Overview

overview

8

Static

static

7

32624478be...18.dll

windows7-x64

8

32624478be...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2024 23:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32624478be9eab26facb6c432e864785_JaffaCakes118.dll

  • Size

    185KB

  • MD5

    32624478be9eab26facb6c432e864785

  • SHA1

    f3e9b5cc05d8696ca59470d698ca6cb55da77625

  • SHA256

    2fa1e32a4964de3b438da53f91bd0a6132a5e835b88ae19190dd2cd15d5a6ac9

  • SHA512

    a207d2ec20eb4b281fa13de2f63e8f98646dea3afda89e5003e2504fd008b91afa0cdc6091464c4428b1f2c45e0a3cbc1fd1f45312812071a4921c4973d0c61d

  • SSDEEP

    3072:P08ALLsBH3X7QY4VS6v1C60T3zPfJ5pkRk/mTnZkwMDnmU2ozwPZeYs:P08AU57wS64HTLJ5pn+ZkHnmlws

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\32624478be9eab26facb6c432e864785_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\32624478be9eab26facb6c432e864785_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:1652
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2428
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2336
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2184
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:3068
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2712

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e625a16a8aeb057ebb544aeba81f5848

      SHA1

      9c078d95062eee34299a8434f99ff7e55b199fb8

      SHA256

      2877c4127f987e7db30fb5584b66ce6d83e4798c847df21a5f57fab0ad6a96f9

      SHA512

      9bce956e88f532b577a8d3d88d279e76d727f4131ded22ce5e8397e27e3ca2746a5460ed232c5fe9f0ee2075e3d3e5b48739d3a22f600edecc0bac34ba873c42

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9600483efcbc97c8cb7d086df4b73810

      SHA1

      0aaf75248cd84379dc5c406aad045f039b2394a7

      SHA256

      6e9220032136b52ae66699012f2c8783a7e89d8d541fd44d99c4b13e549b726f

      SHA512

      b6acbf44fc1d204c4e832a380a237e0f91e1e1be7d7b66089ad6f7f51b80304fb447885edbe4b0d1f729f8d88e077e800503ae094b0abd3f70f4f71d9fc72c69

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e29777b8a042555dc311b115477ad932

      SHA1

      c328a3fa81304dd56291f0fb536dd50380cdcb71

      SHA256

      cde4819f4f243659c138f2550d8437846bb67147c3c92554814de8bc024e3a48

      SHA512

      901cab8b2583b2785b27633a77076c49bfdc410f0c47dd530bfd450e8bef4af5825d13e0e556c57d67528f48001a9483aa34a595ba023a123e3fa595d16c3db8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d05301aa9a92fe9499e5dfd3bd345483

      SHA1

      ce44944c2efd8654b73afc12a81bc9a7758e5d7a

      SHA256

      c7f62a009c1e38a29fc5dab1c282dddb36e078153c6256986f9d92894b1004e3

      SHA512

      ea12b399430a2d4cb00389f22be22a4ae033bc729f7fca5a800e46fb598e55726e83b6f6c2fed5cb16ea2db8b19c80cc01aa03b72a4af05b3fd07168181e1ade

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      250b1bc3ff048b6650db0c1203a8e5fc

      SHA1

      08c4ef14a4999fc5fedac994aef9b399bf427515

      SHA256

      445192d6c7b3bdeb54739a839dbfd14ee168f7f3a2cbadb062866c0775aaea45

      SHA512

      9cde0e45be72864cca429a848d980fe8117d14d55611174d4dd15fd67933b779cf2e6ef2c60f015fdb07ad1e36e9b305b8ccf349a3c5fd5eed78cc4f5b490083

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      29eeaf23d7ce836433cebadc74485693

      SHA1

      0b5a25e269d44bf105b0a4a3f8c970cafe67ed22

      SHA256

      195e401c8fa65a548ada437d3acb0aa9b476750490ab5a5c52d02349753c9ba6

      SHA512

      dc0c4238c08b9e7262d1db6af92ba9b5560e1171c2c0b7bc020575830c863edbd3862ac3f63190edac513c1c23361198627700d60c5877c2df628d77e0926ca6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8dea6a3bf0aa4179fabc03d2e2b9c87e

      SHA1

      1e279f2774580f3827ee99115536ec77d6edaca1

      SHA256

      14ec5947640db782b9037a8c8458edc697167900e9782b8e3b28b301f7312531

      SHA512

      b96275457d84cf85e08214cee9fc0be4a168e10e0e89ac4eef02c4e7949ba0633613541be36c5c141b646c9f44115be6fe0e85a512c8fefd22d5a3da2119c79a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f8e8b63372a30d3e93e952ed531eb8b3

      SHA1

      92158f7ac2eb7ee8262b9fe96c53c68412bc7a2f

      SHA256

      c8bc7495270c9e7012f307679543f8c945f4e7ac253388253710300f381f39dc

      SHA512

      5296722d290020b59dc3e12af8636da28a852346c20fd6882c67026cbcc0a58a1ad85f8af89016434f1ed69fd1abec6adeac46b80dde075bda43ff38514a24ff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1d10bb62396ba16f7a9f82cd4d0250a9

