Overview

overview

6

Static

static

3

289e3f1a9c...18.dll

windows7-x64

6

289e3f1a9c...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 15:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    289e3f1a9c35bf819f6bd98e2e9d1b1c_JaffaCakes118.dll

  • Size

    296KB

  • MD5

    289e3f1a9c35bf819f6bd98e2e9d1b1c

  • SHA1

    45a0021e3007383b922438fd6f5390d84195ad6c

  • SHA256

    01c61580b6c516657239e17aa3248faef5747bfe83ac583265c23a5e228ef096

  • SHA512

    5483c9e1eb02b572c0d263006446515e80d030d9421b22768845427379643e09571dc8a7edc6a609b7c8ed8e7d0352d41bbfd7666f30a383f38666cd9d51780c

  • SSDEEP

    6144:QPPJBgmPV6rijg/PPU4KaO91SsAKVj+MSVJYQTMG:QPbfVwijKPxK7Vj+MSVJY

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\289e3f1a9c35bf819f6bd98e2e9d1b1c_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\289e3f1a9c35bf819f6bd98e2e9d1b1c_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2280
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f8fffb4db8e18670f77d570ffaf8b4b

    SHA1

    08a665949194da1fc8001c4c48f139cb776ed525

    SHA256

    5fe60d0ccea706a4fa185c1dfdefe13f02ad0c2eb91debf66daa8c804bb713b0

    SHA512

    2f2d1d08beed2725c32fbf3d3c1f7ba378937948eddebfe41d89b3abb0f3482e1f4ab53a2893695b115612d1dfc8baceaee3fd95f2c971abda79de9abf7d294b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab767629c5b940a23532141aa1472b73

    SHA1

    f8d189112fcf0c3883b2656f37df4d68a7420b44

    SHA256

    463aab857614ce25c4893078b212b9e568856a49f8eb9d371cf6a313a7b6fbce

    SHA512

    2b37a3d5cca510742f97dda370a2baa1bc5ea033385d91bd709724a87d32af3c1889cc93775d5189ed19991a84c488bad355d2425978a4fbdfb40b92f42c7023

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9dec114ea5f6cd0042abcee2806350c

    SHA1

    02e8d853933444d8aff046890f4e08918c45940e

    SHA256

    f9a33e5dfb8bff8c97435babda6a8e381021085e497130f8320fd40adde92273

    SHA512

    ef398cd177c5a7133f3ef9288a26872daaf1d13b756846b479b14803e9a93e28b0b0065814a823a17efeeeb9ed0410d2356505ebfbd7e8c614b8162927a848f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55c4e9082e296d6e987802b0d2c0b883

    SHA1

    1ca8b3876f84da7c11b580ecf861f5c9f8547be9

    SHA256

    aea0a9881140e01d420f4719360c34e52a3310c4822533822be312b08679a49d

    SHA512

    101df2a3e008a91d3269e1303d37479691435264f2759e422618b9f6cbcccb97e3ffe34371da9110f81efab21a0fb22b0f07e8b2a1c3d3eb2e5c0d84bc022199

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52cd1317d2ee81e9683784b401f801b9

    SHA1

    8001e03b44b6ba1c60c6f7ffa6f980da86953b01

    SHA256

    def1fa41e4553b5a250fb41aa32bb48e69325bd7d61c9b62ea605ef834515ad9

    SHA512

    75f6219a0e37cc157a7d48b6a1a4afd90e3bb21fa5219b9e3c666ee2706ccf49808ae7563cb08131d3f109df27d672e82429c908c3bbb11fffd2188ec7540665

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b4756fbc8b7a129aaaa7d5fe380ef03

    SHA1

    01751ea93e8e8d5fe4b35a4f4a4173bc36e05d75

    SHA256

    079bf731af00d521a36a0778d0a8cdd5f6ebbe5ba10fcf4bb11a3bebeb99c0c7

    SHA512

    0057158247ab9b37baebd2d729983395cba54397f08d6ef785bfb6fae50209ae8ed48a4e69b485e2536ed4dd22aaead6b15a84418feaffb08fecb968a52905dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93b5e6fac0bb9bf35fe6793085bf7356

    SHA1

    679117818b518a68513ce1a82a1ce9fe9a50240a

    SHA256

    6db38350deeb5943631ee94fdacc8b3dd127d528a5c9601b8980caa180f6f78f

    SHA512

    7b4c82ca5440defd02c7a7858f8f9acf269e63eea21714d5d7e959d524cb2e1ddb0b66427a277139ed3b1a68cbbb25384caa79b538e807f683c52f1ebda60b1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f122b3baf0d9d3f6762f677c33441f0b

    SHA1

    d188324892bd4cb916ec44f72a2b55d76655b34f

    SHA256

    78ad45b24b7dba92eda9ccccb5cdc2ca225ca2104e8b11a572ab48141618e577

    SHA512

    f5885cb2570f2a55096cb89c5974363dbb4b0198e227b6d1faccfae2ac43d7f41c4911b937d409be08d34ae782c1d5eb5d2bae589e59df61d87c14331d143368

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7c79d15ee97612571ef571d5fd7c825

    SHA1

    28de00b9d5fe9baf1842a6d48f08121452df60eb

    SHA256

    9e59eaced8483baaa359fa3fdaa7588079c1a8acc293db23ff2d2ffee6eff64f

    SHA512

    f9342774b80e785202bbd1f5361cba2faaae26701e3eed876ecc9d3a1c686f180318b3297bf24c591eef306cbf255bfb86aff5c9acd257a41bad4a621b37c82e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71c08e04f48860737c01f4f566642906

