Overview

overview

10

Static

static

3

JaffaCakes...e0.dll

windows7-x64

10

JaffaCakes...e0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2025, 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_89bb0d1727ee97be362f38d78975dfe0.dll

  • Size

    292KB

  • MD5

    89bb0d1727ee97be362f38d78975dfe0

  • SHA1

    af2985172d7b30bd5c19c8298459889e8f5c7d77

  • SHA256

    4675d0a55c4847fa5d25711f1b36b1a1b1e68b75e6b794392abda56683824e1a

  • SHA512

    e191a14c184644feb59b55bcc1b693741a0ccf3ea0c01490d428e1ecb4c3178e659bbe02202a7c8df55dfcf63ea7eab24b56b9a04462f0e78550990c703ff923

  • SSDEEP

    6144:zl9XgnzxOP/sFR2h+9q1kih6ibUxrp3/vIyRlGY+V:zlCzcMg+9YkDiQ3/QkGYA

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89bb0d1727ee97be362f38d78975dfe0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:796
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89bb0d1727ee97be362f38d78975dfe0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1628
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2280
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1712
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1952
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:3036
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 224
        3⤵
        • Program crash
        PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    04c604b876bdd680abcba0e00e393f56

    SHA1

    b0d77175907be9ae31eaeaaa951711bba704e58a

    SHA256

    e6a11596ee599ce600ec520fed8634e64fdda94e8ad7f49cebee14352c4e7c6b

    SHA512

    84399cd6a9e7580a5229c54454aa955da4e7558fe9a7c8a1adb2f32a5e4ab3aa000fd804eab34cebe292307ca8a005495ddb5fadd9ab228f7b14c2d89574a7fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    908a138c5651d7d022ea1c17a555089f

    SHA1

    9f788e973969bc6e452549f03ce6dccdb7d6b33c

    SHA256

    0806faf276dc3ecac7ada8acdc9ca70d5f8ebb6dc1be75360000ed9b49303e8f

    SHA512

    38e989dc076dca4846f95ef4b619a0881166ab460bb5f632e4fd9cd43428f65c5a1bd5d65eda99361bfc154dd37cbb94d1426a5bd73f7e9216296e5d8714b08f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8175bd6cd8fd7c0179f4843eddeddf94

    SHA1

    8f9c93f08b54430f6b235fc86334117289c06e5a

    SHA256

    bb13a62725de24c34ce4a106366de9c279878333f4e249adc47614646496c30f

    SHA512

    4c5a31e8a1977ae87c7199e286a4682a85a9da434bfaa6c58bdcb43f246a6e3f34f1d4f9a97f4237ff579e2922b437a899cfd33312cfe0ed6570b2d227cda754

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    970d1a09cb8caf74ba2473d6669f16e4

    SHA1

    0727547c1f9969fd005c78f814b76eb50c29f3b9

    SHA256

    742dcf4723d7dc7cec762d5c3cb94f595aa7f687701a8e7ad5fb57da3297af27

    SHA512

    d93e0cea98d221ce079eca9968f1daeafe6a5fc55211499e3efb48a9425a84cc6c4286055f3c55d01fc65b22e8f13899020e19472a8fc424f9ec9b1f50bb45c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa288ee108b63667b5d3c316e6e2800b

    SHA1

    48ccf38699a1c40b6fd36867f8799ccc08556e6d

    SHA256

    ceb156f7ebd6aee4544c2b4fc52acbb87e22aba657b58247bb994bd6cad89bcf

    SHA512

    6f4214fde9d0ceb7687d6dbecf0f19e5b36dfa63b4a29a9bae0282c180eb5c6618b06b720972af749c4721bec771ddf32070b675f6ae736e7318562fb7b0862c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    00b0aabdad4f4ed884e760813df17e8c

    SHA1

    475fdbde0ca8dcc962c7ef99b79ba03c42d1804e

    SHA256

    7e30a9d710cfaf9f1fd4cd5e6c19ea4e8f3a991c8489e4dc85803c9abd95ffe4

    SHA512

    323745934990a4ec191e79b93288811a36351271b9cf8530f402fd7f6136e7b45b809b81d08dd74f0ff68f3cb646e7e6eff5cb99848198476560ffcf8e3e065e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    609a22c4222cf3b98099ced39280a677

    SHA1

    7a48c4d73bd1182cbdb67c8abd53b64c6b31e715

    SHA256

    3b0a41c2c3b123dde8772b893d524ae6c34d09a7de7679f690a4d2caf0647c45

    SHA512

    ecb3f111b3129db4b4b89e9f34dab75743e6420065dbc9d0c73855e2716ff1350933409b72e3764820d27e54005274887fe0e7aca61015b793521d96a28df673

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e2c13c9663cbdbf07eb98e220b2f9d63

    SHA1

    cf20e68456c533ff302ac31bb500c2cdd3c68e61

    SHA256

    5ea82467cb18ee4f2624a2785f2ff09bf923adf29bc20f2ad7443c135e776503

    SHA512

    e7326a06d80b609a837208a6b8b392442567624056965b6cba98c34084df1fc3830465fa4eeb1e20ea6b9543c73b05f1afff224daf2480a24714485aa05019a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91907ed405283d42cf64914afc4547aa

    SHA1

    32fefd77f61c788517512d1e623a878002d85a68

    SHA256

    8ef908252444c3fe69d6cece918a3ecbf34a48e71fbdfa80a47dd8e24243f817

    SHA512

    38b69a95a82044c6236243b26bf09c79600c6cf5ba1a0a1a41a8c67425d3373a43e82f89d6c9df3b98c57eca914bd0078c8838ef62ac4f16c6f54d05de33741a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a068eb11a6b79469dc2c883298ee5fcf

    SHA1

    41f1436aef685d0d94e5570362e25041d772b340

    SHA256

    e9e1252b4ce2fa6fce2f3b732ed9af664111aade827ec418246c1fa04cfd768e

    SHA512

    826cea5dfd58893eb4a3ef12dcf6851d7d20ad45d237218ac09423f87015376e90bcd8afb606aee8d7d26c53d053520b4e46045b6ee184b91997d8f7458d8bae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a2fdc28c76b21b5d5217694c5db42ef6

    SHA1

    ef9f6553fe89c043af3037afcacb3beb66fbe4b9

    SHA256

    0445f6a27804b11db2579ced65bbefe381b5b1c17383343ca48c3cc7d19be303

    SHA512

    78bd3d6b60b9b6ea2e238f1b9c834952ba3f07a216816d8f9691a270924db7bb0e3ae609e716d406108d554fe711bcb9c19a4d8a659930c94f0ef69433b984f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ff070c3d7a1cb9a35d9973f9358e531

    SHA1

    e35f01f1312c34873331c238d89a14ceeed0a803

    SHA256

    45aaf6421e987c04bd2daca6a44867dd2ea59242c7857e60e469df2ac9c1d2a8

    SHA512

    e9fd3592883e1ede937275cde6b27780ded86224adf6611a159cd6f598560154a6dca30f482cfb46ff5a99eb7d6aaa6b3cf1dc7bb8b411f55f6c42aa4274d379

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9caad52f4258190ee8262bd9bc39c8e3

    SHA1

    53abfb07d28069a7e1d8c3327ab75be11d1b5f6f

    SHA256

    8ca6656a7ec4d614fd013a6e9ac666f0ea5f5aff4b7fad4fd9a17d8edf403e62

    SHA512

    4a0f83250140b36ad6710164286c994b5cf7f9d6128eba3110b4f19858d8d544dd221112a92b19b4adbff45b60935927893a05cfb3d87f386fa7b08649b3a251

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA73A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA7DD.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1628-27-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1628-1-0x0000000074870000-0x00000000748B9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1628-26-0x0000000074870000-0x00000000748B9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1628-25-0x00000000748C0000-0x0000000074909000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1628-0-0x00000000748C0000-0x0000000074909000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1628-5-0x00000000748C0000-0x0000000074909000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1628-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1628-3-0x00000000748B0000-0x00000000748F9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1712-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1712-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1712-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2280-13-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2280-12-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2280-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download