Overview

overview

3

Static

static

1

03fc936086...18.dll

windows7-x64

1

03fc936086...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 07:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    03fc93608616dca2ca1e6c58d2c000a1_JaffaCakes118.dll

  • Size

    202KB

  • MD5

    03fc93608616dca2ca1e6c58d2c000a1

  • SHA1

    4a0f377dc46de72ea5abe0e46106734f08db0755

  • SHA256

    b968bd3e90c26517f91658048cb5be482ea2063f9946ecb2fbd51d7a112e76ac

  • SHA512

    184ec31be0bdd78bdeff9eefea9925ea33df36b6861e6ee69b60de74533e00c92894f1bbf39e8588dd8d1fad025be7ec47462cf65549e3b336ecf1a1b6a5042d

  • SSDEEP

    6144:z+Heop7iT+QYAP808z/dTvg+tJrkmtcDu2:z+tp7w+Qr/8zdbg+tJr61

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\03fc93608616dca2ca1e6c58d2c000a1_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\03fc93608616dca2ca1e6c58d2c000a1_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2984
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:3004
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          PID:2780
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2700
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2452

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            49b69e468878556b1009c46e376c52b0

            SHA1

            c96eabd66d8b6933229b223a27785727e1e885df

            SHA256

            2a3c4f762a0595e46b34663589a7c899fb875da1bf22fbe461abd3d3659ae21b

            SHA512

            5c8d579d0764e8d1039dd733484d6d75eaa332764b11f872166b44253e5a8dd5eb39d6b8aa1dbe7b8303402208d7c09a1579132a26d616fad9ca647f36098845

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            6d702fc46e8ca2e95b42e0f3183c2306

            SHA1

            7558c6900ed1e13369446e3a6ac75576329ee4da

            SHA256

            54bfca3d20e37dd2aaab033242921922a518a8e20d61a3383bee1e05aba6b814

            SHA512

            3788a7f73f5a974a43aa46d2c71ebc9869cafb988f1436d4238b2f13b9dc35cf83321042e6a53dd14e5cd9df09f2a416de94aa15f6ab5f2a6b414fd92c3e3009

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            279e61d43a5198190ab5ffdf8099a8c3

            SHA1

            4471c2ed5595b02335710fbe5c0d24b2292b4a6d

            SHA256

            a726cd14f61497a5390a57ba794bac39f0ac9aa5a095225a375ee8c936818654

            SHA512

            664ec7441e7606b7a02d46096ae417dc2234d7dd5b73ed17031a28ba3fda19b0686bd5f8431f2da94a94d137f2168913418724e9bb7cebd3c544e9d7f1640ca3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            76f2bc8080df0b8fbd95ba41838c2a5d

            SHA1

            a25099ca7e20dc576e1573a524a56609ce7da0e4

            SHA256

            69ad1e4251a4f9c5957f4a660c890603496057afe596cf868e83f7c558d2e022

            SHA512

            dbb7aa798410cd02a0a7e1dc9154a4da9d39f687308cef1821a0b30e44d4a159131de2e1291c1706c364dae0f276435164f983c4363cc6f640fa2a3fa205965f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            962ff3390be0850475e885fc4a90dfe3

            SHA1

            209e0729c9cff80162adf7a26981006bbb37bf14

            SHA256

            670e6aa591d3942b5a660b325db8f199852af12e187db8bbda457b100af9e417

            SHA512

            e9f0f786ea50c5c55c9915f1788b4715652d88d5e5bf4cc3ff6bc6889232e497d05058ee36a97e8558ea9c8ce4102bd9f306f58b44031f4d1c61feb51be7d32e

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            5661f66c92af681f08ad5ccfa208b125

            SHA1

            5ed993b2f1afb8eff3e1df1057acf943f71410f8

            SHA256

            b4de837714443acf11309355e6270105a757eb9cc3967e5f7527fd6e3f865c56

            SHA512

            70bb788829e6eb745c5a56c4628a3ff392221c2cf0bd7e1311f8ba5ef0dbf54e3dbcb0fa25b462792da6e767c00cf75c1a8fe7a438caa7045239a3166775d3a4

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            47d9c27279b6571a9a3f4b9f5b86caea

            SHA1

            c6586a581fd0bc6905ee207745f37643859a8b06

            SHA256

            15f6f25851480d2107c6509bb54cfb8dad43a7dc65abe97b41e01524c9822a70

            SHA512

            190e00fdaccbcf44a5d4815f4cf7b4039ca533caa27132fd5153795e24a6be03bfaf1e873970fc6a8626e27b96e08f1ad37716c8ce99d313d5f4246d72cfedab

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            c7c0f3603cabcfd5f8f9d3f5c6bee793

            SHA1

            84428ebe858ec29025b516a6e1851519c22433bb

            SHA256

            aac9a6eadc20a189972cf70b4281bd2e07747106e2ce8290242b7498fd5ef62f

            SHA512

            ff991d92bf050ccbfeda02f6c22bb5a7b7d82d8a1503612387ae67c3bde41b3b66f903a678936b3fcb137e757183b285f2a8f71ac593821e93e94da82000b7f3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            3afe57ae71c3f01892a0869cec97cf19

            SHA1

            7eaba21a0fd791d91ebabd7eb4ac6591d89d98ff

            SHA256

            1e3b40e5939b350365891b450382dc4ec345538e2df9f4e4717963a745516648

            SHA512

            e46e5c98605e26ddd604549983a786c01c9fc960f618de582698d07be7c14017d192ef11136a0fad84e544852f13dbb3707238b4260e7d6a3a40f5c28ca98516

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            864d72ba00fa333109f0d31dba3d6fef

