Overview

overview

8

Static

static

7

21c1616a67...18.dll

windows7-x64

8

21c1616a67...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 08:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21c1616a67aa89ce66655a97dc240c9e_JaffaCakes118.dll

  • Size

    168KB

  • MD5

    21c1616a67aa89ce66655a97dc240c9e

  • SHA1

    7fbd6478da0b6e6cdb4e2e1f3174224c6337dfbd

  • SHA256

    4392b540e76a9f5f48424e5bc589f958a4425293374068dbd4fec0275a132a21

  • SHA512

    19a8d0131a8ec00b0895a326c2687d4a1b5b19c8724293025d7da2cd4a55a1d4de1ab50747bb1a296740d431d7268306b7243e0eded9e235895aa4343f47dd2f

  • SSDEEP

    3072:e1CBjTbN7xBQs9GcmbQzNsGoC/bKLhu7CC0JFn2sCjmv2out8:ekJHNVB1BE+N9rjKw7CtH2svv2oS

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\21c1616a67aa89ce66655a97dc240c9e_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\21c1616a67aa89ce66655a97dc240c9e_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1704
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2308
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2072
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2504
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2600
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2596
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2372
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2936

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bb636076e5bab8b2c946e8b743a82786

      SHA1

      521df1b189ff3bf9931a6eb325cf2e48e4ba8c2e

      SHA256

      26127b68ae1df2356a452e0a9b3ce89d69939c1de1793ce91b85f84ee30b1f84

      SHA512

      5659d3589b5b0fc3b0321be1156b19fa0ec724c71cced87489042d291fc44085dea546f619c40bed560dafe0dd3d58f4604dfcba4057dd44544d99da36655886

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c769fb7f01ffd06cb30a2f16167fcbe

      SHA1

      805d375ce04457bfb35c83ac680b9e2c4f5508c8

      SHA256

      4b618daa20cca255897dc4e86c785514289a961bdbbd9ca6588c629f679c3227

      SHA512

      c81816af547ccd131930d57bc3bfae8ac15dc62b088936ae751a2d118c3809333d901ef3466ad84e17874a621b04063e2d28c9bddaa3c9d1bccbe6e0e32ede30

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b1e541dbec927bfd6fc50e891aee8f8e

      SHA1

      1926dda1fdbbc646e8519bef912822c579fba895

      SHA256

      6f41789276b356c8dc971150ee67855ba295823d81c46d1db5cd377a8bb035b4

      SHA512

      184ae69eda8a829f3d23f191529feb11ab51634de51a410d8f9dba9cdcee53ffa06d1c28161b5be736b756fdbcc8ef227040f1850b57eb539825597c0511420c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d72ae890c4faa66856a10bbc9087efd7

      SHA1

      af7c4384a8b48a982b95e7fdde7f8b9626c4ed73

      SHA256

      1ce2f6e9d8cb4ab7539c96c4cff1d5c6e1e2354c6de571244bc8c3b32111dffb

      SHA512

      021c1b788bb9eb82f4b09332a7c416e8189148e70549b8618e674c7d3c0cf48c9fe31e2a1f246152728693912e9506c504da1e69ddfdca89850fc57599eaed35

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5c79d7c95740e63684c11d0ae0bfdce0

      SHA1

      4a4f269f97d2883a7b60e69da25fe1b1f9758650

      SHA256

      8e8821ad494612c77ba62738cebd8c1edb56868cf9ea88a05d4bf0c5e21448ef

      SHA512

      2feea295dc815cc57074bb489aab01d2454dff6d7c356c125676bc3e49e20a8bef9986f9227e43573c419d2600ee4a9e64ae69e17e10ce02366be09163fc2f49

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2fbb86b7df05eb3ec86a9e0e719ea808

