013e73c4c470467

    SHA1

    f47b3c28974d6199e596c365f5e7161656480100

    SHA256

    7ee9098ea2bc30eaea20eceb5e8cda620772c4ba2d7d6945e34ea93fb6054ccb

    SHA512

    de5f3cb695f1a10d897968668ea403721e09f9c66db796d932b8152edb1681dbac777efb63a2cff9d81380d09452f90470a8b77363a99f21421b9ff61fcb930a

    Download Submit

  • memory/1840-3-0x0000000010000000-0x0000000010157000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1840-4-0x0000000010000000-0x0000000010157000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1840-5-0x00000000006B0000-0x0000000000706000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1840-22-0x0000000010000000-0x0000000010157000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1840-20-0x00000000006B0000-0x0000000000706000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2044-12-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2044-11-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2044-14-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2044-15-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2044-17-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2044-16-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2044-13-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2044-21-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download