Overview

overview

10

Static

static

3

JaffaCakes...6c.dll

windows7-x64

10

JaffaCakes...6c.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2025 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_47ded890f9937867aa31afe6bda2d66c.dll

  • Size

    528KB

  • MD5

    47ded890f9937867aa31afe6bda2d66c

  • SHA1

    76a14b20830760c4caefafd69a907cefeb0093f9

  • SHA256

    16d01f2db892caaa76723644d64768def9b4dc6520b4b4b5455544d4bc4a6409

  • SHA512

    01c7e9a8051c9e32a836338ed5a8ec42f812541de756983c456fab2d53732cbf579fdd7d6d1245466e6b17610eef960ffeb94dc02651715e9dbace38a64c694a

  • SSDEEP

    12288:gV7LMzw56Wx1Dk/qon6xyYhgPFaUVltwC1UOLMTQi:K1oC3yWgPFzMTQi

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_47ded890f9937867aa31afe6bda2d66c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_47ded890f9937867aa31afe6bda2d66c.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1736
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1880
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2852
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2728
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2848
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e0095927c3c79c839de250ede9424fa

    SHA1

    05c2ff1da43a830987863b90ec74f5c6706ae03e

    SHA256

    7e372241c1c287961da908babd14cf9a7a777ddc8f5f2bd480155b0b0c9719a7

    SHA512

    eec19f9fcc89ed756fd502c0d609e4cb6f042c3af0c9f377464b3a69cd405d20e8873b0b016943cb25c0f7f09edd3389ebb56ccfb7465e30a7c39a958476250f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3a69916f6b0401dcfdbb1bed921d900

    SHA1

    290a69df4046cdd180b70dc2c346eb20e6adbf3b

    SHA256

    cd47d7ba528579ca92c1291025cd3931de58d7113cd68867adb180399db4bf34

    SHA512

    6156003c585b3535ce491dbf2faed83a3f43a0f7f78a8fedc470d9dc400e2162ffb051a5471213d66514426809976977ff9c9ec7da33e45f7b77df8a5d785f65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ee2309b00e7a72541a4848156647d04

    SHA1

    2ec8f05193b0e83b8bfb7295076f30edeedd8052

    SHA256

    f99e9cecbf523f7252d122fd7885794cb7e9080b53496b73a98828d81a2ee14d

    SHA512

    4ac9d59bb30cda0c447501e235fd58f8c5e28a54e8380cd0321db4ab60b3d369bfe14ca1d419cd9d2da1fbfba5a24ca9d7f82ea2c502a8e20632c14acff9e10c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    886b0e2c84802dccaf65659ce31d7a4d

    SHA1

    b222a62ac3028db9d956a685bf43b14dd9ac12f9

    SHA256

    2e2699c39b6f6d00ac95c8ee9f9461c6d6d54d9fd175c16c8404340d3c76c753

    SHA512

    5a403c2550f868a195aac4c14fe27b761c19d15dbcba9ed34315437663c9d152a2ecb68ab29eb498e43ed4d732abbd149bcb1633ca6068dfde8317e6e9011f47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5dde0d7a4ee1ada11f465cc02ba79a51

    SHA1

    c12e9cf0720ce333b2f95bdaf86d4d525078d760

    SHA256

    5ac6a84840ab7a7d919f4568187755c4e366c0100d956b524aa9eced2dc8bed9

    SHA512

    5d4bac43b55abefc829f46815cabd4eeab4267755b6f812ef86f852e07784eaadf7d40c6b91e4a8612f68887fdfeca9e6f7d28b46a80ddf6aa64265227184422

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73a6c1eda57130b4c212e629d83fd9dd

    SHA1

    e5183fb73c19884c369188dadd7725122431c490

    SHA256

    86af68dc8c58aaf0155d92ceeb573955692cb18c03f5f1b277715a4983e84756

    SHA512

    c87077bf5c0f7a06978dde6eb08f7df736c3cccfdff308d564c1ca76272a2ed8f3fd6f9989c28ea165c80b519b6c5963737c26223a0c7318b42e48481c897435

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee057cdafd0609e163b5eca79a95baf1