      SHA1

      26c7be50be19de8cb067a2edd24490ff69f7a1dc

      SHA256

      a5588211fc7e96e3e5bdff401c3cff14d255525743a28bd0cdcd7bbf74ea0974

      SHA512

      3ea0634ff765e602d55ef60129a924ff65adafce5766f263e7ba0693f934a8f3bac3738476ec6daa7ad98803b42bce4e2e3e33c3e703752f43c7075a7b0345a5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a213a3a8ee897102cf14c81d7ddee9a1

      SHA1

      816fdcd7d68de18f5b66adf6283cef00d0002edb

      SHA256

      2f5c54932dae0f40c738fb2b2c555a43424fef4e7bf8305758e5ef752be32390

      SHA512

      76c639aaf402e0d63758301238f827d1d0f9b08a0d0097ee93ee963b7135f19f68ee000e3a03580415971899cbd8cd06545368a2fb21d602f18a31958fd5b7b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      467c29d8e2e8045bc2fcffd3c06c5755

      SHA1

      d06a487bebdd18c5412c07c88928ee0e62c6a4eb

      SHA256

      93fd64c85c20ff85fd78cbf13cef16cdc26eb5bd4fbd6675a028c6ae0f4470a2

      SHA512

      23061e9eacd40778d42d3a6927d48d8a4c625bffa84b503625a4024334f8b40e0b940d59d2eeaf02413174f6fa21eab62c2597ea9a44f9f4c50065c83d55653c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      62a63cd729d9346635502d8b2aa83ea9

      SHA1

      55640c19cd63b67c17dfde9338ed9e2aaf5519b6

      SHA256

      896b507f922cb1e1a9c685bedbdd4fa58a36e7a4427c68b76154ce3a1a83f00d

      SHA512

      ca37a7d9cd300622fcbbdaa56ee394362ad7f2d4c1d54d4030aea2fd7eb68f76efda994104f8a51911ee4c4c6f82b4fdc86545c1d7cf2eed459e7c32ade366f6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ccbd31bc09a8f067803c9bc053083882

      SHA1

      ebd6becae8539d530b43dee38246475871f32fe1

      SHA256

      08735bcf47c3a6be33a329c16f00eea057c6511870b94fff4308f0bb30c3d83a

      SHA512

      1ce1546b5495e99c224ab0f0fd34cb8fc873312a0c8ef66c3cf84e124df8b05b03d8adb25abb92be23052801ad799b082f1f196ac89f709f52b8534cfbecc908

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d0d363f89c6361cd29676650e4206d92

      SHA1

      152bb746f3c075534a1ea639a96a6afa4d58cce7

      SHA256

      162ab5673e8a443c35fc5a11afdb4ecfa71094eb0dc08fffef36849b77a2c806

      SHA512

      bdd0a945c12effdea7a7ac029fa90e574c219c4a3ce5924c60c9dcb05c363d56c7214ee8e147d4eb195cbf0a03b16ee99eead70e5091b9ccfe79f234ff3c8182

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      242928b2843e469ea7b8855747c311b3

      SHA1

      52a46c667910352084446f33b1da880c30d4285d

      SHA256

      40490a129e8613137d66e03aa2ea95ccb67a47edadd35d7276a41c80024c1a91

      SHA512

      2856d414b8ff33a39e80b411914fb559a9728a1be40daee26543631f4070e4a0aef6aec07f8ec1e67739079d0f3ee4bb713278bf193d4dc003d7a032f4af7950

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f224f30886d766acc4da185a44262621

      SHA1

      385cf70b4fa748d3677970f5a7b69839ac6477e5

      SHA256

      d0f7deb1b38544e615ce0cbd11ecd4e2af40434269ee9d2858a3b180abdd7f90

      SHA512

      974a8afacf003e82002e766878880e1390e4892508f5c2514b9cacfb7f3f7fccf024c95c9afb656f16f1b63cec9e7072734a213b8e483fb32877d11bf30a64b7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2bf21070b477456e81b44c0d0985869d

