Overview

overview

10

Static

static

5

JaffaCakes...33.exe

windows7-x64

10

JaffaCakes...33.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2025, 11:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_89bbb24bc58b22f296153fc5b44a8b33.exe

  • Size

    131KB

  • MD5

    89bbb24bc58b22f296153fc5b44a8b33

  • SHA1

    aa16c815fe367a8d483d4936cbd7a231322db571

  • SHA256

    93d4509a469576941f24113e8fc497eeb754b5c2349551bae7baa2442072a676

  • SHA512

    bc265c108b275b67e52180041de7989a247c53d08dd41d4e56d47d94715a087c6299b5a5c2d513b23920cff54ea73fc273afa3afe9db1852af3eb5e1ecb3db4b

  • SSDEEP

    3072:LwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8JMl4:LMzzILGFkzhr0pGj9oKl4

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89bbb24bc58b22f296153fc5b44a8b33.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89bbb24bc58b22f296153fc5b44a8b33.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1272
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2072
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1936
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    43f078717ca6b80bdd61f34311891efd

    SHA1

    e72d3548a42d5bcd3fa8d2c1bcacda248ef21860

    SHA256

    63d9709419d67af2050dfc6663f35c575f004fc0b47577b02f76b158d9b119f7

    SHA512

    80ecd8f1ea03f5154d4f53ccf930bdd359cd0e77b5b10b16b848ca39290a2b2b0a961d6074a68c6cb92fa2978c4a4d8b0ca8f3b114c18918b60d2c7e95c2dc3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cad1d2b23b954b70f781be1206930508

    SHA1

    97355e3e4dc59485f55bab7e946edab5186dbfa2

    SHA256

    50281e9c1f0a2d3a8a04cad24e9269296ae85fb8c1869cf7fda38017acd7494a

    SHA512

    10c43c7ba4e1f1f39dbd9b20c7f0c2636eb67ffeb8333dd6a73b2fb16fbe513cb720e800a57a860656bc27d459fbf9949578a29014f487e5f8889f3c6d7a9759

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22be1f9a25f68c94caf26e4da012c08e

    SHA1

    e5ecf7a7f6ac976af6c8d56c99a400d12b56f322

    SHA256

    6230a1841c234c2cafe824f00056243ce1117f325bdcfee07b74263329d19592

    SHA512

    b64ece033b5f41b0f2805274d4780683bd1744bc74c020dbaf1a2bbb626875467a4f4f02a12d2bf5beef65028c7801217fa07754043d62158f6de004f8e4b4a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b15dc41e957a4a17467db61fb5e4075a

    SHA1

    a6fc6b28be7de2f12281567f82804d469f0260d5

    SHA256

    c5c8573006e4e43cfc463f6b1fdde58bbf19dbe7c608fc64fcf56adb3988ab68

    SHA512

    6715967fb91b12417ef3c8382170c1eb72689899cd2503f697aa47f4bee60c83832e3d139b1c3b5d7cfddc8ca5cacb3b1ef028dba020e68a90bd4dfb4eb92623

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5b1bcf01e040ed90b61b7934533d568

    SHA1

    999cf7d8b502108eb6aa16251ec043d0f4d45c63

    SHA256

    87197319081e55cd31651afd502ddcb3556a1025ec888c4ff30bc6a86b9aa356

    SHA512

    257537635442d2d8d3e156b3621d581127de599b2126704541603b2f266e046d4f0a97d4129b4cb1aad6338406a2b8d381b1cacbe46d7288806523c27c2463a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf0211eb8bf0defe4024a4ce233e9e52

    SHA1

    268bfc8c6b049bd98ab294413bb18b218e72fb40

    SHA256

    df607430e459613743bce2a722b7073f448fd8263e8094923be761b6da16c6fc

    SHA512

    d4b358a205ba7089d4a14753a54a4a2ab36e67e6a813f5cd0f85ed8d63d4694a5bd47c7e648800c88a4e730c1491d779c68b6906b2cc0074145571ff543f2d6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2dfa6fbbdbbe995c87260ada8bae77fb

