Overview

overview

6

Static

static

3

22a846676b...18.dll

windows7-x64

6

22a846676b...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03-07-2024 14:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22a846676bd5f80556325ca91216a1ee_JaffaCakes118.dll

  • Size

    591KB

  • MD5

    22a846676bd5f80556325ca91216a1ee

  • SHA1

    47499a7b9ebed9100d6774af0b882b81dce55bc3

  • SHA256

    1e7f6dc7c6714f6edb46d1f47d7708ba6d47027deb692fd6ca0bc3bdb685abf5

  • SHA512

    0a4a1749b3bdea151f7aa55f18aea1dd1dda15e08c0889f2e34f5288087f22f3dd513260efb29fbc8619617ffbeefb2d23e7bdff32b2f063812e3ec95c2ce5a8

  • SSDEEP

    12288:qzkel/aq9jeX0W5Ufg1YMTXCR7pvEqwxqlZR5u47RBHhBtvtvV2Cu6GM/mnSz233:WeU6+z/zkIniaUuiZBp5cZY6Qf

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Maps connected drives based on registry 3 TTPs 3 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\22a846676bd5f80556325ca91216a1ee_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\22a846676bd5f80556325ca91216a1ee_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Maps connected drives based on registry
      • Modifies registry class
      PID:2952
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2828
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fa7c68e2f6ff26af0d42ee370100286

    SHA1

    09f43079762561e66ea2aae0475f5ca094c58ac2

    SHA256

    7931d9f2db0d52dea471ce96e01d5edc1b0af3f8b4cdf1a0dca16ea2818ef372

    SHA512

    6e8c89736cd1b3d1f159f2de7bad1b5562862400a48721f2755e76581718a70ad6cd109490e7876d4861f67cb55a0e72cf4bf5eb82d9d99d662f746357ac7e0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc296d8c08ecfc87cf133f43c722b4c7

    SHA1

    351577d809a39222b20c8af50eef241f7f9d3b16

    SHA256

    df867546accee6ad675ab66a88a411e3307d135560a201c119b15ac6a5440ab8

    SHA512

    290f3861a5aa838a9684f52b66bd2c7e3d38d1bd7fb0a43945abd45ccb7f61c664edf476c1ffe68297cb78e12583d76f1c58496f3e599b0f163c43ce828b83fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92b3b8251b8d6f5f4dc6d9cf87ef47fc

    SHA1

    afdce96196c5de7b21d8b7f7a09eb712efff63ef

    SHA256

    17e2c717527f5e70cc656cae21a52c9edfe8a4651fa32ca5152f77a842d00cd8

    SHA512

    dc0b25bb514bdbc539f329e024a13bcca2797830fc9b6c67920d19852f065150e07b6e0deeb8119e3549621ddbc7b8ccbd396ac4f4a7be72342d2f090ec9aa5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbf0b52c9f532cd5d551d2cadc90fbbc

    SHA1

    216d3c0e4a8fe3cd36738bb24e0385ee94d0365f

    SHA256

    970962d71dc06c5411486a9f5ddbc992c70d52e3d4035816d6e85bac0f1e8b61

    SHA512

    8551a2cff26cde054854d6d3fb4a3ad15758d3b784e35c58a8be461b21410cb52e4d062d76e3d6a9ad50317a0894af515d3dadb7dfc8e071be4c62ea947018b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa842ded3931747ab592da92dc4490ed

    SHA1

    1780ec8f5bccc287e65d502066b41802e78db719

    SHA256

    f0cd1aa2bf14785fd4009ad968bdd6741614bed17f9f732ce17a5ab4c7b68371

    SHA512

    4f4e6e76170679d37be68876a242885b9cbd97e2a9ce877cf692e4ee203686bd2f6a50fa462d88e8c6e01b418bfcf2c44c37700e136c9b11bf9eb904eba61cac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c36075bd2ed8cb8358ee7482c3060ff8

