Overview

overview

10

Static

static

3

JaffaCakes...8c.dll

windows7-x64

10

JaffaCakes...8c.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    27-01-2025 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_3da85b96670979be8926455e4d909f8c.dll

  • Size

    256KB

  • MD5

    3da85b96670979be8926455e4d909f8c

  • SHA1

    95011bdecb7db5a9dc22f6135a02850fd8ee76db

  • SHA256

    5eefa0560a9d151e24b97ce9e14b694fdea3fbf084a04f5ec7477882bad4c77f

  • SHA512

    ef549431847c2846b176c905e2069e3637a28154e04ffebc6aac8f0a4dde43390319d7997c860cc6301f1b49efc1634940ede31ab3bf700c4383bf00316baa68

  • SSDEEP

    3072:1dcQ2ZNMSQvbajUTUItjT68+xSb/W3AcykAKyyn8+uT4JDRS7zeEdDXE:FATSOjUQK0TyFKyyn8jT4No7zjXE

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3da85b96670979be8926455e4d909f8c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3da85b96670979be8926455e4d909f8c.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2844
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2196
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2636
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2880
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3c36bcb63fedd5dda09e1d86e76990b

    SHA1

    568eb2dc272f729c4e801e9cc831d807187c869e

    SHA256

    921d55bdedcd697836dc27958352421b70f26952dae707ed6081c70f50a7fdc8

    SHA512

    e9eae6c3f8c4efd3a0a4e256d4a443cf4682dcd689ec97d18c6fcd3dcb196bc74b53e5a204be6506f5399bf3f5df3833751935f5b78ab8bfbf79ef8eef1433d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9849a6b9e7c3eb2f5cc7927a1ba7196d

    SHA1

    8a6b0d8d4b2a50ec9f66685ca3193f96afe8dd38

    SHA256

    08d380698f644ebd4372f4018c450710d6561a919fdd0fb3b93b6c824b08e0f0

    SHA512

    f5438514ac45bf54ff8dc343d83488df1b97486bfedba1df6b8fc62779a6942070cb03994eab6d5f9e8104c5cb5004f8b744b3be806e312d11eb28581b13be27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9583858bc28c5ad9854518ad4637bc95

    SHA1

    93be98c36de4002366dcc507917c85f5a1c14fce

    SHA256

    f2f08044d78d5e6bc58fef098ccd8cff8c43c16970eb8f337b0befc6e3b13bfe

    SHA512

    a6585eb41ae98601be36db9231d579ebcbbac8424faa0f0951c115a4847eef9f038f4671d267f0a7d0d8ed00e4197a50674b018b5494724e1c4c444b77a17b50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfedce6e1d2a1769ca64a228e190e43b

    SHA1

    10ebfccc3c97670a53f6f5025305b384bed2a9ef

    SHA256

    82941bf19d8f5728eb74accb693845bf56cc958fb58c2277338dec0c2b30142e

    SHA512

    f28552fa1e03ceef77a171dc40c628df636533fc1f97afa114cfb9d2990cc77942e932074f8940c652c378c7c4e48ebf04c33567b6bd6c7b45de2eb7197461b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bfb7eae00dfb256ff22d86fa394f590

    SHA1

    d45a5fe4bb5df641d676971070b337f2998df5e3

    SHA256

    ca414c3b53cd3079dac225694dfa9f3e0aafb5da063d369627c61392d5697202

    SHA512

    d54b6f4fd97012bb5bf724c337e9b93bcad7a52065c6e5fe8a686f452934a4f29964e22b5a2a605c57d268be2ec13dfee818a21940bf56a108c8b7986b7dc657

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    714e6d9e2c620ad2ffa94d8f52503795

    SHA1

    df4d69888fe9d134a0712dc5fcca841cc5729bf8

    SHA256

    7f7fe9c121c55d11a6fe46acdd769b1969ad079eca984c689b2dffbf1ae698c2

    SHA512

    8c57e814226153a33f83f0bfaa4c8ee1cd4b91ec0ba3e6d67ec748018de3e877fa5a523bccfdb0676511451b64e4bd4411da2178b1e7c6e500644dfb53c8a011

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d23fbfdfbab554d880029787be550ec7

