Overview

overview

1

Static

static

1

24f3e1b96f...18.dll

windows7-x64

1

24f3e1b96f...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 06:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24f3e1b96f0ce7ce4f6cd412fb18ac6e_JaffaCakes118.dll

  • Size

    197KB

  • MD5

    24f3e1b96f0ce7ce4f6cd412fb18ac6e

  • SHA1

    f327b4ff62651071944c316d1cbb3821a2587a32

  • SHA256

    3a6653344e4beceb887aa564abbc2a286c988b257a3a940da26e9885c5e615ec

  • SHA512

    1e84b41b8e8efb4c98131f24a2949e49064034df8f5511b6356b4cf569728b4c90b69a0bdd32d40317f592e7b9da7074388475573beb81c3525ebca524935666

  • SSDEEP

    6144:oWl/tORJyoqOjzep2I0kqVm2aK4/ioRLn3s:Pl/tO75qOjz+2IwoBikLnc

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\24f3e1b96f0ce7ce4f6cd412fb18ac6e_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\24f3e1b96f0ce7ce4f6cd412fb18ac6e_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2616
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1572
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          PID:2496
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2648
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2988

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1cec86a878d399484635fef599332312

      SHA1

      72d4b2f7392b4682c40a816737a360be5fd5fafc

      SHA256

      9521717880b3e78378a0d3cd93acc6c078291e8995f920991b2caea3cdeed641

      SHA512

      b07b1d9250a7d95656df67fcc5e82752466801e3de5726f103fd61d69ca24694e782054d4cdd0ad86f27d1157127bc75f8184afb9b8aca5140d4a76961745a59

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2d13333a4e4d1a7b187c86df103a9293

      SHA1

      dbaa2e0172e721dfa1f1c39ae231883df97ff3fa

      SHA256

      5986cabffee0f33b7506fe9f935f69b4a9870e79a1fe09363addb07ba04e2ef8

      SHA512

      15e3429f6e3399a69a85e05299f6971f959ab5606d8e319a63ca1ea1399ad1c2ed218171e46e3b5ca10d489b36cf412b88d2d189a4b070182178c6f601179b59

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a825a29a06b52e78af1ba3c16e68da58

      SHA1

      fbf28f02260cd232bb2c5e20cc295c4707f8aff5

      SHA256

      159b74350c2722477042aa2029d320ddd072d664b937a302dd0ddbb6c5057ec8

      SHA512

      f0a3c078ab8ad5eb5b41c72cea748060072e803ef7ba300e6a1d37e28b3d2ccc34b620a497685f176ead05cd0b1bc9f4d118d03e8183454152444dd48266f62e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      309c69c75e7f99bf027bad05ffc3f7ef

      SHA1

      8e1587ef4943b2fd1ca38884fc6b33aae087a8d2

      SHA256

      9c8300752ab75aa2b9dcca3859e5d20b2473782b59cdb7101e8e9b28a0c88292

      SHA512

      d83a5c8525d59785b5b323ba02c30ee77783cb439e31c71b18cf2b7273218131193c95d1c9fd651c3566195a4655ca5f5d7d54546cdd9f3570589892b8d5a3ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      94fa1aef145733c845b4e046740365b9

      SHA1

      0fa59f9751a3aad8f8175b1aeaf36e857b2948b0

      SHA256

      6f9486577a65b61a50ffe578781a1483f327aed60250f681b3bc596d054bf8e0

      SHA512

      ba9c7cee9fe1a5054188dd4a4b0e1e15638bec2fbb6db642b06d11e1830b967e1e78e2144ee27e4f605277e38416b4e59c108dc13258c4e00222605e9c8101b7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b10d9b5fbb7ec59f760d86f1af4c69a8

      SHA1

      b1072dc167ff8c7f079a269c3f5421819f2a3eeb

      SHA256

      4f6f0436ec18ccd3feab25ed1dffb394bccb2ef520f4ca6f52c270b487c2b1ca

      SHA512

      d7bee0e6f0f3823cc62fd93423094d48a51ee8e3b5cd934b7158e3769288c3494f8c68f461c5deff039bbc4622cd92e98f61d35bc4edf24e7ea7cdb963a07581

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bc0f0ee774f0f4d91364d5ee86eb89c9

      SHA1

      15472601c84c5da5f9b33adbe1341dd2c0d5dfd5

      SHA256

      93d1e45b350386c02e15495fdafc304fd3f080ab6f58ea1d3eb67d01ffc819c4

      SHA512

      f88e31a75da533b2d90c6d084bc8f46c72d49f9b4ce441bdcf0bc099e2f28d837c31deea3d6d1d42c4cdd94770ce356d99bc4537cc5d520d5e1ecb46ee645ed1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bf3d2123e54618935ca1dbe468a8dea2

      SHA1

      a95cbee8cea7fdcf5e80835a06f3584c2111d289

      SHA256

      ab3b1ae8cda4444ae6c4c4944e4840fabff1d4b282a98c09e7cd8d7953e0d291

      SHA512

      15362714efc14bbdb8b05214130a0a0cbeec5faed0f2336f84a9d32ad276c6be4643faf3716087bf3d0b62a070c15e81e825304bf3ff70e7e0ef93f5dc206be6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c9af250c667baf79c5f7a840bf6d35d3

      SHA1

      38db81fa61f88d6a09886751b8bcbe6cc214961f

      SHA256

      c22a9145becd21cd0c0e3a67b0f3f3f6f6eb456d725ea5f4d8380832e01b3ec7

      SHA512

      e9011d1c13f25e42db99f27822e9b732beda0ff9ecdeac1876a494b85e12792b11a194a95addfdcb2f38b41b64fdd70c16c797a7b43e749ff5632cef2d4cb2ce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2ebc94ae26043e50151ea7a87115d03a