    SHA1

    fe4ec831c72b17cedfcb7d7f8b83b3dacbf8c991

    SHA256

    ac6118b59b1135d4dbdf83687fdba444d30be752f216298e5d7b4efea4f9c0c6

    SHA512

    5d94e76f400c5f858a04d8e833b49dacdc70825c2e897ee766fb53b4cfc93b089c3d7988358fd65224db20c85f371300e5a10d30a780bfa18ae187c482200041

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df819cb3ffe7460822d7f816c71e7ec3

    SHA1

    014a478bc294d8ef10e92cdd16128374a4672874

    SHA256

    0ada2b2f3d3a8809133cf85a32da32680d5179481bd9a632dae54150e5a8d453

    SHA512

    769100428ec60bc779579258d3c4701394a9bbf7cde52ba85f2e7a1a5cc5c1a10e17a0a2eadb0a60cf25afcaa843cd0375a93606e580e3bc140f8307e495b08c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53bca958e6904f5d9fec6802af2709f2

    SHA1

    c0b07c7d87f4e4c227eef4e4f5a7d3f922a56bc2

    SHA256

    49880e9963714228bfcb7d8928a1439c38517629a336b62ea0a659706f64fda0

    SHA512

    2d90f65cceb9f1b902a80e82f595d92930d2424a963750b0bc257858803aaca0ded84cecd95723c3018276b7cbbe93d8e0d03e66734e7c8c2183bab8de0dc97c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a7947a14c5d3abd119c775ea52f73ed

    SHA1

    8fc533e125445669a79dd1edd5c7f89ec1d9cc60

    SHA256

    b877011b35477cca60ce198f4feffe3513081d52d05fa7674991750983937e29

    SHA512

    e0c841d0fd746f9b5c8087a678c0dce0e44eef0f5f04553f4059ce879bbccd67251276fd0369406fad332454149e5aecbc8e5751deccac4052e2630501ef4a08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2402eef4f54fab73d790b4c7f503f9f

    SHA1

    df95c641e033326fd1777a14ca0f153ada9e25c6

    SHA256

    018a417b7c98991b12882055f1080b9a674f3c43b2b87b8154c39b50c10761b0

    SHA512

    95ca7332da2361b0abd2a6a8b00a2652d18c92adbdd80fec98c57abf27b96cb8ed3e1163e4987e5f29872a4cc3211b8be50383bf3c9060e0d7bb1aa6887d46ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e08101a7fe1047cd4976cab41b51bc6f

    SHA1

    1483bcb2b919964cb46d09fee9fb3d7f242b05af

    SHA256

    b8c5c9113dfa28e352b57084d2e672635b241a418a0d9a4e45da30d101d694c5

    SHA512

    67725c20e7fdc9b83a58dea8662c9f5e7d782ef2190f501d08c38a131ccf51fd1b0b66b95035216696c059eadf763f1014f2c428a6b52258cf5a7324b7dc8762

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2e83885121122bf5561ac82939200ca

    SHA1

    5570537b9527ed0d234408e54c765c9fbbf64c79

    SHA256

    0f60c290fe7bd66305e3099f26af992bcf88c3481420e8107fc9f28a4d12c897

    SHA512

    0c5e36d479dc9021189fed54dc30f6ef6f5073ad6754ddb970205fa8d9e7871207a315debf141ce01590e698f9b7028ca2b1c87b3bdddd7bbc4eed4978b9073a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b63a2333d2a21aa89cac4e61065b865

    SHA1

    e88b1c93e3682e4abb0a17264cb1efad43875865

    SHA256

    71e4f3d1f3c06b5a82857d0d2bbddd928da68a57f36ae820388d0c5c18152267

    SHA512

    92534e98f985ecf70c8865ab2403c10eb54d10cbcd216f54f2f5e758fdc33364d23c68b80d97a2c4140c47900492a07176c8b23a4e367c7e527c501ba9465066

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cea1fe9e27fc61bde36456b8e7652e54

