Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 13:04

General

  • Target

    0243ce7dd550e1ed8ad6355bf37c3766_JaffaCakes118.dll

  • Size

    387KB

  • MD5

    0243ce7dd550e1ed8ad6355bf37c3766

  • SHA1

    e988e242290c39ba616a28f95325a737975c331a

  • SHA256

    fa9bb26778829a58c0b15ea253f3b37c4d930be1b832141b371f232361c752c2

  • SHA512

    ad9f60452129d71e25c1de51699be565357e0789945888de2d5e0fe07a99fb41539e5ae965f3c0403b3d67fc7a24fae514ad97110b26e6771bc14a3bfc754495

  • SSDEEP

    6144:WOiKhJ6GZUYm8yeRp/f3280+NmaAWT/mMDzGpxvSxRJy5r/K3pek:nFEcUX81pAaAWLmMDz0xKJG+3pek

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0243ce7dd550e1ed8ad6355bf37c3766_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\0243ce7dd550e1ed8ad6355bf37c3766_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2972
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bed01d1545e9864a4fc5ba47a4e142a2

    SHA1

    59b2194e9183d7b58a5d1f18eed21032a6d4a49a

    SHA256

    54d60d7b3871316042dbe29978e63841e20927a7b803f010f6a8257f77871115

    SHA512

    cca0c6a6d7322d1d18b495a613d88a983b33c8970daed819a7147f5618c5b5f49c87293596587e068df3b414e5a90a40c281474e0e530299657eb5f79c8a10e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b34387e6baf2495ce6153ba8d9ce735a

    SHA1

    69e8e61f112a324b3916d790a29914b61c5d998a

    SHA256

    6a8ddbaa48e1e3f683f400e2582510950ad2a77d4cd3d2d764051129f97393f6

    SHA512

    2a1834177b24afe8fec43fb30d46d61692ef20248e5afc9506da09fb6e8c980f892992d3ce95f37add7374e4a8714392cc6885ed1c079b33c51432b553b37a76

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6b54e38a2c3faedf99ebbf887b821378

    SHA1

    cdb636122fb4b74382c6c2fa0edf244fdc9f5481

    SHA256

    c3ef4186e924e6b9e6e65dda30e03bbf59d399cf5c45515521371d1fae88523d

    SHA512

    1ef2b7816bceeec3e6e317ceb69f9a46538561e06048ed1e74393462db4d5979ebf2a871e8aeb63c7913cf43572d7df5bebbdc001b95db5b63481164fd83ceda

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    96d04a2d6ece1ac479f396282dbf876a

    SHA1

    85ddafb282f948d6b8474e0fd5e5eb5751f17fd7

    SHA256

    74319178858a70208f0d3130d2b51a8f35a5f7cbe0b6348a39afd8e9fc6de62b

    SHA512

    1a164c69c728b14ad97e46de57aa72fd67d411df0683690b9bf15cc44000de4215b33ed616e04c06a41b2121e2b1e0cd1479b8e56ac998e386fd3a4c5245d1ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d8765032975bd540031aba5489edb592

    SHA1

    7588e61700c6b8aabf591efe98af58f70c70b4ab

    SHA256

    6275db3da37d8111a54f492d6558f01884cabfcc44e8b90399ec1d983c4e4d4c

    SHA512

    983820ffb024be953efa39c8d60f512133a105b6b64ec58769c12aa3eb7e32ea6451dbd033dc85419c886fed475d5dc0cc55dab0fd748882160d2951f5e5ece8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7f6df443114fef6c0a20fc44c237e5da

    SHA1

    56426c19a482039bac7fe3c9ee527f8d2d69d42d

    SHA256

    92db42e6a267af426ae46cc0e152bbdd7e6f9a0290f3afa5b42f32eb2cf240fd

    SHA512

    f171f5df1b1169ac440c4a86489422cbbdca34ed42828bfb6e7faa100a392cae452ab9fcdcc078a0dbd6992c846628dbebe3d1718ba31d2cfbf4f69ec3d065cd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c91acf7e9d96569a3e7aa59b78e75b3c

    SHA1

    01f578f5362f35ce1824bed772a4a8c1da0a9b0f

    SHA256

    5c60c61f04a68b32eafe804efdcfbee3d8450de7c3d941d4ddac9c334f2717c8

    SHA512

    fd6d6ebf56377d854c1a18828d969822a2ed86fcdecf3943828a919de05a61d9f2b3be0dd1edfcfa11bdfa01139be4ae0c05988b3510511a56279f9178459609

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    26cb20661dd738facfd8e3046766a2b4

    SHA1

    e0fa6afa07324c9ce7de322cf9b4aad122b26726

    SHA256

    d4f905af97540946a64314c32745e28e7b1c38c82706c6841a27ac0e70d941d4

    SHA512

    34e1560039d5b0b7153c54267358dededf92d2fa7d75ef0c41667dd035c83a4a8c1d8f6c8d94d5b61eee0f13c675d952d5ad37e7ad134ebe065ab24ae1ceae99

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5d4dc852d25e1eaf99eee856103f2ab6

    SHA1

    8997ee812b6f8fb2160ca56f02349276e4475a24

    SHA256

    46c663b2e11e329a24dde375afced983c5e2e8781618f4dd1512343996ba8878

    SHA512

    8440537a7c929198a83e4e1ff7b13f6de8ac6cbe1c08cfbf2fa5d4a17122c8d819a48899deeed9a7c26adb5e1e9770933dbd067d57d5c1a67a3d0683999aaaf8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    108c9ec97fc7bfffecb1573ebec80bb2

