Overview

overview

10

Static

static

3

JaffaCakes...ce.dll

windows7-x64

10

JaffaCakes...ce.dll

windows10-2004-x64

10

Resubmissions

25-01-2025 13:30

250125-qrr5esvkc1 10

25-01-2025 13:10

250125-qehefstpdv 10

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2025 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_2bf426318958fc998b4bffef442628ce.dll

  • Size

    432KB

  • MD5

    2bf426318958fc998b4bffef442628ce

  • SHA1

    32930819231971ebfa3e7325725c081107c76240

  • SHA256

    6cfa79cd2b8cc9f976c612c75c8b1b5af2f379e72cbe4128b274738e6d625244

  • SHA512

    53451a27b4851cd9d633d71e8b7d2e08c6cf62150400ce135c395c40ab1d4e4b83f005394eaf00bb381c2bc6bbfa49a5691e2da3296d811501518c26516bb0c3

  • SSDEEP

    12288:eXo450qjYthuCNIm/kqF6a2FjyHIDiNmcs:3/ku6FjyHeWt

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2bf426318958fc998b4bffef442628ce.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2bf426318958fc998b4bffef442628ce.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1772
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1808
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2496
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2752
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 276
        3⤵
        • Program crash
        PID:2164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d818aaeaae893c777ab0ad62a3b62b9

    SHA1

    ab0828b06249ec0956face946fb8f1d9b07a174a

    SHA256

    3833e2db088e9fb28c89bf8cef64e25e4801fb215b0af5100239db5191032a4c

    SHA512

    b15181b0b3f820cc8d17dc7e30330c9be5a1f18f101fab2c50166ff139f62e82c34695a59d93d4439da34f5b2898321152fd2c2ed2ccfe2ec80d9429e914b366

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f29357a40b1b4b0ee62d1f6b4d597a1d

    SHA1

    eb8c1dc28e0c059b01e5a5f9db1dd0247b296651

    SHA256

    d653b8a0424a0310365bceff522cb3c8bba7390d01c209c562ce8766e6847f30

    SHA512

    d60cadb5cfb7e48d24ee8f8c436dfcef8a4579cf8f00c8266bedbd721d9cc7326a0f0658d6ed753276f85c0e0177c7e956b178961d99cd204d7e1a14bb57fb23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fdc0f9dfa06cdac4852415b4725e782

    SHA1

    11ee367d603e806deb978a3877db4148ad5f98df

    SHA256

    88e9c411d33a94a89bf695bad96b256ad17253985ca3cd14d33570adb943bd2c

    SHA512

    a13014925a9fc6bcaaf98ede7e4e931f882ae6f1f9d3d4ee101e17a65a91f73952a43d1ee6976c94f73f2532c504d63541668eaa14d9c7bcb62b0518eaf9dd65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d102ba8ebf9032c4ad26dc703f361c0

    SHA1

    b4b987bc4a306e99b59be8d46a93b8bf8077367e

    SHA256

    8828c97db42f5b5dea180b2ae668593bf9615639932757171767d64b7e8a4252

    SHA512

    e0cbf4b83be70da2b04c0c4d48f4de5e5f0b03c3653a19ed76e82808cfc6b94322a2fdab483ff615fe3e63496287061401bd033bbe08a2175582419d46ffe2df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a2045edee4d17025d27afda55041284

    SHA1

    0fee30841b74bce369c3b54452bced5c30318666

    SHA256

    97d0393bcff52d23faf511b43e5f8af57eb3dc7f275f301a83d59a588b9c6220

    SHA512

    6011ef901eb025121a9be20385553e77e9c32a5873cf2fe67bd5a12a56eef78e89933f408e99ead83d2a2ed9e7b9cce01539318b4cf0022175c31eee3cec3f69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1db0be6adfeac3b4df52a4fdef3437bf

    SHA1

    42f9ac864112d6288844eeba578b56cb14071b76

    SHA256

    b77db68cc79add76e0d78790bd856ad3ccf46c3e02ec871b218cba26a4364412

    SHA512

    dd6d4803344ad2338d104e01db43f9861375178091b10e2b5648c999bdabb625cab0deef10537ee46245b53dd61f899dcf85f8bc6f41285d039a5d115624559b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdda07bef55261c187e13ea681f513c9

    SHA1

    d36d12c286d8fc0ac8bebb99ccbfdad910bd197a

    SHA256

    f4816b783cc414048671087de68fe2d3387b61403f6f92cf4080ec09ca302485

    SHA512

    218c3e1086f23457a641981a5a7bfebd53d72084b20ebc65472f8ef54d5e46a4e9bd168a93c699639552756707508d65db28f451022a88c9c9b039bc2f589284

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4192d1960b060cb5ce794ea637341143

    SHA1

    b8099f513976e2a4b9d582750ba9be89a0fe8133

    SHA256

    46078f5ff5034cbbff80ca484bac9c079fd3c306cc6f89a4ac76a84fbfbe5441

    SHA512

    a2712712f98f7d8076e53f2acea4fcf334878dd6af08611442bac067ce358620fc915276f8e6ddfe45e7302cf02b9373abd2875e929560c3541251ed725236ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ddae936e071e1d62fe3d43516d6d329

    SHA1

    d39f77bb70406df58ad6b9383a39387971fc7173

    SHA256

    cb49da04a47f5bdc754049a1012a5586f0f977d4e9038d86f55e80e99dd9fb90

    SHA512

    856e13b8168f5781f382dd83ae480d2c96e7063e199165f543c7092f12f47cc60104d5cacc60e3968c18f95194ab4ab3f394606957d7c5688eb1455ae33a4a6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4addb873fb7312af66a22f6483d26a9c