    SHA1

    cfa1a3ca9a5232a726f1965df114931dcf8ba55b

    SHA256

    caac8d9784fd35dc391dd0b13acde010940fe0d555bd7f1555417b84c4ce3f37

    SHA512

    ec41d1b7a14b271d8e861fcfd72312fbfb06524e0845998cc209c5fc12148d0a5b0cb3f1f1d7da6fdf4fb7e026536ec6985719742c0befa8f870b61ba0d4e501

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff1d1f61f4e5b175190ed4a02458c64e

    SHA1

    dc3111b78dd44a8132a45296e184682efaa228be

    SHA256

    02da2b4e331f79eb4e9ae23369e06ae159b3646d12de42fd33511619a87c6beb

    SHA512

    fb82d805d9f0e6d02f0b8db5fd9ed31b216262e85816a973d251d0b409c85082020d13b3c5e359ffcfc43b000aee103b6d4600128ea925afc529a22b25509f17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    039dfd556e2f1bab57dce655a2ddc0e0

    SHA1

    fe7e790cab20f1ab5f4c668160f64c6dcb0f5ab5

    SHA256

    73de490462a1b994f99425e24eb93295c70aabce69da2289e306267a02533952

    SHA512

    ec5b201b86533ab4d57806b8ce5bd4590a136563306946b58a4a88fb0141ba42a24ca3972f0d246bb7bc257b125c45182a62fc216ca6eba1cdad893107fe9010

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3a70d0b141a467c42f990b0eb956378

    SHA1

    b226d16773558dd1d7ebddb4e2de2dcc8587b3e0

    SHA256

    2b499becbc42c94470608336a64a94d1079d33a3588fe4cb8b4e0a52837a2f25

    SHA512

    944e3587b6427cf07543c18f93f0a927f9ac02c21a620513d5d8854a58e17369b9a9f4895b05386e81c3933eeffd1a2673a534b8ab138eca7f932f2206606dc9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93378bc0df5b6b1a4afaf717422a9368

    SHA1

    d39511fc59be9ad3717fa8c86614a2a3031b09b7

    SHA256

    5eff364cb2c89dcdbf61cdcb9c5b87d743abc9ee0b973e3287e8171fb387d35f

    SHA512

    689263e2ed0c8048b4f23d04312818579f740937e84fd4942d497c06ef9a0aceb1b0ad53932429cb61a34599374d83cce63190641ae301f663f670c7d4aa49d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9395a1a520071ec8b1c18a2ff01919f2

    SHA1

    4453b57b670238cd051a7cb17955d54e1588746c

    SHA256

    fd88f71e8e5d1942aadf04818ba05e8fe064b30e6548984e534d1d84e59106d6

    SHA512

    95c9c0518bd09e0a24cea07dc800ffc21752278921716716a0587a85c50e8855c1f1dc45f098a1b955f5e5b0c7f32360e9e684ed8ca36244867c78265dc9b87e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b23370c0c6dd4b824aef3d7b081171f5

    SHA1

    a46dcbe0f417f3178c44aaaef8f24f1661756c3f

    SHA256

    213bb13edf5afe6e2aa2fb487c845b25bf2937eb8801b41a195a7fe7990ba8d0

    SHA512

    08433db8653c24470bb94c18c6670ff81f18d43bb98ccfe4bd1efc39c50e33c2031bca7c4ee98db53b2f703b0b0c960410af2967a3577d921b07dce9c0db1f43

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33f4584d5b5178e137f38082e9087e17

    SHA1

    d52dbca5f7c9414f1d6611eb2f34ee3c457c76c5

    SHA256

    8d75ded9f933c85f9c1c1a7ee9f626f13d0d924f75b2533ca75ee35e049086e4

    SHA512

    ba2902d0486e7a689edb1d3288ea652f1204e1e96765139405ab4395364449523e40a21bf504cb078f8ac15bade1d3288d407a2fece75652ca00d18f75ddd476

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB3D7.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB44C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2952-0-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

    Download