Overview

overview

6

Static

static

3

fcce10c267...18.dll

windows7-x64

6

fcce10c267...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 12:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcce10c26770bd9f2c5ad6f16cd95f11_JaffaCakes118.dll

  • Size

    697KB

  • MD5

    fcce10c26770bd9f2c5ad6f16cd95f11

  • SHA1

    994913ff98a3e36c15047b0c3ed269a5c4082d10

  • SHA256

    cb960504fd796ca7ce5e4a00318a123a978e2585478464eddaa21aaef4165e1a

  • SHA512

    ce6d97972a24d5d9cbbcb4de41eae3f0844ec9236867954663c3b3dacfbd343c9b323882d0532e949ca0ded0c2eb0284fcc9a1d05a407f4ceb939be691426520

  • SSDEEP

    12288:Z8rnt0EnGRzNJphx+0Z314ypeyMZlnctm1g1HZ7Q1ujjaZq7g76F:sSRzNJjpZ314GVMZln4mS1HZ7Q1ujjaI

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Maps connected drives based on registry 3 TTPs 3 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fcce10c26770bd9f2c5ad6f16cd95f11_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\fcce10c26770bd9f2c5ad6f16cd95f11_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Maps connected drives based on registry
      • Modifies registry class
      PID:1640
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a7b3661f7ea36712a756b9e650d4615e

    SHA1

    77d968b789d5c3d9a25b24eba7de3ff090c00b24

    SHA256

    821805f12ba9e53f1523f65feaaad3f1c9f3b40fe1d7705ff1ce410e356509c3

    SHA512

    9a9fb2c4c46d7c205a8ac04f1320f6e958c235935a3aecc696659e522c492fa29eeebb35017ef5cbde9546269178ff9c696069e2f48e60e0d7e45b9d9b228ede

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    81e190415cbc868daa21e9293c53cea5

    SHA1

    fbbf2fb9684eb61aaa2a4c6b04e6ceb828a0785f

    SHA256

    9ad23cf145c5e64c0cda32b96428e5f3815929f0f88ab18a2e0a92c3be496339

    SHA512

    69fc1d156cce5f1367d839152d487ac67833af60defddc20379305d9fab895a4cbd514745bbd8c9ad586388544096a3b266f6e48ab1a0b0d4c79a1f1e5363017

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f734b83ba7b0e6b1e7558a94688ac0ae

    SHA1

    835a69bceb30f8909080a6fe886a1d87e7df2112

    SHA256

    0b5065faed4f11e61f436edceef4afce2192aa641755d412058e8dab5b792635

    SHA512

    2f43ac58af5cf3b322721023dae9637d8ef92f74667d42d7103444ef8cacb0ac27f29e0e6b3aa786a4335ccb220c4ce4735df4b90c90ae1fa66a291228bc8a09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5fc3c8e0ae3edad129fb151ac2ceab5c

    SHA1

    0736be5d4d33371df37f5f1316e88bac0cfee72a

    SHA256

    5e4493f21110ed51aaef7c26bf1331415a500330c36663e960a25d6546781442

    SHA512

    c17001612d1494e875dc7868d66eef28ca7776bee6c5e253f1365b4793f44fba9d2d29c925487bd3b81d300fb1544fac9172ad8cf2a54a5471e0e6b89fd3e154

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5fdf935d70cc686791d3261cce8b55e0

    SHA1

    6361c9cd2f290cd36fd992d61db53accd89b56d2

    SHA256

    6613e0413320a3bf238bc8ccf4865aa3bfa1128b64be6ec649a14fddfb844ce4

    SHA512

    ca9d6a6b7c27e19db1f37ad6b52dce86ca4d859c3d9d3e96463e2c96ff59fee13c3e3238f717406111998d8054928f724d0f420fb7678dbe3006f56b434d32e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    607299d334d8f1c572c9a7133b81f3a5

    SHA1

    8ef8a7ba3fa415a7c8d70004a8cb68f8ed125969

    SHA256

    e4210fb9f4c90db02b2eabbadce0cff5f7822b80e995281e145f0b17c6bc9984

    SHA512

    008b93e8f49ce5b8de1cf83a026aaf14fee6f21c50636ae94ef2c6a8dc3a8b477075a49933fe9a0702855c379fc130b4a14e353ba4f1a9e62982a68d9a4c353d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    83306247afa7d62b3638d3106e8caa5c

    SHA1

    e3a0a3489617c3e8553fdfee6b9d105673a48660

    SHA256

    96981b365897c7d6544f105bcbc53b7e5c553b4c75c708ef6b3b70d75ba35f9d

    SHA512

    b5c273af9d663e86f05f1f686a42e1f69ecfdcef15ea2984207191505127d8ffcac9b9995ca1a936ab60b96f3040363d211c3b4369b8501fdffcb2cb95aa1e4b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1E9F.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1640-0-0x00000000001A0000-0x00000000001A2000-memory.dmp

    Filesize

    8KB

    Download