    SHA1

    8386492316d1856f6719c1e30feb7b9b095107f9

    SHA256

    d1e9bf871c71c18697a11bcbf3f5207d2ba64de3bb638a17fee1c2aa8b3a989c

    SHA512

    34d230656c9e0e44312893463ae7f04e8504f1a32d8dc123f1bef6d495ecba42e4f688818b812c91a4171ac43d3a6169a41774ad57d8925027be7e711c10efba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d1ac875ef1e36e34ab9aca68a464769

    SHA1

    c521e7a7bbbb520dabaf74ccd5aec5c256b9f5f5

    SHA256

    f474330585d1514f81bbfaebef3f5919b0d6aa39b57c920a36e270d1abf8c9b0

    SHA512

    19a2b2676a93146e9ed5253e628ec33b1c5a119dca9f8aacdc066163352159c9522b3aea4b09444a75d7a225621e6323efccc994c54d685411ac848ba3c72899

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a766d547dc73f429d0db11ba3dcae925

    SHA1

    6855a249420fd28b98147bdd1e61c98fd6412556

    SHA256

    fecb941d1ef7995348f91f5f271bf655d29b448c102b4a348fd7229f0256b801

    SHA512

    ef83b4e0b6e57ec787df82c0a94cc00ec7f5604354d7a402112e59ea8aba26a1feda779da80d3e6252fe075c96a443c4f69cd41d8094590620c56d53e700333a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    671af808fbabad970624dc59604a24fd

    SHA1

    3789267959254700fc78d3fa6e56923042d9ff33

    SHA256

    aabb9dc344dab5d7c829843029b43b436c23b96692b7c8c7d12f045d1960640a

    SHA512

    ee8ec2bb90548e283067f1d5f2887b270efa178e4e0484d932e797470f5d5512ca2c9f2c005d183ce55ea39f1cbb811266586f19a512ef5148abf0306a6e79c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c40d77c16af9f915e8c9b93bf03566a9

    SHA1

    c74047a3dd58dd3046a0370a1094eed0dd8b6b5c

    SHA256

    4d61be6cc0e6ef7059c504135d0369f030cf1b5a96140277622d1a2f389e9cf4

    SHA512

    4e7346a939eaec1747e13967937b22ffa2453f5f3217c645e4ab6b136b7d86cfa6ab85e37a80b2c224419810f97b15acaa1cab7da2edbd72705c664e0351f567

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5903a73d76fe8b1225d674dc7d7a2696

    SHA1

    c64f16b49a82e60ab790083eea28792d07c7b89e

    SHA256

    c9bb8cf9d92b9a0771a2258bd5552347203f938ca330c9abf0abcb20b2f46a48

    SHA512

    bee93db1867f07eaa58a955fd9c1a8ab2327d226c317d797225a7eb61d6d973374b39de954a36903b37f763f4c01efbbee1b633f28a67a68af0c366cd41f9dd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2de3105bf3825c80449d551399af2c5

    SHA1

    68419353d36f60dc29ed74c78b5e16d926aee4cb

    SHA256

    b951490b3f3dc1f5969a8af3787ebd481aa390889cac30ef8550c31e1b875b0c

    SHA512

    42d3fdcadc6b1436b7a7fb94712a06c3243acea89e8841858524659b333125924021508e4c4615fe141a06f406749bb4a225e8843dcace6ee7019720715d4342

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a66201e34f64f2bd4f7d6979dfa33cec

    SHA1

    637eed275c272d9a8228a5bfb940e7abedc57a88

    SHA256

    f8accf1fe76635cab3adac5a022b088d33dee5c66bb1b6a390256879a6f42340

    SHA512

    3b2f51d109e87d1365540a818b3a32f7def521066b0492ced5434e002c5cc2a2ae6cb5fa9ec1f1ad72e7a996b8beb1a40d01486c0a5c07a392e87db9d72f817c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37086bbbe9c7b1739b2b5c08155d5878

    SHA1

    a7a46e8834b3f3bb91e2dc8f9c365623abd49743

    SHA256

    19537659879217fa9a1422e863cafc52eacd0cdb9d5528c2496e2064309c43ee

    SHA512

    c668e119f8fdd93d58a87f3f768c4c2e51b7b5ea4831e16bcf6f992e938be7ec19be1964e74fd4e2b32911b9a1ea41f6cb53b87b580cc8cb525ded374d907b86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f77c8f891e87f411284f85cfa919829