      SHA1

      fe036a1cf31062b8eabfb97c844ab905ae4aac11

      SHA256

      dba954f2438c8433bdb488e8b4881b77c2d82abf519997e5c84a8d97e5ea7fa0

      SHA512

      81151741140d27f9e0bb688e1140c1a38a39c07d66588aae5096858e78bd0f67db2445b5598acdcda96cae1ffa315d659f1fd1f096f7d61e7a645451c11ef63c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f2d83037d2e5392e86932493eb31668

      SHA1

      b5bf50d77192c01a693b165f41b0153047ef0289

      SHA256

      18a2a4dba7e68323f588cce3f8d97dbd169782606aea5d2935d7f919c4501a3c

      SHA512

      6b31f41be511e2a866cd2ba0847c7f3f8f3c45b69de80f3c48a0bcbb3e76cbe8abd4c5e99e1d28f42f19860f81dec8c67389d8fe163276d21a9991845a121880

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a91c2848c79dd7fee8de556408f87995

      SHA1

      ffe33e2ab77c78043c861fcfcc48e558b93ad2c9

      SHA256

      34ebbb4e2086416a821743fa0e4cd3ebfb648f88de6eddde9fb891061a70b199

      SHA512

      6de60f023f7cbd61843131a4c9fc53ff9c1b1140a99b6d3a1806af6e699b3c676b3e0738304d4624d7e6855688188916ecbba34588c620072a4cd05f7577bcac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      253f9198f0f4c68625196016eb15ee2c

      SHA1

      02d025b37dc3f9eace89ec158e6586a4d0b7deb3

      SHA256

      da7332b44baec0de7f6fe729ac372d3014f02a7cd98f16acbcae2ab6b1842609

      SHA512

      3252a77c93fe117e19f518c7faca334583b27ba1b95b2467b1e643a23a8cdac3548fe405a2fe13b037980f063fd4c804b033be309936ae46eac80e20ac4d3ccc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      84f6c40f7f920ef374783c39aa339e42

      SHA1

      23ffeeab444b7f853aef8779d751e263a388dce4

      SHA256

      37d2e094128f6c254acd62d752386e504757dac1f24d615b5f8cf77db34ad0b6

      SHA512

      269fde67b18eb95dedce5f3ee2bf9a7a13252fa1b5ab68abaff4ba9cafce1e042913795a753ea8969ac2abf7f1645fa0ebd55134d3510b7449cd0ab5cb0e399d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      27558eb2b862eee31005c7fac635919b

      SHA1

      e1ca17dfa5971dbc125a1e77a7d8f405bd91ddc9

      SHA256

      923f2fc11c9c561be1e233450d7e3ad7a753522892b3aa6e52b5c209356c1050

      SHA512

      8ade5ac685eb2c5c9d1ffa523f8d9abf7c2ec9b382d4669060c2543cfa015b8b6008df088ec1a3155dbc6a613118999cf62ff0b0d72f0ce23268e822b92330dd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dde449c46669188145ce330a5dc9134a

      SHA1

      ce337d93943ae0c241c60def888ca6b615cee72c

      SHA256

      0989955705749f1a1637d4f683a113fe2c8d60848568d686d6cb65d661f650b4

      SHA512

      3f73888297da0508baa0e4d7edc64ece86d8da798a19ee4b4fb60a848da8f4ee97c2c28ed43c5c4fca4f52ca237a89b90cc8864973b0763edd2aa51c4e2884a1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      179d11fbe6918bd4a9e86205c1939801

      SHA1

      5dde52e7fd49bfaf39a1d08c75f3e22ab9dcf8cd

      SHA256

      3178352488208d541e851734aae40c182e646e8fa6903be1018408ef5dd15536

      SHA512

      ac8ec384b94a5c856dd264baa3be7df15c4ed6c096c18b6cf82bed873673acaa45f012bcfa1175fae736380654a1b2a6b188f9aa03259117b011af49ea39546e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dc773ee6d77c422c76c89693fdbfc850

      SHA1

      201b26709ab705fcc342ab66b9d71af7d21809c7

      SHA256

      0371e9626fca90f13670bd361870e1ac58174893cf586a94fa099f3a1e5adc42

      SHA512

      d323e64810b559a19504a1ac7cd7d87ebf5e1f68d61967a7104dbbdb75e363ce8848ec6ba961242a51f6655ea72867e87ff88f35deee80dcfd72f784ded67bb9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabEA42.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabEAD1.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarEAD6.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1572-15-0x00000000002B0000-0x00000000002B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1572-14-0x0000000001DB0000-0x0000000001DE2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1572-13-0x0000000001DB0000-0x0000000001DE2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1572-12-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-16-0x0000000001DB0000-0x0000000001DE2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1572-17-0x0000000001DB0000-0x0000000001DE2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1724-1-0x0000000000290000-0x00000000002C5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1724-9-0x00000000003D0000-0x0000000000402000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1724-2-0x00000000003D0000-0x0000000000402000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1724-7-0x00000000003D0000-0x0000000000402000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1724-5-0x00000000003D0000-0x0000000000402000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1724-3-0x00000000003D0000-0x0000000000402000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1724-0-0x0000000000250000-0x0000000000282000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1724-19-0x00000000003D0000-0x0000000000402000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2720-11-0x0000000003B10000-0x0000000003B20000-memory.dmp

      Filesize

      64KB

      Download