Analysis
-
max time kernel
92s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
28-01-2025 00:35
General
-
Target
JaffaCakes118_451906dd4f60038febb3fbffd974e413.exe
-
Size
106KB
-
MD5
451906dd4f60038febb3fbffd974e413
-
SHA1
cf02b4e0af3aae52852967a97f9b2091dc0ec978
-
SHA256
0bd958c61d2ebeceafa9d1cfc35d9f22f4d8ae29d6721c675dcc220f524a9263
-
SHA512
ce2cf03a5bf44a5e35ddc9e3078a88d01675d6af55a49262bcefa13439c7a40442d329436634a250137fed107dfa94b8f8b0409355e99101c99ed6e568b490d1
-
SSDEEP
1536:33j72srzVRv7Kf4AH+pdcDJVoYMeKTn1CQAE/G1F6Ra0:HusXjTuoaD6eK71CQzm6t
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 1 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 26 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_451906dd4f60038febb3fbffd974e413.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_451906dd4f60038febb3fbffd974e413.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4868 CREDAT:17410 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
106KB
MD5451906dd4f60038febb3fbffd974e413
SHA1cf02b4e0af3aae52852967a97f9b2091dc0ec978
SHA2560bd958c61d2ebeceafa9d1cfc35d9f22f4d8ae29d6721c675dcc220f524a9263
SHA512ce2cf03a5bf44a5e35ddc9e3078a88d01675d6af55a49262bcefa13439c7a40442d329436634a250137fed107dfa94b8f8b0409355e99101c99ed6e568b490d1
-
Filesize
471B
MD565ff4e1a660b03c192195dc09416d8a8
SHA1c8e9c1b5d0e74e2f581eaa06d77db42ddb2b24b9
SHA25625f890730498e80c6b85f0ca869917f45af6cadbb427695a615181eac3285dc2
SHA5123efa3c79d74861659b4e6e97b362fb4943eeae2e81425029bbf407fb2c4c914bc2d2b43bc8164e9ed050cdb24f411a8582e086eb3557227ad79ec2256c5a52ba
-
Filesize
404B
MD5a8e135391af6c264f150aee103bf1c65
SHA196d0b26c57658533af2dd4977b4bd9cef4fe0b16
SHA256e5260bab9fff82255e3a1bd1b7daeb548c7c963463a40d461943df4365d95371
SHA512b85303af7ba1e2e4665b8faf82249177fd9d738b3691e3bffc86185fd866169e85b2a842a7f7717c4ee293ed4f0a4c7cbdc8eb9e2b8e6ca954161fe315c12b15
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
4KB
-
Filesize
132KB
-
Filesize
76KB
-
Filesize
4KB
-
Filesize
76KB
-
Filesize
132KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
8KB