            SHA1

            4443eeffb71a5da29ccc498cf628770da66a8d21

            SHA256

            76aa406dc213a0117353625f69356c349c839bb8df9c8b3ac849f275aa0753d6

            SHA512

            1e84270061079c9db9b1f6184963d0d21128c795576de8bd4342173199bdff16efec32ba5abf92774f36362e05bad05f6e0a608cc07c952fd1bafca925c341bc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            66396528870e3b76baa3fc22ece5f40e

            SHA1

            e0a503e943fff52638e718a92bb8db3835cfbe0a

            SHA256

            e78266b36980acdd1b71dd07a7d546e26e2a5cfe3a579415c02093fe498d841d

            SHA512

            3eba8135f094caf0d7a6ce7ceaa1d81f95a3887def6401f38769807bf66c1c100062ce3b82d7e39be795ddc4c51ba791a1a6b6f2bc68145935290a8b3ea8036e

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            efce819dc1268f0d6f7ce38a8fbb414d

            SHA1

            56f6598bb42321a987e0ca71fa9e5ba84f1c8c8b

            SHA256

            f9477cf71d14f7c66de6e639eaeb301082db6953face9458067affca05c56c99

            SHA512

            0251a962c66d73a0028c19256bb9086966ca1ba13be67ab33ffa0413aff42ec3a6aa69b35b379a8ab38164bc72743f9618ef8e2aa8677f26f53e07810c822859

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            29910dbaa9ee95a49122bdf1e2b65728

            SHA1

            eeca2e0895c3da2a1e0701d7c9ae99f719b7ecbf

            SHA256

            a11e961f0c15bcb06479ea5b46a4634cf8317c9da73a2109db07a6f280928fb7

            SHA512

            7000294a33965303aa1cb1c66a469cadd3cc8ea20748a91a1e55e6225dc9b022adc75d6c5b2fe421d71729d28d849db6693321655855b4c3cced646e81d5edfb

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            c556d2d1b87da6d3225f1003431b58d1

            SHA1

            e00484311126108cf37e256972865a732ba844b8

            SHA256

            98771968922a3534f489133b749c9681bb7048170fa5fdc93a41658400986157

            SHA512

            0c137cabf0a2aa0d7b19b34b4a8446dbc54982125bcf9662255c09e0ec94bc6278b120fb1abe448cced1c69ef75753e095a2060b91cfa7ab47f7054f6ae262ee

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            2f8b6de4be0120eac313ac284a404469

            SHA1

            9a57b7eaa0c857bd2b75a3ced1862545f02e8245

            SHA256

            7a9cf501b09830cf14fbd5e4dd7f46ce5bf037475f96c1c032f9789f187775bb

            SHA512

            4fac7c5a31fded5aa5d951118e6b566292339ae226ceca043001763da663542392ac2d3379038be0a95b4a921f239c6d14d50ee3c9e4c1c5083ea356f8112909

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            9c71c42ae75811ca86395b8cff82de71

            SHA1

            b114c8daa8525efb25227b0de776819a72271b48

            SHA256

            f0c30029ffffc651c7e31fcccdd1dddcc0af48ecfbd06cf99618b764ac2dc284

            SHA512

            dbffa033d1bcad48dfa6a5657cb88026cd9744b574829391455ba82902adf8ab671a3f16a366236527d57f2997a370749e4a2c4d49f97814ff1fcea3c261c698

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            d47fb86168e25dd0f26cf26d42df4bb2

            SHA1

            11ed24ba57d08acf74b491478d20e886d4a99da2

            SHA256

            0d589e5533b14bf5830e39636d2e65cd4d7fca56d382ed0f948af13041363e38

            SHA512

            6366c521b604f9b3066a77355aed5c477d471f8dfd6f50262668eff1ea0aebe28a2d4e8e7f670bc07fdead047f79ac3f1f9a2ec6a38f317e0d8e24184975d8c1

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            9504c375f9662be956b94ee289d7398a

            SHA1

            16e3f0c7be8307329aa6a4348cc95f147e0c614c

            SHA256

            43c63989bef113957ff593820a2d26090ae2ce4368359ea483593b5a297c5a5a

            SHA512

            0063a0991843d7cb7e70a0c03cfa2720a754e6c99a6b1ae22bbb293b3de997a51496a5dcc645587546d64d32def0ef0d494fe8429f56496b9c66a5f9690269a5

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab2687.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar2768.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • memory/2012-3-0x00000000003E0000-0x0000000000412000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2012-213-0x00000000003E0000-0x0000000000412000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2012-2-0x00000000003E0000-0x0000000000412000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2012-1-0x00000000002B0000-0x00000000002E6000-memory.dmp

            Filesize

            216KB

            Download

          • memory/2012-0-0x0000000000270000-0x00000000002A2000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2012-7-0x00000000003E0000-0x0000000000412000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2012-9-0x00000000003E0000-0x0000000000412000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2012-5-0x00000000003E0000-0x0000000000412000-memory.dmp

            Filesize

            200KB

            Download

          • memory/3000-11-0x0000000003D90000-0x0000000003DA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3004-17-0x0000000000AF0000-0x0000000000B22000-memory.dmp

            Filesize

            200KB

            Download

          • memory/3004-12-0x0000000000190000-0x0000000000191000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3004-13-0x0000000000AF0000-0x0000000000B22000-memory.dmp

            Filesize

            200KB

            Download

          • memory/3004-14-0x0000000000AF0000-0x0000000000B22000-memory.dmp

            Filesize

            200KB

            Download

          • memory/3004-15-0x0000000000730000-0x0000000000732000-memory.dmp

            Filesize

            8KB

            Download

          • memory/3004-16-0x0000000000AF0000-0x0000000000B22000-memory.dmp

            Filesize

            200KB

            Download