    SHA1

    63ae76aca6228cdaf69780adc7b856990da3fdd0

    SHA256

    34794915fd2f827481f2c1b264bf7291bc3806762234a383956e1118fe2726b5

    SHA512

    7ad884d86828f0c37ddfa8ea0452da7ad92323807738d4027d3adf45ab7b6036d7d6f93bcf6fdefb5e25448f463b5bbd6b0f1d9b40f135b7202e7a61bcd0f21d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e099629b0df8685829f2babe548bb17

    SHA1

    3fff713ad52ecde2308fd53fe82e5ce9b83de583

    SHA256

    8ba54fabc5a3d08abd66f2992c1214aaa5eaac4f03d2fd53adf2151e750df14e

    SHA512

    06b9696fcd3c432d2dba28f59983d87c537fc26395db741b75c7ba5a7873fdba0e97c8dcb82f93c69380957f2cdfadf6898ade3a65219b41f4f553aa3c58f816

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    669017d3b2a658c39318da148f8bf5ae

    SHA1

    5b425ae6b8d25ba8f0ad717e43ede087cb0316fa

    SHA256

    01dc4be8aecd704a032b9160b8986b625a28fd162c5cabe5292fcee488d10522

    SHA512

    94e1f001266b84129806bfde9ee71c20f6b635e357a298d5a4dbd7cfb69f7beb2d13b127ff3f6d1256ddbe44bebe194c5423c2f73008da95599881c19ce2a00e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    469a2d1ba4207e235396f932fb2703a5

    SHA1

    efee05f21f63f423b25b282f5657d92e3482906e

    SHA256

    b7a1ca24f28906d2acb75666b4ba6e037b01d22ace2dc2f152ac8063f8262eb3

    SHA512

    93b91f0fb52deaf9b7f636433bab54131d44ae81140bb5e2aa950aa9ac4a230a0c59ffd20f3e3ff77ef26daf597b5e7aad66f462f68888c9751bff3db2b2b8bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88ba68e3bcf04026b5a28c2fdfa8d80a

    SHA1

    3a53b5047c0ffa465ceefbfc34b5bc4e1dc2fd68

    SHA256

    bac097c9563706e47277c1ede4e61b15079a7b9fcd016230e86c8675f9975530

    SHA512

    7afd06d6967cc254d2c41b5ff56cee84a760e0b041f63f64369e3a10f834d3141ef04378f233d515bed123884dc64b4b8ac4a6758830489574faae80576e1329

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d05e101eda10d1486708d8b6c5d97e88

    SHA1

    34c9bec2caee7603c4d022ec6dec7a5a5ef6cc78

    SHA256

    84453621b80e1c89488b4d32e60ea81e836f654c0f0ae54cf6861244db142004

    SHA512

    6739c20410aba47466dc2280d1541b333dbce16b88e7f8b5d7f761156cc69cc84f110f826055375d561367f09907aa7337a5361c8be0a3ceb390d8666faeaea9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39b44e11916a4ee229be623353616b4a

    SHA1

    40f03c44151dadde305cf7538eb329b5aabef215

    SHA256

    ebefc1d98d1199df6fa9d1a0d1acd764a53dd4dd044f390d2a41d927f3068f83

    SHA512

    673148248c7fec9406dbe5132e46795d7a1290097bb9fc38aebbd0f2d59dec7f702b9717b98ca847c15014648a4cf6c8dfa6540c5f1d356fb36a568c364c4585

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8674c71e5162d9d1c5fbd9c81261a69

    SHA1

    6b62db317d9e957d9e601d607d8fc07267ce9592

    SHA256

    28402b4c6b574c9e0fb026c2b1e50a9105c358eea587114212a1423c8b9d3522

    SHA512

    adf33f80de147ba003608cb69e1944e9b7f08a5401c494d09accf77455124e6fe62a446fffc2f856a6befe099e2d541f38734539efcbcf5b9f00c9d9954dbf88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e3d689c468416c698200c97f1b2066d

    SHA1

    5b43337bc0944b3b5bf3eb2acaeba123c5db2bab

    SHA256

    74530a046655ca73a6bc11f1abc2f63b53bf97683242bfbe9c1dcc7d3d0e94e3

    SHA512

    686ad8c61dafa28c952babdabf0e04f7ee1bbe65f449631f90de2febc41cfe0ef646a75812672d86159246ab261af14274146b6ca2fb21c0c3d9d958f0572da6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a17f9940212c2a6f9d612981099d201

    SHA1

    872addbc5d6322f9912c2f3068f60d89ed7ebdb7

    SHA256

    c71c05e30ffe79f7325116aa33c9b3a3b4cd4dafe19a94f73bd585f2b22d3adf

    SHA512

    d11a6b78bfd489db2151fc8867fd284a8dde28d1f81e51597b16a5c7979ef534c2c8af3d1c3a1385d53dd87a7b77b0a1d480c8e9c349d0f2e6df563453258912

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc09e0e076312831f0318b71e5065072

    SHA1

    0c67ae72c33d3ed14985937f94c0e569e130c705

    SHA256

    6728e361e1e1239c7d995fff330514f6bd55f2f8b7f71854b60d550afb674b78

    SHA512

    4434a6c06bff36f81244fd52361211cab3dd2a935759bd6f300b7be7ed0075db4b16f5d9573e6a85bcec6b950552cd2fdaf33cffec98dd65129ae5f5fc091e4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2415.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar24F8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2280-0-0x0000000000170000-0x0000000000172000-memory.dmp

    Filesize

    8KB

    Download