      SHA1

      dac73c74815f941d30a99994ecd44b9355bafadf

      SHA256

      4caf6b0e2aeeedac761086ea16798aefb36217e66957a504aa4cf25a3c7dfaa7

      SHA512

      8f43f9a1299c69ed298eb34adea18f474e1669dce45d6b437ce2cd5a5dcbf186b5753a6c5bea459d377895c3ec034ae887d478108f58c3fac637bdb4ec0801a1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      81bfb94009a411e8170b141db20bdb3f

      SHA1

      acbf8ead41136a3f65499f3417d9df894d7ef500

      SHA256

      b77ab6c4acff07aabbc388ca93d3bc654c00ba6d524a1d313cd00435eb971a4a

      SHA512

      0c9ddf84dd4b254f000731611d6566cb3a94c4d4704a0da0fad6991758780e3ad1b94dbde4eb762e9f47e5f4acfd10cefdab56725b0280c3c98e7e6b07dc55bb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      296af4d0508238234a2f0eb46a4cd9c4

      SHA1

      f9a1bbadb32e8eefcdc42925e51dd360da76cb7b

      SHA256

      59d2174a54a91c1ab31c56e024d05f2d16db126dd8ad9ca0ea9a3b55a6da1bfc

      SHA512

      8f593844dc7407c912ba3145d33362ab1059ab841c39e565467d73e6a1f61f97c1934453d2c12b487a6b879b861d9d6a16c9638d6c4f468fc6c74061f4824de6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      65f4dff1100c089059e2b90cc18b7025

      SHA1

      8a9db9fc80d3928c6d887acac09f403f4b7299a8

      SHA256

      3b9462e26f7936942691d080d9df067cfe5e2cf559f5aa3a07dfa507907cc23b

      SHA512

      1c0ba961cd659e4ba483349976c146816b68e7caf94ae0904c5ebcf8d027ffcf9ef2c71568123b30f7746aa5200848a5869cb65f6d3bf2f72ebead1e5845f93f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e5c8d753d098f278f3cf0a548783dceb

      SHA1

      bfe013e18c6de4b78775e5b5ca8ccf51964f575f

      SHA256

      5c7ecbff234f8ffc101e584141798fe8beb35aab3fccf3e9ae3de986a0fce7b5

      SHA512

      3971f2a008db1a507b4393b32997e3345fceb8b9948d7436e9b749bbc83d142e882ce091e4ce52032c69a8886afea23f0deedf98d8edccac7310b4fa7cdd7825

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      636fcb6eb094f67ea6c439b3ff06f95c

      SHA1

      50beba01a38da6b72fff2e8acdae927f3254fdfd

      SHA256

      086cf225cbb1c8e61196e34f1bd74d644b2195ff565ab0ecff15906bef2bb925

      SHA512

      c2ae84878084f6548f522ee42759ce73e615a5477248f09d64527fac6e02bcbab539b980e4922999ef992540f96c29084bbdc82745a88fd352ac27ae85712b02

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabE0A2.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarE135.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1704-5-0x0000000000210000-0x0000000000257000-memory.dmp

      Filesize

      284KB

      Download

    • memory/1704-3-0x0000000000210000-0x0000000000257000-memory.dmp

      Filesize

      284KB

      Download

    • memory/1704-2-0x0000000000210000-0x0000000000257000-memory.dmp

      Filesize

      284KB

      Download

    • memory/1704-1-0x0000000000210000-0x0000000000257000-memory.dmp

      Filesize

      284KB

      Download

    • memory/1704-0-0x0000000000210000-0x0000000000257000-memory.dmp

      Filesize

      284KB

      Download

    • memory/1704-4-0x00000000002C0000-0x00000000002D4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2072-15-0x00000000001E0000-0x0000000000227000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2072-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-9-0x00000000001E0000-0x0000000000227000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2072-10-0x00000000001E0000-0x0000000000227000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2072-11-0x00000000004A0000-0x00000000004A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2504-13-0x0000000000840000-0x0000000000887000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2504-14-0x0000000000840000-0x0000000000887000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2504-16-0x0000000000840000-0x0000000000887000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2600-7-0x0000000003A90000-0x0000000003AA0000-memory.dmp

      Filesize

      64KB

      Download