Overview

overview

10

Static

static

3

1680759f93...18.dll

windows7-x64

10

1680759f93...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-06-2024 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1680759f930f5649c2f05608bf04cb6c_JaffaCakes118.dll

  • Size

    823KB

  • MD5

    1680759f930f5649c2f05608bf04cb6c

  • SHA1

    ab985ab5b5ae183659f6c6240f6ed62df3cb9325

  • SHA256

    0d9793cac8c3d554fed790b99d2498892b4d8d4e71633690cbf2324b97b98edd

  • SHA512

    7938540c7f6591a5c601ea53f1b052bda69b14c68be1846d64838e51f9f5fe32f541c068e50569d2c118d22abec18b1bc24b1f97ec260ae2a6b749d87ffd0561

  • SSDEEP

    24576:AL5/rmRsmDWDPNuFhPvYrpLYHSfcoopooLY9Nu0:qK5hPILYHSfeY9n

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1680759f930f5649c2f05608bf04cb6c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1680759f930f5649c2f05608bf04cb6c_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1992
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2084
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2672
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2700

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b06d67a9caf6e6a3979fd1c9f597077

    SHA1

    db90c92e28500605df8f4730814900da3fda0db7

    SHA256

    44cc3155fa7f4b94bd7136272f963421802a65e36657ac93a9721f80aab0b686

    SHA512

    7646fe7e822fa135c8b9a1bc5465a12d0b2efc1c4c737d8fec127f0bc35b5842edf72789545a74f884ccf7587d22697eafa26d4982a6fc517862d0d51c95b3b9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1706a8f84c122df45edeeefa268b7535

    SHA1

    2ce9fed2af50e48879a844d060f72df62f01690e

    SHA256

    eda78b6645375ff76436c29f9cdb88276a123c40c7fc99ae85c988c35168a039

    SHA512

    3f172f5444e583a2b8c13d62bc41a69bc1026fc32842a3502bbdd8223efb589ed196e49ed7bc2d856e946a5542677ff12443d4ea628b7108378a733c010bcb81

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95761af94fcca09959b371beaf6f8dc2

    SHA1

    302d19243add155609f941015be861570f8309e8

    SHA256

    505ff7f767e3969528985e7915a6a06709985d6c0cd7d6d57975eb176a84e425

    SHA512

    6e3c2d753b6ecb714e053760b83320fe56bb01933594a88d5fa9b9be2af1a034cc5d76a065b55de5ce215967e0d80655e94ecf652d095d9be5112c19045591a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    706de958f3e7dafa84caeb6a56af3e10

    SHA1

    285211759eab7d88e517ef32a44bbb0571046364

    SHA256

    17df1e304f0ce4f680a29c03de9e4ad36f94147376fd880a2d6661bc45421090

    SHA512

    522a4d01394be28906d3ef0dc2fd245da6f46932a1ef33ad89ea158edb66b388fd980c90ed64b0b6626368332dd7396bcb10cb35c98e7eef2dec9d1ee8e95b80

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85235827d703ba79b1b21d132dacd2a0

    SHA1

    e17db1f284f682898f8eb2a530d329de488a677f

    SHA256

    4a666be990497a2e9381ef5b63b5e2ce04b7fdfcc7746921d1d812d45aa25d41

    SHA512

    499c73aac0f7513f047dd02f00dda60eaef98530f1fbbed0858628c8505ed0b17a27e79c641de64f13f4ce00823a9a1e99e99f8cb8ff6b6f25373d5edf595faf

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab3C96.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar4B8B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit
  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit
  • memory/1992-10-0x0000000000230000-0x000000000023F000-memory.dmp
    Filesize

    60KB

    Download
  • memory/1992-9-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1992-13-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2084-21-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2084-22-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2084-20-0x0000000000250000-0x0000000000251000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2228-38-0x00000000748D0000-0x00000000749A2000-memory.dmp
    Filesize

    840KB

    Download
  • memory/2228-1-0x00000000748C0000-0x0000000074992000-memory.dmp
    Filesize

    840KB

    Download
  • memory/2228-99-0x0000000000140000-0x000000000016E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2228-120-0x0000000000140000-0x000000000016E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2228-5-0x0000000000140000-0x000000000016E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2228-4-0x00000000747F0000-0x00000000748C2000-memory.dmp
    Filesize

    840KB

    Download
  • memory/2228-3-0x00000000748D0000-0x00000000749A2000-memory.dmp
    Filesize

    840KB

    Download