Overview

overview

10

Static

static

3

JaffaCakes...cd.exe

windows7-x64

10

JaffaCakes...cd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2025 03:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_5228b2c23c5148a52b2abb872fa524cd.exe

  • Size

    52KB

  • MD5

    5228b2c23c5148a52b2abb872fa524cd

  • SHA1

    427de4913a75dc2cedf49dc34df5935f319b5b3f

  • SHA256

    e290da32df8c25cff7e1c3720927c01497f8678b80782818d17b1e6d20e9ca1a

  • SHA512

    05454c5abe041ff039e8e9c300c811bea32eaf53fbbe234a8449a4195148a156e654b1b413a693a7a1705d91a6dbf77d148bfbdf524bf13ecc1e8dc8cf352771

  • SSDEEP

    768:kciqmsSGmvvtfpXwB+jrdclRDrNaCpY/dVgI1BhES6tvLUdoS+IwSy666z666:kjTGcXweCnrw1aI176t4eS+I

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5228b2c23c5148a52b2abb872fa524cd.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5228b2c23c5148a52b2abb872fa524cd.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1396
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2924
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf8ca4e06c792816ebd565a5808118a0

    SHA1

    1204ad90e4feea6117af51b18ef415b8449d27ed

    SHA256

    dc146450f473dcf69e8da961ec5893457587b0a436a49402b69f1c857d3a2e1f

    SHA512

    741a4886708561b441f5d87225b25f9fd8d07259bbe9c84da53deb1a456398b968acfe391199556a3a1af9d10a2870e681e4b7f45bce9497fe8cb35df8ba5364

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05eb4589d42abc1da5b0aba26cfb7963

    SHA1

    92fe9e993c0f410bde50d6728bcb4bda7d5a79d6

    SHA256

    ba2ab0492a04c63de4bdd11af105c861cf473e85464914597a07f39adeb9efe0

    SHA512

    eef693406ddce71152b176ae0af2831530e9ddf3d33f9fde3e423e07312da379b04f2a5e6f8232e439fe4c18dbc1ab20ac8a743da62f0e120f19b3ff50d58158

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1fb2587970f97cb7724429ed5550ab3

    SHA1

    3d6a01b75292fe6b6453b6bc71f5069049902ab7

    SHA256

    30e264b33cc27fbb3d6bfadfaf6db5e1252f2208dde533dd2938669bb541a196

    SHA512

    2ef80331bf0814436be370874118db38334a2aee575649f56c1a2710d18b61ae84e8a30af9a963b5762ad56eab3599cf80b9a740c699accef3c6c85c7834f18e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5af088ee55856c708f647b682f490ed

    SHA1

    46eef17452ff64b5b61c44822bf934ede15fbe20

    SHA256

    11b66439d4e7a6cc0e6a0f82ca08b504e6d58e5e39936fbe58f7415ed6ab3971

    SHA512

    df96019d61fc8a493db8f835562e8d6000a794f0857b1885ce94ff0a0740148aa587af01535f42f577bcd19e7f4511e2d8f39536063ecb7a3c4d667383a2d854

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4076aa4f1c1584d228f75c7c3e1f8708

    SHA1

    0c47dcf7171c7970e4a6ddfb72933747a72c0ad7

    SHA256

    8b7007e5939c097d5c590acabe7153807940ad62e207b9674b8df9253b326119

    SHA512

    e4385c9b35ff080d92fe55f0e612393c43453314fccee2768d44e7bc170952e67b37adaee054e80fb24f84ab9d31f17e6e2509d47c1ab3f827f92462472a737a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21dd2f8139bf6cf51d7e96ed69c6e636

    SHA1

    65010d74f020e145f86a9b37cca4e1ef5bcaa4e6

    SHA256

    6ef337a327162ee78eda34c11cb97fd2c6919bd5354ba5c1e1d542c1bf2fb33f

    SHA512

    518c8a9815680f0e4023789fac324d9f7d8773728dbc0c64467909b0475ad09b33400da23e839ff1951d021c2fe587e3eef8727e3941900f2bfe702c96e1361b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b08a82d047ad8d18e21906d6027aff2

    SHA1

    59f7890dec289f23b038602a6c090503b2cb58c6

    SHA256

    052ada0488867998496d46e5dba68c3c6d9bd77132825bda788c00638f37b257

    SHA512

    1aafc4c62d6cc11338c2be9da44aa157c4e192fef03fd7be0cd1070dcd02aca9d1e383f4ebb4a2d1f51cecd578ba93fd3e2df2053dc5cf7e0a96c143d201a750

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b4996e65731d917b34322374acdc0bf

    SHA1

    12a9baceb02b749498368efb1a0c3fe6cbb8ec67

    SHA256

    4a775fe70cd53ffe09e71e2b3ebe252657ab0e368f0012db8ae5035220fe6bb4

    SHA512

    7e540a609c9d6a42e8e9371bbc2e6d6db64ef0461a75b00a6188b744dc4942efc959cfca419014206b0dd7eee2da56964bea2406abc1448e4062dc9bb3d76d0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18d1c5e9d9037da91051004a3b4d73b0

    SHA1

    ab340e95b8496317cf837b782dc4557297a4cf3a

    SHA256

    5053d3a76f797b64a16bade290616ae9e8b517d0b9003e9ee3b68747a422f303

    SHA512

    8f009509b7bafc6b50e31e7ef19663feff91379548e8b5156f5e85adac50533eb67ae6ea574a2387aa1984b1e3598cd9f38daa5fa928d20d0c25307e6f3122df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25814705f03bb0f94a6e6a1da100a824