    SHA1

    d2caec8935e07fcb866d343d13f0a2447cebdc5b

    SHA256

    de88e2f4120135069bf4eb660f193819eb4d456c5622e5a3902705e95969be18

    SHA512

    97cb7d4d74ab6d57c32de9924174bc5fcf1601a7a3c721e666686ae7599293811d2841f3707b3d32fa603a5dc4f7df44485de46a689da85dd66140fe4f637f09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c8f3cc3d2762d3edb817f489b4f3af4

    SHA1

    b95a248c051a0bd24fdc03378b03fb3b92bb2ac5

    SHA256

    0a09722c3cf2da5b83f2da9bba40add17605586c3c867946c8dc7cb71795fb74

    SHA512

    2cdaaa9fc665673730581ddbcb0a46cc406b0d5899d802c39cdf37c5f2de0860008c4343cad814ed65a8c65c260456faa5b34ae2908021c683a71802b8e3f4c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f74ef84fa204ef9b56cb5ba617db6f37

    SHA1

    96c293848261a3a4a2242c0c73339a995c6d1915

    SHA256

    d5afa88673bed1fd729cf9c9624eef330b08fb08d8bd4e7794fb6753a6879319

    SHA512

    26d1832698360b4eeea69c09a2fc443228b7cf8d5da9f333daf77581ea950f2ff600a333d143549f79887e4fddeb278a0aadf4beb95c75bee1a688834e4d3a8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ffff9ecc05e35acd0c5ccf8e90c2203

    SHA1

    51776e83c11764c7c64ca7e1025c8e3839856215

    SHA256

    487b5a6dcb54922952935d800b00cf77a6c1991b8d3d06df8405966cb0f624c2

    SHA512

    9ee3ec3d0c32e7a602afb07e48462770bc03bf624e65c34637131a9d34f5da111df1c119154240cc2cd2314a8e794df0aae2d1c95e45a1b291782aaa4b7dbe90

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A2BFDB71-DD41-11EF-A087-5EE01BAFE073}.dat
    Filesize

    5KB

    MD5

    a52469f1e4267de74b1b29a2aafe7fec

    SHA1

    75b524ec91eb1d1fd5a7e473a89d8e96bf7843ea

    SHA256

    eda34e9a7ed1e58ee78ced70bc45a8aeca584f0c2c219898868459fc849591e8

    SHA512

    7995fd8f4e608075c1bbc86617fe01304701f713e1dab9c0632dd8946a18801020e43a04ab07266dcb709ce3ad7d18bf4c8fd0d96fa1d569041eea5fafffe986

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A2C23CD1-DD41-11EF-A087-5EE01BAFE073}.dat
    Filesize

    3KB

    MD5

    a02444932e51ea41edccbc3f71187c6d

    SHA1

    21ce0f508f775f293954662a0c317d3ace19a2e6

    SHA256

    aa86d0e9020fb9d58e1baba34f1cb21149970e05cea3a4cb3dcaf630de6e552b

    SHA512

    f259bbcb8e3416c898a03210a04f2ca58c3e1b203624e2523a8e08d9b2f9382f53dd647919a847e048028f3bf68e05723c151cfb52a3843adbed1b8eb00a371f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC5F1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC69F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    133KB

    MD5

    5da46f63cf9852e3c7a756f51aa23eb4

    SHA1

    5475fd10272f2141edf7b4a0cfbd428526e47e94

    SHA256

    678e3295d29dfd132203021da7ce63b18eb301958d6848f5666ad388a0e2505f

    SHA512

    b30e1871428c184f1abfab2da1f6568b11f19eed8af8f4532ff1be6da951242e86d486f8fc16e5ec37e7064b106f4916a03e0067b3def55e260cc2cda9dd4da0

    Download Submit

  • memory/1736-3-0x0000000010000000-0x00000000100B7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/1736-8-0x0000000010000000-0x00000000100B7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/1736-9-0x0000000010000000-0x00000000100B7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/1736-10-0x0000000000240000-0x00000000002A3000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1736-11-0x0000000000240000-0x00000000002A3000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1880-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1880-13-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1880-17-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1880-15-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1880-16-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1880-18-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1880-22-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1880-19-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download