    SHA1

    51f809c3d8720a00f0626eca1ea0f83c17ce4349

    SHA256

    ab64bc3dd065c95d74ab2f60be7a43cdbecf005f8924c66bb003ae7096fe8965

    SHA512

    2460247670fa0c9001fedd6abc63d74645cf7e6215737229cdb843bd6c40716770feeeecee3e19ed8b07fd12c9172d79cede9f566769c07f100c4c5ba12f8225

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33bd4abf23501e223c6a973f6f7ec55a

    SHA1

    0bce7194fb9359a795b22b5b9269a6cccc1a9bdc

    SHA256

    aaef748f948513feee061a4b0ce587db135d48ad8d451eb9059c324ee4abb1bb

    SHA512

    a9ac4e6c88141f1ad123b506244a576a90e3fde284291a10fd4d852ad35dd031d2e495779a8b03aff170693d8dd91ceda509521ffbfb879435bac0ac52224ffd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e4e40b10905daf00ee23e39d106faa9

    SHA1

    732a818656d428bae09a6c94b965b09249f9780c

    SHA256

    6daeb87fc237102f8512b5cf3ab0bbee52705c6ed3f11abbb2aafa141b2b0419

    SHA512

    af00161d269f305efb5db45758087768868107a52638b5da9137887e5e35fd963023558d3f2429088ced20f2ce300dca74765633cf9d2493516ed518b600e59c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ea5c3a65b52c28f5f1f3d73238e3337

    SHA1

    31fc7f3905045ef868fc3b0c34fbe7b271ab6b5c

    SHA256

    750c3617921592acaaf80212167b2dd4c06932e23a9fb0db88b6f0f5acaba05d

    SHA512

    eabb47109a8d1b9fd2529f7bd0cc24544afb5cf8926f98837827546bc852dfe04cdb77d5660c217ca9eba2a10aec4159774526f993da4b396281424ea89e129b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe2a2a757f38471d0eff4a500d012d80

    SHA1

    36bae80779eb25d5a67bdf085fd180b2f7fd299c

    SHA256

    bffc3c308a35d2f80f63ba28dd5e25dd13bf31ff366d50556ebef4e82e4aefc9

    SHA512

    5a3cd645ea538991c0b1d75c4da9f99503d4e059ee42c0ea270a8cb38c24d69159852760ef1266778236f0818cbf0150f4c7c48ba1306a252a5741a0d4a8875f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26e743f474d811574a81c269589c92f3

    SHA1

    83eb511f7f2cf8f6b2fa9307e33194cc1c344c25

    SHA256

    0dcc3c571f90ce5ddf40ac61854ecd479768d6af76121a8c3c9ed50d78fb2c9c

    SHA512

    d7566e4b9c57ee1f5c3d1799f19b7fb5ad701e89f997002f58d7533eda355a8dd46141ed696f4fe817833bd87b9ada3ce64702c76e077d0d832d67e055e17a32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc93c9ed1e4d4abaf099d4d0e32f11d7

    SHA1

    03ea67e9c795942886e20aac49c48a949209e0f5

    SHA256

    fd3556e098fd6a57d833e3acb4bf3e43b91e0bf9aa9421297b510d06d68a3883

    SHA512

    8e84b9e859bdc4f0dd821b0cdbe6584463aecbb5f2cb263446368f6784f5f6adf05168cb038b24dbd1d2a32673d84229c198ed9568f7349319afdb45ac1a7bd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6584fafb8805f6a55c1218c3b4249f78

    SHA1

    f9f6eb28600d308393c7eb2c3599251d50e4e206

    SHA256

    4f6ea8a84bdb086404b28ff7f7517b812c7e9048b03d3041aefc34b4049c01fa

    SHA512

    e3943551fb5edf59908081946713bf29056b08c4ef7a09881acd1df1afd61a013072c1a78df007a2fc6cad745e45cef31d9f32c6c86fe0a29e4ff7ea5a28246a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85fd558516fdcef45055fe368b00ddb6

    SHA1

    12dcfb235aeca27c9834e5c4069de8c83e05d96b

    SHA256

    93d257c2a8fba6a127d7ec027a8a240a9a2a69ae035bfc54ca0739880155530a

    SHA512

    ca6a02105cc7c3e00775ce484343fe03f6d1ce5b437f8d7412fc5d24ea6159fe0f27fbb40ea4c1a457d74b9909732de2a0c62d723f993ef36a0097df9489e95d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2899b9afdf3ad75b5c99ed39eb07dea0

    SHA1

    f5c8d105d3c4fb93cdaee9d43b56d56f4a2b6f85

    SHA256

    b4579d5de87fbd639b4b24baac3e8dd35f63046a26ae7f61329309ca8da5073b

    SHA512

    6b053f5a21a4ec4fa72386c2cf1bb2d16bfb14bcf82d2b6ed1f133c99c3e410e6134a3442c8d2cfd457ff50ffd744bcc9ee5518ccab0ddb8d5668435be4ae8cb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC3CE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC43F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1772-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1808-13-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1808-14-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2376-15-0x0000000010000000-0x00000000126A4000-memory.dmp

    Filesize

    38.6MB

    Download

  • memory/2376-16-0x0000000010000000-0x00000000126A4000-memory.dmp

    Filesize

    38.6MB

    Download