Overview

overview

8

Static

static

7

e513852808...18.dll

windows7-x64

8

e513852808...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07-04-2024 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5138528084c0869f7baa71cf096bea9_JaffaCakes118.dll

  • Size

    180KB

  • MD5

    e5138528084c0869f7baa71cf096bea9

  • SHA1

    737b03f251bcedfb9adfd63cf256f24ddd17db68

  • SHA256

    a5cc7a3a07b36e5c37bb5770d267304fc8d5ab6c0a68de11de5a9aa2f5cc3cec

  • SHA512

    bf4663598bdba2a513b65a28f5ac79f3e13456c03e495f7c146abe1a784f5888100ebd3b2ddbb63a8a081095ea4e17d53eb486c80381bc7549dbea37201a00f7

  • SSDEEP

    3072:4/+JJ9t08zboIlml+Wls0QlquuH7LbLQ3+DUvl/FKiWUap9XnUugMTVFwT7foutT:pJ928z8IOdQMQ3+DUvNFKrUap9Xn/gMT

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5138528084c0869f7baa71cf096bea9_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5138528084c0869f7baa71cf096bea9_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2116
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2484
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1660
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2500
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1564 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3008

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9c45ceca5f51e94057c09be329c64994

      SHA1

      71f1dc2341bc51e8f8a00081254ea7bbbe8b8b4d

      SHA256

      db158774a7ef6850678827e4fd22e213d6bbc71c6d3d8d7b863dc8b08951821b

      SHA512

      d8ccd8e0776982a0b508df8cdfb31701ef883551cf356020a4f82f23db23a5e55b85bbc29014b1d2c7efc08f527b5c9b53179d33b80ad9c636664659cd5513aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a1aa958f72738076658089effdb490c9

      SHA1

      dd89c566b64165711293d6a9bee3e66c91da4848

      SHA256

      9e56d07e887a0fb7946f9607c1d512b20ac26adc39223411d82dd6797ee9c0cb

      SHA512

      7d6c40d2d65c48b573d888ee33df4023f76304ff2a22e999866a387c15e5611cc70f3f2ddfdaa042c69445fc14aefd7e306e45a6bc193f9d7aeef72555993916

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c8976ef443d2ec9c9f93afeaf7d86efc

      SHA1

      deb835410662fd2f66252f59723fe9475bfe42f5

      SHA256

      819a861ae8e9d5ed377d43fbf2e2228a01a079fb696ecb08e7c6c28fd1dd82ef

      SHA512

      46d85cb8664075deafc3ae3e5dabe3a8885b705afa813951db3c4dd2b6152745759a93eda21a904d108ef5b0b5d7b4c0cbc4f88b698be87eb09e3ffe578c3113

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d62c33c41477f26a211dc268c9921e3d

      SHA1

      7b51fb23bb9765de16249ef82f314d3dca69da20

      SHA256

      dc3a771d17d2f83f7e56e9676886a923f2d0b251208f87cce29bedde554f46ac

      SHA512

      4a109f2f99b8b970a0d4a58db7ba543c80d05c488bd94a5fdac965700307a5756e09dda9de40d6edbf5e8790be3566d351f6382060151ee66e0e0b2f8f20f370

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      924a5b7092fa4ef2d94a8a604cf9ce9f

      SHA1

      ee0a5e466c1587ff8f737a04aedbdd5211f7925d

      SHA256

      5206c9c2acc9e8dedee7fe12e717cd1cbf2ade0c62a0a6ea4b9b3f5f394fe216

      SHA512

      7b574aa0259de5520fbbdb27a5b1cc25cec52b2501d07c7005ec70f6a6dbb4379cc1050c128c744026bbd6ae198f323d82e7ef28db2432c3a75bd6917a696570

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6fcf1c75f910ae4625dcc57141753884