    SHA1

    9171c7fed247ecc9a23d568b743355268ab75f1f

    SHA256

    23513b1186267369fac012fd4ca5cd85d2f246943fc18b578c8570ca58c1dd04

    SHA512

    fe2a584adf2ff58b4d96259f9c8ded0573ef8769a785f834648408c8a5a022b51438f3e90b82239e501dbfcc99693dcb7184b8fc2ea532413b83140e7fff232e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c3e053ca440d98a1823f0bf4abf1cbf

    SHA1

    a30572f3cb3f1602eab74671f080aa25a6a1b097

    SHA256

    9098cf612be2f042e7bfb659593a48dcf176e5261793423fd64ad2698ace8a7c

    SHA512

    0a36768cbd2c548a61d6167f4cf56c162d7cd34cac1f6dd786f5db482432249125e4b791440a4b8595cae72b69f80b0bdd080871ba4dd7a1262b42489cf3e19f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8abd5560d665723e2cef2615abb3225

    SHA1

    7ee55a0c69a9dbf004a9141783143534cd70346d

    SHA256

    89bfdbbf1ceab5db19a92b829349419499c3ca86efe3cc33fa7c2a5e744e8d77

    SHA512

    6464540e306ba8d1c6f7f93a06b33c840c62c2298d2c632167b7f2563a9c9931d7fab11d6a4f8eccd2411323fd99e583f063b64c1ef208271727f6dc667ed760

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2be1efb9da8a2047255f3492ea536a39

    SHA1

    215bf1a99222488f983f2d26231c3840f271cbed

    SHA256

    25a6c366b3c6fd3fa420ed4502640218d0b49b4ab5ff2717fa34ed4e88fca377

    SHA512

    4a42cf6e003bfe4eb9ece62c1672749b5189e5bd7d5a371593b63e6524ba17030fb7c5bcb90c04bd9f2eaeb667ccffe1381ecf75278be37b2e52f453515156f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df0e64ea3e55eba5382e185ac13cd57b

    SHA1

    89290443a7ba2312421ce6ab3023b716276b4379

    SHA256

    bf5c936bbed6a55e4d10bbfa37227869db4c7e75e83b1b0bcf4d4a0772a4da6e

    SHA512

    ec5ac09f55f4ccbe60143b500c20887f2f96d2cc90c7ebf82c9d0769191fe740fc5a7b8c254bb186ea7b12fb2b41d6edbe85088922631f6d5ea5d60561500104

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f97ab638101591e68e2017a10acaa5d7

    SHA1

    3732a4616bb00db279ecbb3eaf2eef2774f5a52a

    SHA256

    26c7ab71a826991579340895180084b0c83a1a266a2116c63f3864be45a39c87

    SHA512

    6ba7a29e1f63227aed1646d00a56075408d9809565f246fa252c9ac759a41d397709388b96b7dd08ac7dae8fdb93ac6a19246621b78b40608336dd916950a4f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db252e501c74dc204c20a3ef26b1c261

    SHA1

    b869b292399edc3b9ae3a75e86b5643513c29569

    SHA256

    a60b94d08cc12b914bb497b37b9c93858d1a0d3265e0fcd4fa7d575743f4cebc

    SHA512

    919dbc86a3079b1624e58f0dc02a22c49ec2b87fdf19b99553b25824dd318d993cef4c95bff864f9b84ef3896cf9b6c5576f53c1ca7ce48abd24f56aed5f2e15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5a74c10a521238bfff3e2b882cce981

    SHA1

    0ee418fdd95812cf9e4c44ca1225fb87e2e799e2

    SHA256

    d22f4a69ce72d170b65d3a6ddb8672d4c18754120efa7c7bd360759290cdaf46

    SHA512

    9fc187b0b624164d2341469d98ce133ecaeb5e89e7f278d6ad3dfc324da45d7bac1d96accb56f3889136e9dfbe5417d8d74712abd2ee8b2b117ef79a02ba3ae4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52371dc03e6227bbb69fcc6495182996

    SHA1

    138de5d5663d0d12f34cb0b2c56f47b47d4f09d2

    SHA256

    afbe32170a1c1c6a44676721a7d35996c0ef92008332bd835318bdd868926d2a

    SHA512

    b45602e4ebe2e965400100355b8fd7d4d6eacf0536681eb3dfe6dc8c240020bb316026d502773b0499e060b85cb2bd955898fe3eef4eb9e0c07c358a639c8153

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    611a5dd5115604048b9cad1519c8c624

    SHA1

    dcd33188ea8dabcb1b7080512f986898b2c10352

    SHA256

    5ba3b8abe2ca5c08217ec26e46d3aefa080742bdee71dddf989faedd797453e3

    SHA512

    02f94f8d34c3d81f010b3c596dee57a81634b71253798a1626b2f6206d9a02f6c51da9657a4dc3019b582d18c053569a4775c7f61a2acc2615ea9c5776c72371

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4c8197b74c65e1f6da1a8a5a668e3bd

    SHA1

    f54c1f0a9a69e86f2d2783b89996203cfd74958e

    SHA256

    b495238b648e744f7a0e2249773c22b55edb4bd221f58f305a0441f5c571a884

    SHA512

    da8ed87c4d16e7e2f521630d0f724ba458bd7c1ecc47e349241a6e6a11a4754889b528db294aa6d106c6c65be65cc48f5ac3241efe3dc43c006c089b24afdbdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    001ad0337a4193938e6c2b6a28e4d4d7

    SHA1

    65a6c0a74d9e2149d9b15a36e3940346ada072c1

    SHA256

    5233dd6475695690c5eed337db6816b143f7aeedfa3d7a9c08ce75d96f57a0cb

    SHA512

    9b06f4b8f856dffe8969743b5c942f574b9d7ec34e3730e2512417571161ef856f9aa413aa70dce8683f887fbbc566e15978386e0d9fad8508035719454df361

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c3aa427dea060a11d0a416541f55fd4

    SHA1

    998e66e8934633317ebd445299c510482f230e71

    SHA256

    0e70c4d279a8979b8dba45a79104b2b1ec233c283325b3508e1c5c78037fe935

    SHA512

    f19dbad38d9af76824e4f5d0511940ec4d0e0da2e802d14ad0668772c72c439165b6a01c0d7f42f0c513d677f5ed7c756095663b17bd43d8e38cb1e1fb20a150

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e334b124038e6265573a4eaeb23b646b

    SHA1

    c8d452fbd8f2ff6ed9439fe8c41925586a417e43

    SHA256

    2a7ede5eebab0861f4dce06e6ec8e417ae443c2f2f5372b7eddd88a03ad6a977

    SHA512

    59ebf93fe9a226b436dd9389272c719055fc964a09bad27c7b42b5f089280f5bef6d0353c2d2659001d081786c4b43dff8cdbe34817f96898ebdf60827ded070

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{728B34A1-DC87-11EF-BFDF-52AA2C275983}.dat
    Filesize

    5KB

    MD5

    3c7f52d1acffa5ee07b982a974b9cbdd

    SHA1

    63020c0c194bfd596ad7afa426efbc10eef45509

    SHA256

    4d8fd5a97885d9b4dea89a615f9d1b00cb850dcfe7435517c95759b7449d6668

    SHA512

    ab20c7faa2aea9aa03189cad756a32af0ebbb0937a123a2b420708936a3a8502a365fb9c3c2b2d42ecaf19ded1ff52ee1e3632d41e1d43122d2a7adc821d9645

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{728D9601-DC87-11EF-BFDF-52AA2C275983}.dat
    Filesize

    4KB

    MD5

    3a0c6735fa41b2c9b5be43f2c3b4c40d

    SHA1

    0b9be2e794fa255758116341c4d1c7962ec356d2

    SHA256

    74043073122faa474ed8b9e3706da6ff03c3034d8f2923c66e4a12af001dd932

    SHA512

    9c55d6aa79b341b48bdaeb23f1bc48364c6e3eeb4407e978eab92bec512ef56caec1a841504182327b9ddb6a3305304a483902248cd11159bd8f88f3fefd29cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab67BB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar686A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    98a8ced05b34189b8b36760049b2ea36

    SHA1

    a5271250fb91d891c7df0cae7812ed68907ae076

    SHA256

    e50689964fa016ff34ad6517bb863e26e571f907635e719f1fe5e70a61763d95

    SHA512

    8548b7dc08007fe55e2b7f9bf502c7271655edff52100bb8445a321f37137139c0cd54f7f85558a2f99b38dd574c8435371adc07f8c365bf8a8561c63fe6be45

    Download Submit

  • memory/2816-8-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2816-1-0x0000000010000000-0x0000000010042000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2844-16-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2844-13-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-14-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2844-12-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2844-15-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-10-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2844-20-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download