Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
30-04-2024 02:20
Static task
static1
Behavioral task
behavioral1
Sample
08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll
Resource
win10v2004-20240419-en
General
-
Target
08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll
-
Size
517KB
-
MD5
08cdb1000e4db43815ff90eaebe54599
-
SHA1
3e34c6b1dc0d85b345bd92293e89d86f4b77f1a9
-
SHA256
04cf322e3d567f78c2fac56acea08a72206e86b1de1c456e3c5892474d750ca0
-
SHA512
4ba02fba667a114239f1783d9c0c1ee1fb8977e1e29908a8cbc39ef89637b849b790010ad53945f968e95d3e34c9ef844f253df8a6812c240f6d380e9889da3e
-
SSDEEP
12288:luldH2Hk4UfxXKsUN2yCazdm9UQFVdgE4fYzpN9:luibHRzqgzQNn
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe -
Installs/modifies Browser Helper Object 2 TTPs 3 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ = "ShopperProBHO" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\NoExplorer = "1" regsvr32.exe -
Modifies registry class 50 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ = "IShopperProBHO" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\ = "{8FB1A663-2820-468B-95C4-5060A4C5F413}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID\ = "ShopperPro.ShopperProBHO.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\FLAGS regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ = "IShopperProBHO" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\Programmable regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\ = "ShopperPro 1.0 Type Library" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\ = "Shopper Pro" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ = "Shopper Pro" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CurVer\ = "ShopperPro.ShopperProBHO.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL\AppID = "{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}\ = "ShopperPro" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1\CLSID\ = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID\ = "ShopperPro.ShopperProBHO" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\ = "{8FB1A663-2820-468B-95C4-5060A4C5F413}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1\ = "Shopper Pro" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CLSID\ = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib\ = "{8FB1A663-2820-468B-95C4-5060A4C5F413}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} regsvr32.exe