Analysis

  • max time kernel
    133s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 11:33

General

  • Target

    01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll

  • Size

    383KB

  • MD5

    01efee1f8ba0f9c17dfb746326ab908c

  • SHA1

    d34b9682536ccfb29769cdc0f7cfc4028f61702f

  • SHA256

    659dc79f8a18c659e6388d43f961532d496de9a26b5ee4d350e40f8454720db3

  • SHA512

    8d828a022cb6a491b124a89f61123f9a99a071a1e3db9217359ffdb0b9b3549c773de22cf3f983f1f232f2fe38f3e4dccd8ea87cbc69eb928e6d4f59e72514bf

  • SSDEEP

    6144:WiE8HElJNKlrbLcbR/Nq8RyRn7WjwHaRHculd/c8QHjx9QL6lETll+sydJf+w6:WiE8HEvc1bLm88RyB7GwHaRHVldE8QXG

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2400
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2464
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    16e47fe4d668c77f07cd489f970f596e

    SHA1

    392bdea96b99a37e9c69624843e666ed16b337fa

    SHA256

    59fc55f22f05a45739c24c545334b981f1f95f58323fff382c70ee783c7e59d7

    SHA512

    e217689ecb86f1c8f640f37cc016088f0af54180d9f18256ebf650d8ec280ff9cbb35a63d28e5057413cf96b58807e4e0de22ee9e567917e24790838bfdef2a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7d7db494e13a0933941cf13909c2e970

    SHA1

    3fa6c58bf80bfa4294fe1448592dcae9bdd41f1e

    SHA256

    9dfdecfa0c2397f846d1d3dafc9926d5cef1a9382f3d6de9594aa525d11b2c3d

    SHA512

    29e69fa8f635fc0fae412456856f1c899e2e7a4af3589941bfca228e496e093c2574b50792781bbba3dec601c4dc1d7788afb9b0ddfcb05ad060ece4d94a808e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e3686e4ac8690bc09190824abf33cd86

    SHA1

    01fcdae921a881032ec9b3837f12d80844b0da18

    SHA256

    538526164e8797f51b3d60c81bfc7a89861ea86f1dcbfa3d62e3e1c8c143beb6

    SHA512

    14f969b6ee5077f682ab3f6f01cc459374969ca4199d601d5168719251dc5488a1e12ade4b96a025205f2f1fe2314f73018748fb0a2f91b57af6dd32c85377c9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    93422a3f4190ae7dc8f401d89ca3117c

    SHA1

    bc7e8eba1ea5b099fe50c995f2c0914de9293913

    SHA256

    e4dea4eade72e8687fea35191de75d854dec4a6ae65fe740fd6e02a96945801d

    SHA512

    95f606fd5f5c53ee58517549daf7ff3fa88cdacfeca9f41afdc6157c4f36ca06697eeffa42fbb46e00ea107661bd66c388e547a1cc3835c25f41a99e24db2b74

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b0826a7582932f41a73bd58eb70b011

    SHA1

    dc638c692e156f1a101053ffc355712d53547e4f

    SHA256

    0c0bc4d4104908f71dc842290bf74ac9d7755bd7c4d0eb83b87b024d22443a0a

    SHA512

    62a4a062e64ff808bd7ba6594815859b1b39265c35e6200d7056ab8d4c27cb68feca03e8a9a0999ce92448e84e6c2ca9356b00318d591fe9e76069ee76d56a05

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f1dc6e5a3ed5fcd7d83bb740602382c8

    SHA1

    b86000bb5411022f9e28cb73cb87fb0999924d87

    SHA256

    4457b4b06280a10e5ace0d4fce4825a1e77755ed8692591d8566357bc9aeba8e

    SHA512

    6e4447cb1ff2592984b7be509a3deb5c9b74a3deffaa6faf91ff1392561134f86182b9d7f6bbe29fa4d48d6523d56b369bd2f0b703dad2b37be2d3ee9fe5accb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8cdd11beefa23312f236474f329d0da5

    SHA1

    5586c80db5140148e1533ca8d4af38a314a3a3ef

    SHA256

    dd0fa6df38bee5359d146c36495e64871d4c900a4af763b23b735196da545252

    SHA512

    34c52d711ebb8a25c9fff2b557c3c97353a9ece6ed381f1cf628bbee32957806f8828d2399c0b38ecff76a947d5a565c8583ac9d866c6190ba31f7aa413d8be4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7148b1f106dec3be897a7a112096ed99

    SHA1

    4f1837c39ef80fb5251cecee41c1666b4e199c8d

    SHA256

    74f004c2291e545f229d7f062d071d02aec5ae7714dbd0eeb275aa08271e90dd

    SHA512

    e6f0f0f408141b65e585ab079ca86984e99f38f32b66cc5a8c2f9d360c2f1da16ef822eda454288f27c0eb66b296c14bb7b50e0ce3dcab66a162a366d026eb2f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4b9a14325569e6cd6ef533d89a97f33c

    SHA1

    b0dcb00b6bb3dcf59264c4cf14c00d665ef01830

    SHA256

    3fb580e3d99311fcde01a5cb73645d036fe6cdf9c8e69f2bab802c3b69c80c17

    SHA512

    671baec66c332ce490619d97a843f858dc7d662cd7c8b2aa62a7b20bdc05ade675d1528064a9cf298b2976fa259f1dbbaa3c1400f8646b290b2d4e937c0c1b67

