Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 12:29

General

  • Target

    0220112765fa22ba3be7cd05353b6bf0_JaffaCakes118.dll

  • Size

    404KB

  • MD5

    0220112765fa22ba3be7cd05353b6bf0

  • SHA1

    31a3aa911f92702ce670e71086b904999e0d5612

  • SHA256

    0dcc0c3caa0fd9160c8576e09df6ab84da3c7d2309100357b22ebcf5c7c2a4e0

  • SHA512

    ca6eee46455ad556ef7b0e6249fdb37999c397815b963a8faad03a70a3c15cc11bedd6994ecf3592787c0c81b6659520e855274dcbed970fca02fc1991f09986

  • SSDEEP

    6144:6opJ0HKwFjTI/V19/XNa6JGH5TOtyHxT9/M+uwYpWpqQDELgnXbE+xNa+QpO9pf1:5JbNvrWqvcYM5APy27Nc1IAaWH

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0220112765fa22ba3be7cd05353b6bf0_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\0220112765fa22ba3be7cd05353b6bf0_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2772
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6595e6a96e5afcb2fa7cc2008c73c680

    SHA1

    2297638fe66a63125623d44aa614c8734dedc962

    SHA256

    fdaaa710e1af341443d92faf1709f7e84b29b7cdcc7e1c4da62db96afb860e37

    SHA512

    f0821e6fbbcbe80f92120cfcd0ecb8d42f4c69dbb2cb75e57542e7526681b39e52560122dc3b2cc73c32a4da88aaf22f57d6a2079dd8e64a8f75f6382b1ae21c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    05adeeb6d18d326fa53d8d67e70641c3

    SHA1

    4c901bbfa877846b56693f6968ae5f6e1a9f447f

    SHA256

    32dba2fc4a04458e2145c5ef94463c0ee3071f6490c37052325f4149baa3fc4f

    SHA512

    c45f2c11476d8660b371b1e3fd5059f695033e31740111ccb60f754cd9afc0017635b41b23508fcaae0a5268bf91fc8d98d83a40f9c48a3a409539c41241a969

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    22b547b1616f29b894c04213a6ef8dcf

    SHA1

    6479f5dd0f8230f88c02cc5fe878373991d0fe2b

    SHA256

    5a1aba70e7196e0069403acae6b61ced3ea99708df1d3f8a7f5fd9f09dcde6f4

    SHA512

    d9be8637ef1c3c8d2b113a3735fb029ad50536c956a08e651fb625ab50cf159698871c0ede760800807379e4c1cb8557648999b9e138f18d041dbef53b82eb5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    419acab8c84215e9edb703335b7e910b

    SHA1

    695e3a6423c0117b6d9db51caad2841d8a070ff2

    SHA256

    62ab504dd568c2cea48fc08ad87c70b913d885ad0bc2206e9eb565f966797903

    SHA512

    d2f51acf8143bcffbfda543e2a0eb8089154b2d6dfc544d288e1ecd05a7beb9fac1729969cad8ef248af8d42c74abc113246ed01613b7b0e71387ede738c710e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    48343cfd25fc77069df0779fe5c84b5f

    SHA1

    6170cbc28af2b2280fc1e9bf0fbf6fcc51d50f55

    SHA256

    ddec0074fea16c3bab86bc51f3bccf5364a78b2e2c462ae777a1ad011a464892

    SHA512

    652fdb3e90cb72c4985df1e40481135e0f8f5cd1ab242693d8a883374f7e1d502154f1c135eca0f5210897572c34e5f9f91f43f6d2f8ffceeb290e8c3be5f383

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e11bc1443ae8cf0233d074f9cebdc2f

    SHA1

    0274feee57a5d62a2db6a683538c2b994dacf8b2

    SHA256

    5feb4c73e81dfd51ab7b9d4946c3fb6e47f54f51900a07e4f9c2a209c8543185

    SHA512

    93123c532d751fe1d47f4531d3d84618b584d2da70684c6f3e0331c00598d1ec899e2ef5d78ea5aacc7eacab3e0f5f9e27c9c0d20172a0da687fef82f03ad6ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4eeb52e1ecf93afeb1c23afc2ce81437

    SHA1

    87958d95f6fa20c2b512052374e610d9d6f9aeda

    SHA256

    f08039d59a6cf1969acac058534add369b820c28d3b1d425d07199f05a2d71fe

    SHA512

    cac308de3fa8e6da748cb15667edddbbb5dd7ae1e82d5f482314208f3f8befe974ba49188e0e65ee5540717d4f935c4a91eeb074024c760f5227596a6572cb17

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a9990b09a1ba4c0bcb9409ce155832fb

    SHA1

    75f947ebb12391045059e05b18b87e2d59db412e

    SHA256

    15aa92155b7672efbd107db6f5611fcf5dd983c8357eb68072e18b4707386be4

    SHA512

    1b45d8b9d88c3e58ffc4d914ac11c8a0be7d17f33ec8b4575b47ec0861cd63c0b673608966a1bf6b451a65e65fa27ae5ccfffde33422d2724d2b5160593d6029

  • C:\Users\Admin\AppData\Local\Temp\Cab30E2.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar31C3.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2772-0-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB