Overview

overview

10

Static

static

3

JaffaCakes...3e.dll

windows7-x64

10

JaffaCakes...3e.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2025 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_2924e5b67b8a03b5ee9beddfe7f30b3e.dll

  • Size

    2.5MB

  • MD5

    2924e5b67b8a03b5ee9beddfe7f30b3e

  • SHA1

    9830b88322fc8f0c60cc8ed5d5b7d131ee3318b6

  • SHA256

    16d626e7c865d793eb4d96695201e853e25a7e9aa6ec18bec21c91e61b7877da

  • SHA512

    3d658c461be14b364f28d5a1cc2643b889becb9eabaf9cc676c31d951aa58076608379a9fc37b78fbe3ff286caeb85d86906df6daf48b86fda1ec7258eaef64f

  • SSDEEP

    49152:P3pp9ziy5bRCrEaoWzw7ai91wgvTBBsCkh9Sp3BVcmUG8lFN6ijGUKYsVMLz6ons:P3pv+y5dIVs7aWPvTBBKh9UBVc/ln16T

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2924e5b67b8a03b5ee9beddfe7f30b3e.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2924e5b67b8a03b5ee9beddfe7f30b3e.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1372
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2344
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2440
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2904
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3012
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2676
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 228
        3⤵
        • Program crash
        PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99aaa0d988466e3d4c21cde37c046d2b

    SHA1

    1ccd88af52f84b5d447127733a95f66a94d38e6c

    SHA256

    8ab2803942b5195f0c37e5397d03d461f66ed7ac5391c216011f5207ccad19f7

    SHA512

    901036c6011620257f3b4292d864fa124b99509d3b9d2623b9b7a572fd97494a87332e82617d776dfa643217d1cadeb1d1936dc4195a0f63d58b3e559a6e2cde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79243b3f8461375fae48e5b59ea4f146

    SHA1

    5cb8daf80541ea7bbc7fd580b4ec31e9e9b082f6

    SHA256

    105094b77dee11648bd731bbb002d5893f75c39f2c1a1cc91b83ebe432b46609

    SHA512

    e520901d48a6ddb730636d96728694c9f4d664f9236fbb850c28aa99332928b30ca690cf5004687c325fd05418638b069e08e9c48aaa33062415a9e89f4efe34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fc3ef56146a12ab0744f1a855db3b0e

    SHA1

    f3f41f0a8aaf370012f08990618401b9fbb21372

    SHA256

    8637bac410a7727ffb7f16f1dce3bfefdad14c67a3164357ac6742897c7e4d77

    SHA512

    6c7991d3a90c851f56fd5fbc8ff96e659b02291964257889c89567100e4a02c1ec23f6671f4b0c0bec0616badc1390a4169baf931d8dcea76f888f02511a8ead

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3cbc64426a9c57f972e3fcdefea03dbc

    SHA1

    518cc1b0327d7237ebfbb2bd0d4c5763f75a0f1f

    SHA256

    128749fa6ef97f79e349dc7e5bb62a319169b7b331624ceebb8e57c0cb431728

    SHA512

    77cc275e6ad371d6eeab7ad155e5f99ab3c5fecbad66ee367df9ce3921d9391dc168c20e2fcc7e9c98deea1d14178e0ce86b984f845f68ea09dfb22dfc275951

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c6b75f0b40d3bc2f28950d1f4e2c50e

    SHA1

    3723bbf78a776589646b1ce3d2b4b43797ad57a2

    SHA256

    c182c07163bbb283e077650eb3ef0db50ac9146efe5ccb49116615e726060a18

    SHA512

    910a131354f37cd1f4b41f96fa61c41e6a7ccaed6d4c4cf68fb6a7dfc2b14e597f55b09cd23f2dc95303512676cb327d329428a04746ee0d95d37e47b2db9b76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a41f27d5ca54854a2e95155f31b43cf

    SHA1

    d2802cc5ca278cd1b36369e60449d4b2292cd373

    SHA256

    75606b002f2989c5ddf51d051f5fdae37502538eb8676205efe5431d1367e372

    SHA512

    329c55d0dbaa5f989b49f7d4634256cc1a222447cbc9c688b44310826a0de3bf399122824ffc9de4f52cf752b4ca593f05e43fa4305ca4abf3c7c855dc53f96c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3bbf7bdd560ec503f53da251c5a413d