      SHA1

      fac8428c207184d5c4de24856eae60b66b68504b

      SHA256

      b0ea40fc478f08314331d5c3f10b364ecc1eaa6188f0c48bb0ad19b28c6f26d0

      SHA512

      25a28c40c30b88b60765686b184b74c245b082c7c597e14361b0a55a3d2cef30180470bd7afe0b7d12c94ea936dccdbddb3cd3bbf3892bbf3e3cb9c99f37cfbc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a036deedafc07767ab5d853d8e2a4775

      SHA1

      3ad1fd9153e1729dea475ff125f4c45e75b1ff05

      SHA256

      67ae169ce75fcf84a7aca209c37e53183b5c5d8c32de8f14f22533be7cabe89e

      SHA512

      9d50e090e0f67ae7be072b35ca575c1dc412a13c2d848af3021dab5467eda0274e6bc981ea50c1a6a962e82670ced03b08bfc0bb80ea48bae7f2c0e34b95bdce

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b5c14e0665b11ea063eea4c0fcf49315

      SHA1

      7c65b295a47be7ca3a4e205c419fb8167d34ecb6

      SHA256

      8c23d318597a7bec44311506b3c0091dd86ab041a3c4e890d8d473001967819d

      SHA512

      9636713cb79518c76de33cfd0925ce17ad59261d5c9a92bc025c243bee875d79498dd9fafd4e735d863986691776418688133ab17aad256272752274ea9d00e9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2d111d419baf162445eea3c46fd315e7

      SHA1

      9e8f663ca1f6dd027aac7c1e72da01d9cb9f0522

      SHA256

      bd5d5f180a54229927006d95dfd12734195af73e28600a7b059785d770d0d020

      SHA512

      a4f036889ad3ef42d152fcbff026c4de21bd01198bee41030b69fab9095fc39392b08eba206f7eda08e49b2d0b50a2e6632e6411febbf18f58d67e1392249ea8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      864819f82424f505ce2fffd49aa41825

      SHA1

      035f1b0386fad3f55d12b54f7cedd249267835c1

      SHA256

      4b5bc6d4b948c2cb919cdd51e9a051fe9bd0870b187be3ce2bbe55f408186645

      SHA512

      52714ba90156f95b2e6ef0ce9a583ab9fcce667de86bd085704744ad66a5ea7bfd84cfeae1d5fa4c246c8eac9e1548b0fae50ca27de9deddca1ef6fa54c93946

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      831dbfabdb17cbdb3874850279b37a9d

      SHA1

      9fb789d58a0b037347104ccd51173090927caec3

      SHA256

      06d135c74908da9e34b9c374b65589baa8ef76aa82b94b558121358dd8f6d400

      SHA512

      a5b0b3173b7d198e25bafbc14990527cbaacb15e30aefe957bb1d69096bfbed771c24591f88ef8f443017a58dc4da3c85b8d48d156bc1f12f7ad2d2103a7ac4f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ca011cc259ea92401669e27874a4337d

      SHA1

      f206294dde52383f6142cb770c94dea6ed24c9ad

      SHA256

      7d1b96dfd4a50864b881e4e5402e6016287b6bdc646c82c8f4b17e0dbe0206b6

      SHA512

      6634cc418222878bfed3e404f1680d6559fa913b0e043c3bad927bfdb3a63b6e69764caae794fee40d4ffbaf28bede92fb4ac445899487f8a011f364f8501496

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8e90f9260a0d09794590e20afeebbe9a

      SHA1

      5d173273fd60363410afee30aa19720951136284

      SHA256

      ebf681d1f3ff42cc5a45e3d734e63eb7ce5db476c0c99f217e226867e756e70e

      SHA512

      326dc04f0c89e19f3cb4deea21705941f8ecd3a9d3be861e3c05c7ed0b32f358008b77470ea74db4fb71b19a0c1cf891c36ecbffc59ee3f96e23330bf10985ed

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a88fa1277e4560cc3978a69a30ec2df5