    SHA1

    5932adcff9efe21a8f695cc96dd5835b03e291a7

    SHA256

    41733bb5ea94ba9ee5a9ad2471762d8bcdd78ecd190df1ee6c86c9b3e6ac52fd

    SHA512

    da2799a8e905de570fa79084db8cb67f715c34c519ae3f3630a3585dac541a7fc0061b2405e4e0ed3b40f54216c0e49298b05fa27a6f4c01e65e7ba4cb7a38d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a90bc84fbc8dbbbb71f65853df99729f

    SHA1

    c6af02f9f9c34d2e2e72d3f60fbeb83c035426f2

    SHA256

    17d50863facbd2f595079064283e11b12ef882e09866487636cb65e047f791a4

    SHA512

    257a11154606601c4d0200ed6367c9e72ac650319c2ce350d1a3143e1498098e0bddf5071ae01efefeb23ec5a1b81b221b02e77503db48c465a3bd510950fe7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8fd14b07c8a60ac0a86830f72b1e953a

    SHA1

    fbdf50c78fb91c51859ae4ea8c5ac2ede0c1c527

    SHA256

    3750e0e3efc451af108482597dad47ad364ffb2208451540a11e09ec30e0a828

    SHA512

    22df8c1c032a11a21808c5e27aa3e7eb95d9e8a8977c3218f86a6bdd80dd2a64e65526fe1dd47183064d383e0e6bcdfb18614758d80f2722c9d83061fc020e6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    98b4ab8737f677e0b358bdb55f76b501

    SHA1

    876cc49b27fda74a28eb7f43b5a39cb50e61e66f

    SHA256

    593cffaaec67014967df0b3c5ef5c18efb45862bf17964c99c54da35544444fb

    SHA512

    f829e49a5ee15c9105bb298cd9d8193d4409a8f36cac7f5233e8b82285b650e9418873408ca1950da9636c1942e43983e22bd0a6bb1fdd269ae387c13e489c16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    368750b3b49c8f082c5c4f6bd96fd205

    SHA1

    0810523b675b22fa29b479bd0c11c9c061008291

    SHA256

    c73ba7b1d260e9ca9b3b0ff2e106de4720f9c99698368955a9e043c4cc929436

    SHA512

    02cb92bc32d5e88b3e698a3e15054c83d34e08e7134e794bc35797648bdd5d0679093345e71a92f861d8220e6368c815dd9aa6d268db0d4bcfbe6c72791cfa92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40f45aca3aa2ea4af99f07743f39c680

    SHA1

    be97cb8beea27b6ee7a11e4747a36306469fb591

    SHA256

    ccac4eb95ba60a6e6cfe2c99f5c29a50893dadb0829caa58107b3179ed3fdea0

    SHA512

    55bfd8de326243b0d8162208710b467db9484efdaada3093bd212b8b3ceb340f6b6af4931b6e93bc07137d607df5048950cadbf0ab6ed8364b340b93d4975cde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    abc9590ef65f7d7d5262445929cfbb62

    SHA1

    208984fbe24db04f919f135eb58820adc043987f

    SHA256

    e21579d39faa33b112f95f74e9a01c58ea22c34d5b52fcacf2467d4de0896dbe

    SHA512

    98555684d388f47017ef9bbba06a647cd4603ca2d5c816d0b2f2c02655e60d1cc9ac577656f91e121bf40740a0c8bf288357e781531d8adf38a8e60a070a9b97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de280f763589cb837daa2ce578386a8d

    SHA1

    ebb2466671ba1c07eae0b051fa6a832d682671f2

    SHA256

    ec0b3d871e6021a08a4c4c0e6c66b38c44f3eb552f971df4459189a1746539fe

    SHA512

    a2151a8c444a40302ceda3f3ae78bc376e1e2e2a4bd9a664e606ebe631c6496598592858e9ac2042056874bb3fda50e0207d3ee7c00f4631a3233845686242e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1a5223632f02e74e2219329f80f4958d