    SHA1

    a832303d0152875711292b30a3e1f1358b2958a2

    SHA256

    0447dc6730f99ec3a4975da2f2bd819231dbd9acb60177fd0b58dde44a74c612

    SHA512

    1cc5446942474bd88a3f48fecb577b938af442ca4ca928d39d254df3c12adde39755c955711842e56e495d9c0a18e1681d95360c6f3635fab68b78a383d94ea0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0fc45a7f04fa28fd6fdd6b3d27bd715

    SHA1

    1aebfce88e68dc248c8a8967b69cddd3bbded66b

    SHA256

    54e93b22424aa41dfdc3b2f278bbbf25e3d8d041ea234cdc92907dfde9e8be6a

    SHA512

    aef07498a7ff0993c8c88158042bb17f34c9fe8ca9cb6639724208436aa744dea5be636d58894e760317657a6669459c64752baff4f2ef136111751035c4bf52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c29ed86d0c432ce69012dbe403c3a4e

    SHA1

    a551fa37f94e06650dddafa1fbc940ab6c336b09

    SHA256

    834720e019618142553a55f0da41e0bad628ba41477bf98769169885978fd031

    SHA512

    c53097520b9b51828152fb7cd313a46cf1d080e46fce0a0e4d10d46c36118f1c65e3a4166148d27054b62e23a90ab4314fc3e0faddfa7c9ec0ba3009b1d2ed6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb01f1e7272370b40980478add1b7a69

    SHA1

    2597ab51ec37edaddf3c4b1bc010e1bcfd67365f

    SHA256

    5fab69af8caafba699dbec1e731f79656c610f3296c3adbb429f7580004c2ef4

    SHA512

    ba4ca1dc1e047e690902ca205e087f0bb2b91231c7008d5bb28890a53199fc5dd1f1c465bba429442f58d6ab670de063c3a991ad69c03b62e233b070329a7b7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df56b415819c56424146cb20f034fa44

    SHA1

    ae56570fe3f8d863eccaf5765479a716f27b30b1

    SHA256

    a5d918bd45a69fb0ed3a4394aeacb5f3e4c092dc0f35015d3200f5ea99bcf28e

    SHA512

    2fc9f3e3fd111b86ed9bed9194e924aa9e310a824c1b46c7ff44bdc8c1832114ee05c5f578c7bafd5ebe512bca07180f1d30e36be4a25b8dae02e263c4d3d3c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4537046c7c125dea906e869151300f69

    SHA1

    fe51c4cd97676e52936a5a0400885ad6daf58fd5

    SHA256

    63bba2a81218f53307d5721c775d95bc4468373561661cb481a53fb0fc2bc293

    SHA512

    c44fbf80181ab55e8f465c448c5d77db37b1c599e937171f9a834604cf8dcbfb660287520ca6bf38945a165e79fd37ea5d5c811a754b4566b459c218d276d771

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e7340b86fd8d5a9ffd4e71e56250d37

    SHA1

    e5d0266541451ee7dd69cf3c057d06fb6811a385

    SHA256

    76ea3f5c5509bd17620b2f54d21892349fafd541f5590a84380f07bcb26d02c7

    SHA512

    dfa6e94f6b6e66ef07f825f5c1a1c2db49de3f907ed970f90f0757df9678ce0c20b88df1fd9865db65dec914478ca09e3775da2289af4bca136b3738838e1bbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39202cefced844ebcbbe3e6fd589847c

    SHA1

    dd1cf49091be7e29c2e66fcffb70dc38bd145bd4

    SHA256

    15fe5b1665b42a89190db0cea0f647852405090b5ee0e63b2b69bbea6eb425b3

    SHA512

    dca1a3f76394360826550d9f755c27be268cc8f7bfbd9d9dc5f71498f0afb2bebb95f16a7227cbb0bd65c010fbbef042f19db674c1af09bea2a68b63e6fc82a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c474671422dcd9da6fa0ec7287751968