      SHA1

      bf20840b88efa0c78ec6a01c673f1758ade01dc5

      SHA256

      5bddddbd17afc4118a5841527d1c51368ea1f3d6312ad091da22b383734ffb8f

      SHA512

      57aa8457dda279a126ff7a7eff7b262df6490d0c3aef5f4b18422716a61108e059246759caab334e6bfb3cb32a45f08cef230fd37b637023acf4669e96e97801

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      29fc764f109f382b106e45bbca484814

      SHA1

      730ce0d7952480e865ff02caeeb867aafd23b243

      SHA256

      6279352ba57c86673a3a9e7be610d2e266e2137c8c8c2aff15b0f3ed55f256e9

      SHA512

      ad683fe433781ca154d81ca6a3e774f7fff228b5686994ba3400b704481af8df46112e527c6abd6b0358cca5b43d0bb0eaa3c9e956b130189659bc652a348805

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a4059c3eb872c75988e39fb22ab94993

      SHA1

      a0ff4883a81b78f7490483d93e89707e793a3594

      SHA256

      da051f87233dc5093919d5ae4ecbf2377b8c7fd36626b8a7d185cdc0175c0414

      SHA512

      7b2eb92f697f275ff2cf7e4b270d252796b8be5f7ad89c7d215e9ff6f3c08d973a612614cf02377d11969e8caed1a4214e9cc9567eb5d1572ffaaeebf2a22d9a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5d81d2aea4f5615ac135110021bf13d9

      SHA1

      1c27489d305d18ceb4f591ac1a8d597960be0656

      SHA256

      477f42524f52906ee682da51e6ba1da75644210d46e5253f2e45cf92683e6e5c

      SHA512

      da423ae14a0a0008ce3808910c26b0833ccc446b4ebd2023b640c6cccedc71676dbdcda8c93fbbd08357a79e3af8782657b9029ff5d1c1b237ff6faf11d20d92

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b9abf545da49b7a58aa63ba45c3d0834

      SHA1

      8cb0ea03666c3c9cf429937eb2b6d10f28249d67

      SHA256

      a158196a79aa639f2782a9cf64fb1793610fe0a8b168851ec8d5d5367d39066a

      SHA512

      a8e8c30893fba1c50906842677030f3eefb7de336c3048eda55188884d672014df6d291aef87a302e34fd8fc85a8a83a19059fec0d66080efdc3f06fddcaaa99

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d8237915df7e86c12cfff9839c040ad2

      SHA1

      f35d1966f116f7fd938715d5c86e7c90eb3e8717

      SHA256

      7b072d80f5774f98c02640f7f356e406fcf07f3bcc073d03c49c929d8c5c49fc

      SHA512

      d8cde442262fad1c2050a2ebb7f69120c509e3f814320a1fc795cb536ec9c9e256b3ca92db6a1e0abd5a7efa66b1b89a40cd62fda90bfd846e1a6c88b383718b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab5D20.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar5E50.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/1660-16-0x00000000009B0000-0x00000000009FC000-memory.dmp
      Filesize

      304KB

      Download
    • memory/1660-14-0x00000000009B0000-0x00000000009FC000-memory.dmp
      Filesize

      304KB

      Download
    • memory/1660-13-0x00000000009B0000-0x00000000009FC000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2484-9-0x0000000000280000-0x00000000002CC000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2484-10-0x0000000000280000-0x00000000002CC000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2484-11-0x00000000002F0000-0x00000000002F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2484-7-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2484-15-0x0000000000280000-0x00000000002CC000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2588-6-0x0000000003A40000-0x0000000003A50000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2588-5-0x0000000003A30000-0x0000000003A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2588-17-0x0000000003A30000-0x0000000003A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2616-3-0x0000000000400000-0x000000000044C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2616-2-0x0000000000320000-0x0000000000334000-memory.dmp
      Filesize

      80KB

      Download
    • memory/2616-1-0x0000000000400000-0x000000000044C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2616-0-0x0000000000400000-0x000000000044C000-memory.dmp
      Filesize

      304KB

      Download