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1442350195397f8cd8f86d9607bcc502

    SHA1

    225fb6edd79770ed553eb7357ef3ffa33537cdbf

    SHA256

    6692e6dc4bd135511dac78aed11bda4b37459996f112616c555ded69f8a9d652

    SHA512

    2b9d01043e13d4a631e1f41e1afd3fcc4657a4fe720cf18b44579105832bf4dcb77b9ae3481056b29f24cb49d92a542cd940cbbb4c144921ff9bf391fd525496

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    20a4b20d31d00633d3840fd08fb9b85d

    SHA1

    64c6c8d2150d08c2a94df6f237f43a41e468303f

    SHA256

    4679ca4a52a6ffa331fc18654b6c29573d001c9021d946d774eadb6d245a467e

    SHA512

    a369712ac01d315483cde043410d942c179ecedbb4c93f538a5d2e8f9342969aa4fca9fde6b9fa570a6c4e7757cd82c11b8b5f845d8b7319b730256522c885a4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    75e42ee7fcf2680e14eb71b8e538c1c5

    SHA1

    69fe3bffbce87e93b1ca6acff98374bbea8ea639

    SHA256

    6e4561972127ea85793b040848113fe6041ecf44c8d38df4df3c54057872abac

    SHA512

    408e60cf46be9ccaf3de1fb897890636d64d2df3f1ad43e8181c0780b1ec998444ad22984790e10643c89e869f5487f87dc4ca3d6f85a465849f1549bc8fd531

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    47ec7a64e95934dbd56fa75428b9b05b

    SHA1

    0c7f0315f011b29087c68ff1efc14c718ee50e7f

    SHA256

    0f7813b440d78e43413cae58dd9e626556ab2769914374eb723153cda0d016d0

    SHA512

    8512f28c35c4a2fd35f6fc974f506116d02f9dc55821f3402f4f67fa279c0a885108b2e42b5208282d2a2d4a2d01089ea0a9c870a3faa6962418fe61484ca1d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b6850840328693c5fad9412fa0c5630e

    SHA1

    a65eae31f8ad1e7c8cefb1e4bb6b23992cd607cb

    SHA256

    c09a8e2de7d4cbcfd0e1cc4eec9e6092874f040556f75295d2ba4b6214404740

    SHA512

    9ccd90cf147d389d080b874e353c353978abe0442aa7c5c3c835c1bbc8a4aac9903f071a57aa72c53f1411b63d0be9c61e9c6a981cbd28525fb5cea23a0362bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    63d91c0b0f5d240e62fd878c8ed5ed44

    SHA1

    cfd31f6cbac12939eaed60f29e759496a185c79f

    SHA256

    8cf5f819d80dd8fe12f446174d12a25455a10eb7d013b5febdfc4057c0e37d81

    SHA512

    00fc4fe44add57566bf43fd33acb1c4eb8305d3a966ab40bd5699103f2278cb732d0d67c2860d05e1d50d43d0fbc87199b9213987d065a85c5089b7ba8721578

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fc74ba4728075d9e4ba1c021bbe291de

    SHA1

    8cc31dba1b152bde91659385083b848536507dd0

    SHA256

    0db7be22403f490311b9c55002c37c244cfca1ec39fb4d0e7d4e6b4d25aad93b

    SHA512

    42e09b41a79f6d435a505537da35410fc40d99a5bd30745cd681de6f948e36623f55c7dc3f0b167748846a8f970d3af7f0b4555a162876796961cad065939d1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e140768f7e94c1707329c746f9d9c016

    SHA1

    d2d5b6e3501b981f68afa65f8e6a6ee55434cfcf

    SHA256

    ea857406012f03f724237078215f616ca5ac64cc1a16490ca822d1764d0c5aae

    SHA512

    fceba2aa7ec8355ffaa8f6b82a6d24b451b5acf644d8bc8079edba5e902cb7f99c32d46866e6a66c821b22c53771c836035f428ea07c829467abba77111d5267

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7fe07ab0e54a57ee71c7eac97341a0d8

    SHA1

    facfe688689d7b527d16ae36d0690fb2c15ed171

    SHA256

    9adfe14239a87f2f2a827f185e2ed8f43486f47b0c2b9cf583959baa375d4d04

    SHA512

    c1e78df64057ae3a9cab124c352dcd61491b39fad4436a2db2477cae2f017cf45598085b1a773d72d0f0ba3f0a109749176424c07838f091e179d3b857d41b83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2be782b858318602b020b5794f8bd6d3

    SHA1

    a2abae98d15d08e75c583538eac577d70601b15d

    SHA256

    489441f74e24593f0834494b1a507a0ef1d151068ca6fee35ce36dfb8a26a03b

    SHA512

    9cc5f11e2f85ba3cc8b9015aed57b1103259ab905b5766892d5c7321a8c33d7596a4957be8695a746d7fa03e8e1c8dc357ca792f897ac20f4736d727e4b6ea56

  • C:\Users\Admin\AppData\Local\Temp\Cab3D11.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Cab3D73.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar3D87.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2400-0-0x0000000000150000-0x0000000000152000-memory.dmp

    Filesize

    8KB