    SHA1

    b6498d17d763258ffd23ef40b2c950ee8f671803

    SHA256

    ee7ce8ae5f9fa356fa4a8148062acccecc97d863dc5ebf9f13ce0e2076c45d80

    SHA512

    a57c6412bce95dae6af95b9d5e252187446b93deacdf3af0b14ec6da77e9cc211626e5b6cae8ceab345fd05ff55c56c40eacb2b0959d74668ade99dea77578ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9889879f41c13f5c971bdd7e7f16519f

    SHA1

    1b2a2214e2e10dc01fc20976d24892c6104c3246

    SHA256

    373d7e1bd7c62482a9320a3e7dde2475bb99b15297a0be11f160ab4580d7b546

    SHA512

    dbb2bb51cc09e0c9f821203b63492c44fac29a99d56131f030d8e43984ecac83735d9937c0d4a6151bca716b3b841d79c913e18a4ceb47bde81ba5bc6f97b21f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbf5b7530f30d61075bb2eb60f59a92c

    SHA1

    a40c7d79ba28368b5a0a6cd7c85b83f2989790eb

    SHA256

    13389e05c86d19b13968dfc8f1c73662f82012273f2d3a3f59419b44fe1686e3

    SHA512

    c7fb0fcf6278f09b256c66080219c85275fd2d6bc5860d8f6dd8eeb2f63895772b91c83f594ac88c74461ffe99ca9e8e3dfb05a95e80b53820406ea912f145d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b659295786d21ddff05cbb51c454db1

    SHA1

    19150be0f7579fd2c131564c27bc22db3c6e9c57

    SHA256

    8df593c07038bf7a40b537b946d3521d9fe58b3bd94e95d0abd61202b870d58b

    SHA512

    19a2ebf9666e52c7e36cf207062cd79edaf5b14f8fd8810826335f18fd069682e13b61a96d3b0b44fb7fea05bc9077b8d1e784190aab1f801c5824abbd4267f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e029d94628133f7db99bd28891df294b

    SHA1

    50dc3c5b16497a7a3f3c729ac9a236184cdea255

    SHA256

    ab4dd6419746e919b62d9852120563019cd367b95f3e1bad4cb097396856ab1f

    SHA512

    e28e2077efa48bfde927ba15da1b135b3fbe3bdf0f5268e198a04afaa673dbe99694d2e03cc822186488cd94092806eabb8ad995c9064650726e6743002da5fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9f55ca77ec1d423782d9004fb9f07c4

    SHA1

    383a4ff1568dbc91ff080dc0ccbc2f30445d7d09

    SHA256

    c7e91e22098bf18709d24eb0e84eecf05424acf901c83f4a23d54020822f18cc

    SHA512

    da284968ff1c64131a00cbaf260dd41fd2e13fdb60fd43f4302e07d424a1a0ea8b90fd112aced659e8458e7f8ebf7eee83b80875ba4547d46c4163a8f791577d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb411b5a8da7d5de8a1c4137a2b097b1

    SHA1

    f598052e7f5773a75d77a4d02a1a31c7a0cdd606

    SHA256

    3553aded247bc9c59a20faad51dbed1b30c79dca3f15c9e7b3b1c1f676746bb8

    SHA512

    e6837a6ec6cc626f35e1b0676a8b63c0cde74dd028f984b17017fa5aa0ae1fef392fa0c8763ed5ce3d1eac13bfc1700221adfe41a23d0da95a8c5cc19eb878de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42856a6a5f22f1b641deb0b143454620

    SHA1

    e57183575e9281cd89b61a596e4ea4aa8a9d8dab

    SHA256

    a2793911f2b4656508d79ec8dfb04f87e3910ac988d68c50c89da2b606776eaa

    SHA512

    826dadccfa64fde52801348c660a93283282978c0a87d0043d21a3fc7bdbd67d130ae539d41136bbd8912b9328c15f8459c2ac294130f9349bbda2193269b8a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab880ee77cf9e7f03b1ea4b36e4c8543

    SHA1

    ab1fff0c7513108ca2774b5e8c29407a4e8dcefc

    SHA256

    4588d0b572cc7090e52e39f2fa24e2f77fae84881e30b8b173940d7185ca9243

    SHA512

    12f4b46e52d60bb8cabfd4f8e1d1e1f1b5d8b00943adeddc8f62f661e9d3a20fd0005dd58cc7e045a1b33b232ac342e22611ea36be81c2dce242acba6af8e979

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05908f0c466938c3d536b2f724b8eb57

    SHA1

    7daf8d600605cfde461ffee8bacbbedf0121b1b3

    SHA256

    6518b8a137b936f318a8051438e52708a2503c8b4f5d02c7f9e31238c3f20903

    SHA512

    041f7754844f0cf8faadf9fd067c1826523235367806b00244652f90db7beeffd0f1faad31b63b5509f262a8396a7f4129d6322067691721f3323b10e50544d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9E93.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9F80.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    52KB

    MD5

    5228b2c23c5148a52b2abb872fa524cd

    SHA1

    427de4913a75dc2cedf49dc34df5935f319b5b3f

    SHA256

    e290da32df8c25cff7e1c3720927c01497f8678b80782818d17b1e6d20e9ca1a

    SHA512

    05454c5abe041ff039e8e9c300c811bea32eaf53fbbe234a8449a4195148a156e654b1b413a693a7a1705d91a6dbf77d148bfbdf524bf13ecc1e8dc8cf352771

    Download Submit

  • memory/1396-14-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1396-15-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1396-17-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2904-1-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2904-0-0x00000000001B0000-0x00000000001C3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2904-11-0x00000000001B0000-0x00000000001C3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2904-10-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download