    SHA1

    463488754624db096bb59696e9967e7167f2d454

    SHA256

    01dfb9f9de7192379e4a214037447c0611ae071510751b7b584ea75058dcb384

    SHA512

    5846a002641f716ffe1aeb75554e615da88ab6cc016c369a1689ba8d59cfd02467f0eea2c676b9fa3cacffce7b0f730db0e7a64c0171956254344a00d99d1b90

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fb3414a5d6e085c1b8bb5151b99c6b87

    SHA1

    8244a3d84dfaa33ad2a89273981a9eff1d28043b

    SHA256

    dceb9d82b8be2544ce0e3a778336ad05d6c9168bab3ba197ad5b8ae10e720b25

    SHA512

    2627074d3dec47b6fb2b35405620aeb1c88e3de24600a9fc4134b643d579d867777c237386bfdb6286c955e53a80b39836c06faf0ab06844f02629e604912623

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1e93c43423b0f73b947b161905f88788

    SHA1

    fb1fcd3fea14ea555ad8d532e9fd47f1e2abdb5c

    SHA256

    8a0c64f745efb0b90ae6fb0a04011d4bbe1e235ee580304f2c747674defb40a1

    SHA512

    19d24505274a8a3b5d0948b0f8d18ab4d71334e3178b50d31a60e1786d75bbfcccebf18cc6d934db03fcb42d08d7ba77cc7eb05f28bb1411219e73840d99aca9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7705e1da6d0f3ab1ff1c49f9dc390ac6

    SHA1

    ba603c31094283a5d25937235df9cc3748f2606d

    SHA256

    55d990288f76633228e5fd57430d42886e472cc828af69d948ee8fdf5b9886dc

    SHA512

    45d21122bdc062eb8474157216095d35c47cd441c6bbf0623373a835090fafe63bce2841095ecdd49c2d0619ffc002241cadd886b57259778e1bb81efdbed485

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ba9a2a915cd2d30000d3642c1521eeed

    SHA1

    049c0432c52fda4e7d89e42935b6921e2e3e00c2

    SHA256

    c1b717c7fe77225d25b0ff05832ad82df8fb9791d9a14616e0f3fc6cc0486a24

    SHA512

    cbffa90552d3f4681ad76026b73034f4ed2c0d2226336ab27b074a0c1b94283997b12de86ad700aa524b9a54b5ea6c56ad1ac18f4a033ccfa3bb31f68cc526c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5aeb42d437fb0a66cadc4a7118c861d8

    SHA1

    1da512ae49cb5cd251552441975bab21526d04f2

    SHA256

    5c3d5c55d9535313f2d1aa5205275f25aced3320c965c94a40d4584f5cc2a8b7

    SHA512

    82f79d885f22ca5085d540c1ed76d44f42d8825c6684edce03cb96441bb2d1b7bcf513f94621a2d2a966752606c5f848e91ac64eb1701bd3ec2e05bc79368aa0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    14495c501c9ad3b7f2b67acd01533f74

    SHA1

    717ef5d3735989fbac5fadb9adc7188134c83e9a

    SHA256

    842c8f7c265b86c737dd0b43e09c93781ac314e86537c8a7ce67374ba2070d05

    SHA512

    e0578201d90a0416bbd0fb78edd667989ec504c190c1e7ae46ad6fccbb97ea3230c6614cdf60c9af254b96a515f1c462a25b1baf898d0ac1c7d849d2f72322ad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    20568bef8f46dfb1df565d9855e54099

    SHA1

    61d3526277cd559a2c26ac489d543b30e8e599ca

    SHA256

    426bf74f0a176b1efc2e4d5038bcd25f7c6b7fa64576109b29f271a1f4fc4bfa

    SHA512

    ca6f861fff0607b5113c8a13d40d56cc63fba07b2272089fde57d3ab318598a8b031aef55c32b167db448416db93cc6bc0e915fbd4ce9d0a41691afce7b63320

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c4e3ddd54fd92690b851427440c7f56

    SHA1

    b1f1f45b38e0da13a1651c1c59f7b6301fc99c2b

    SHA256

    be01e7f9f3cd2313ecd3ef0836d95575085b3ba42378528c119f748c358268bf

    SHA512

    437b890354b9d87c86d8076819f6ed7ea9c57b8937c1e470e29bfc06e2363a6088ea8fab28244b33a0154808781f1fc0212bb57fa9b82320e06e98ea5623a8a2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    73ee8ae81292a195a6956c497e31ccfd

    SHA1

    f406124b1c6b2601c166b63e2a09fed8d22b9e55

    SHA256

    0e89063e5c3834705aeec5fddad1c0c955d693bcae6c7766389286efc5c54da4

    SHA512

    bba2d1676295a8a2290a904cbcaa4f17528d1a26b33971b6c3167ba795eaf3bf8e2f6d13bdb43179473e2603075433022af67eff7dc9618e1332c4121cf1a58e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f0da700bd611d25a52f68e43c85f85e4

    SHA1

    56728ac68b05ee7f9e50180a9cd6dbea95846153

    SHA256

    c351b2e93ad1a27a07b62e874e30a4316f3b8074f68c498f81954bb07aa7dc9c

    SHA512

    1d8fd4c3da5fcc7b823652d27a0994e0893b3f44ebf7e382f0a799e291e90e892ae905f6a7dd1c514827be0e8da6e4fb77a862dd6f321b693e8f0c5bb7a83a78

  • C:\Users\Admin\AppData\Local\Temp\Cab3DED.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar3F9A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2972-0-0x00000000001F0000-0x00000000001F2000-memory.dmp

    Filesize

    8KB