    SHA1

    34c089da439011425a87e2ac5b46cf311328e310

    SHA256

    99b9908cec28ee0b65682d2af60da6501df3a23a7b9f4dc212dc2c5018897d67

    SHA512

    9194d4854ac868f933bdcfbf112e8f49ffae82989f33271207f2bb70f4753f8c4fc8c8989c56efa6edec2b73e87b532576043f98668e12102d8f520d0ebf4ffd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96d55b36e1e0ee42da3b3082c5cfd067

    SHA1

    6517742efea9611ebee594472dbd120396f16245

    SHA256

    bfc009b649a94f2179ff015ce5837021af6b3f6b5cec07b83e38b9a545f92d2f

    SHA512

    48d6212ebd043bb3b225551439408b36a3b19a095054b606f36a54195614c5fa15e04ffc2762c7f041894959cfc92947adcbca9117635ebdefe22e6334d17b50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5610fc8d78d0d7a2d3717fe286188719

    SHA1

    2bf82a20567e3d19e0fe6b56ab3a3cb89ab72b8f

    SHA256

    1ef948913ad371a9a7066f457cf80340699b0442393a3691b941213b3d5e0689

    SHA512

    5b385e954b1422fbcd4e3f89cfc5dd48d6b05a01816bd8c6d31bf96df3d0473d9aacb9b62d70ca5ea37dce27ef30a2e44ed5dfba1ac67caddeba8b7d4daf8f3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40e1e51a5aefc7f6ad7304d9747d760d

    SHA1

    bfd9bac42338fcab642bc848a7b24fb74b721194

    SHA256

    c792fca01d50ace8da4d904bac0bd48c9b5c329e10ad9b308326a05d28054818

    SHA512

    5fbb82e02a7a85826d26ecf415d189a32bcb10ce5d58d8c7ee9736b93a2eb96b9bcbd2687de6a05124a354eacea81c4ade06c98a159721edcedb1a31eb82f819

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee839887664972018f44cc313d499363

    SHA1

    bd7c184a7dd19501f8793182d06105b19222bc49

    SHA256

    97cfa687ce933ebd89c6612aada9e671471effaa5743fce421a0060a364d1e26

    SHA512

    977402a74701defc1ec4328ae913aad193f85d61d47a0a4a25662a2b9b5d3a963b1e39ce7279c7482f19add2d58a3b5fbd7149ae12be9d7936e3dd2bbf8a8855

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC7D9A61-0B02-11F0-9BF0-D60C98DC526F}.dat
    Filesize

    3KB

    MD5

    56697d6e476695f789e2675665d1d208

    SHA1

    617ead9dbc13238e3d31dc24f32d971f6fdcf7aa

    SHA256

    2e497e1913db9f2b2e53075c84c1bec6b0323d27395714786a0c063be0028177

    SHA512

    65bd60a4dfffefeafd41267ffce2a43e9a51a606ea3c81150cf73052d3c5c57d8d683f63a7a001d1b66f134479e54758d8d0cee829c66faa14ec6de3771f21f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC7DC171-0B02-11F0-9BF0-D60C98DC526F}.dat
    Filesize

    5KB

    MD5

    527cb9cde4bbe333eb20073218d22ef7

    SHA1

    414d7ac1b66b2dd1ee523b8e7488e48bf31f0783

    SHA256

    62dd748a1aa298cc6ace82011a3ee6cbe6e2011afc587eed9463e8f04b1a699f

    SHA512

    f5ba9a1554fe361c6488f04ac55cde6d97ebda589ec107da3e30cb2c230df47672a4633e3ac57964140703f4de5fc579c976a852f7facddc7544cb62b54b57a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6E6F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6FAE.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/1716-4-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1716-2-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1716-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1716-0-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1716-3-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1716-5-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1716-6-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1716-9-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download