    SHA1

    5ea1d09cd974ef291f7e59bdc5355237ab044799

    SHA256

    74bac52748f93f2e63572d82d76430f735a02003dcd34c146f51a1f137b41709

    SHA512

    cbfca44226f316da6d058306ae1c4b489d63f9de6420913bd152160b4479a72e4ff7dfe927597fa101642f004025c75f7add5fe744bd5cb9dd9a54f0cc316d64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ddedc09d2c1114e0ac62d4c84822d9c

    SHA1

    efaa502a95fc1e62e4d2ef40ffd2379fabd35d08

    SHA256

    c47d7baa7890b3c99ff5e08e4404e4c1adac686fb910a01bcb968b48c54e1ac7

    SHA512

    a2db8936fd70af408c5a4e1737dd41e9381e341241b8c29b8eba0e98cba5576e666bec04389eb67d34ce914ccddd1ffa6c9e0ee32b85669a8cbbe9284e366a40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    228e97d55a8010ccdb3a468e504cbd04

    SHA1

    250adef74be5471cb49a1f6d5fd8d189d2879a5d

    SHA256

    a15ab7be2cb31e6ce6528076b46c60fc0479d997b6a536a6fc5082074d0e8624

    SHA512

    fbe2705996db5061ccd7db9ebbcfaf00571fbc90b8de3a48cf2063196909afd6191a28f59333f29bbdefb1dcd5c6f0add1d8d6df63c17f7e52c43912476ea219

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e5ce3e5dffae9f5820c43f44b91a450

    SHA1

    5be832e3e9762c9786133affd54dba0270cd3216

    SHA256

    266956f8772a18a578b6117720c491598aa63834d995d7ec2ff839043493ea6a

    SHA512

    419cd771c5b3660050e8d5caf242abff09b526c429b854dd8bf3f493358ce1eddd4510e8ff863d998b636d25bbd0354e997d9b98f1758c8545bc3fd4fc8d3da2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6c9bddfc309f50cc065de8a97d488ca

    SHA1

    c7eb4e821031900c6c49a0d306b4777d9b26730a

    SHA256

    95dbdd74cc746ff4931ad2c89d0b4756aba97f508c37ab01afb12f8fcc2a493f

    SHA512

    9bc1e5623e35f3c3b4fbfd2bd5db5de5674b76ecc32701bc8fcc4afe6d4bd37553a5ae804833eb70875a02689b3b45dbe7e90ad8aeb7d187ee0f25666001ee91

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6E9EBF61-DAE8-11EF-B788-5A85C185DB3E}.dat
    Filesize

    5KB

    MD5

    cdf784b1f6dd6779cf8070bc740499c0

    SHA1

    0ef7af6f95995b52462892f03c3d8651ec7d0a8f

    SHA256

    e97623421f58e1acdefef51a3a4ddfd0ded25184303845031b3f41b909d6662b

    SHA512

    9effe98b1d613e70e6f480088a01d07e40e1ddb12ec19cd6f6c1ca93ade797deaf3013e2fb4e8675b10bc8f52f5c37666e4750d05abfb609879eef5c369111eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2E1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar351.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    221KB

    MD5

    e70ecf2fa14973e7c61384fd7dc5c4e9

    SHA1

    b284f9366cee9e961d9ee3be9148a87a5d2ed7f1

    SHA256

    fd0f984f320a0422206c370fbc00c2e931bb9236d2ae36c4f9a968fc9241571a

    SHA512

    563f7501121a16cd24a67443a919afdf4d011e930fea2719418919b9b1b1e30620d63d83954f8427899628a7023521a69cbae20597258f7654647c987c0a9aef

    Download Submit

  • memory/1372-12-0x0000000074FA0000-0x0000000075237000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1372-0-0x0000000074FA0000-0x0000000075237000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1372-13-0x0000000074F90000-0x0000000075227000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1372-14-0x0000000000440000-0x00000000004B8000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1372-9-0x0000000074F90000-0x0000000075227000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2344-19-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2344-17-0x0000000077BDF000-0x0000000077BE0000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-16-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-15-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2344-11-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-10-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download