      SHA1

      fb50c21b0a150c2e1e27bcf3ede0c0934765de89

      SHA256

      67e57336bab760590b6abd48aba97496c4bb9e4808e72a27c6bad1deeb76a51b

      SHA512

      4118aeb919ac2f5dbd4af9b08ee196f848aa15516d4af84b46f897461faa27ead46ba9fab46b8b341fbbaf394ae76cf7c22de02939fb6de343cde61c38b48c40

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      32eaef4f33e8f2ec9943e209ebe8ccda

      SHA1

      a071d7207d3945a1224d0e58050b1f2dc264b569

      SHA256

      4190c1679482538532d645877695617058bddb93a0ed2ae1fa699b0cd9b91409

      SHA512

      b2cb0d6804e73731c6ad7cc4123da80c8bfa38dd2406097c2cdb0c6bd6d56d3cd46270313270075202a4912c5afc0f388979aeedf5e2fdfd4282e2346f00ee1e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      29b45d4655d4f15da9e2adf964345a9d

      SHA1

      76ccba4f6d390e30e947688064fe128f42fcd5c1

      SHA256

      1555d5ca7469f48622212a99aa4915574bc44cff97da8dccbef42a8334ad9be5

      SHA512

      5fe44b7b76f6ffafed933a2de19577dc579968106ddaf4bb5491f7911983aa928f7295b317a6a9949d31863adde83a6613906f8140d8565fab1de8fff93d25ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      569aa4e8f1befaf49f85650e3c52571f

      SHA1

      c3bd15fc8a38e5fd4b764f456480b4e72a1d6e29

      SHA256

      8197a7c99313eccdfbd118f90b1af950d46eb8c952c1406d8bfb43470331ab52

      SHA512

      2a54deba85907fbd0d62893aa2682c609b7085bcfcf8d32726f7d11b60e763cc74ee95c291dcb6e3f73818610c39eeae0277a487233ca9afdcad03782dcd71f5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6b0121cf314a9b4872bfe030d29bc528

      SHA1

      6a67615c66663765c53223976c39070501f449cd

      SHA256

      d2e3948dd4a6871b6ab51c5f7c6c4cebfaa23d695138e1492adc65441140f7fd

      SHA512

      47e9859243f07dad18eb3466e47c917ad3c29ea0942043a4bdfad2252bd4c99f3562605e1bd104b56b04b9cfc65ab16eb503be4da084773d7a7fdb7c8dfd0296

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d2642a25ec7a8cd4b9eb75237c1bb270

      SHA1

      b790859e599b0481f7da93d8b7e2fa0a7339dab3

      SHA256

      46a65a7162c6a77a355b969135d4aa4554140862cc8740088b48754017c2c6c9

      SHA512

      689494f871ce4908674a81eb360e0ed522460f68c2e4cdd5ec189e1f0429fcccb5eb66d5c1608b75a78e2b52aaf4d188b15637b0c074bf6c8c96249ac55a27fb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b9b2c33ae0dfa741001b29717bec05b

      SHA1

      0de698b2876b7c8699ef98c8e97aa969643e370e

      SHA256

      7c1cefe4580912e94bd4856dc68d47e332d95cf9c87ec60973059d0a4a5bf9a5

      SHA512

      60449d685a7dea20ce00cfb5428473c3263811c8b61a6f3227909aba757de264bfbdbfdaa2421c01f775a15e84385aadbf52dc58f2fcf895f2420c86bd14f38c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de9e2c099aa775274a653d5f58034331

      SHA1

      51edbc0ce568903735506e2426558bea1ce582dc

      SHA256

      7e8f05bba341b7c65fd858c886adb8caefb9b86d85011c2f45e767970edc03d8

      SHA512

      09e3e676f9d47f9291e0aceaa17b99247f1c6562ba994415001e2de7582b3225e2efd5e39f818c3499033169fbfe591602e180681282ef9aa06c4946f1b8de7a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de1a3c80d9cc040dd333fb3c3d3a7d36

      SHA1

      cfa4665a6ed4d6ca56064ae7020cc7ed1855ec8c

      SHA256

      e3f29f36ae90f0e33be64c040a0aa252e0c20095d5734fec3ae350dacd463b26

      SHA512

      9c79438463cc2a0e4bbe3b3d4746e2a4ac7db63c9452816e225c1c2b503acaa84a0dcfe0177f39a831d28309b13beb66345f7188b61ae0312e87f53931fb58e1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab593A.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar59BA.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2184-6-0x0000000003D90000-0x0000000003DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2288-0-0x00000000001B0000-0x00000000001FA000-memory.dmp

      Filesize

      296KB

      Download

    • memory/2288-4-0x00000000001C0000-0x000000000020A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/2288-3-0x0000000000230000-0x0000000000245000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2288-2-0x00000000001C0000-0x000000000020A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/2288-1-0x00000000001B0000-0x00000000001FA000-memory.dmp

      Filesize

      296KB

      Download

    • memory/2336-11-0x0000000001E20000-0x0000000001E6A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/2336-12-0x0000000001E20000-0x0000000001E6A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/2336-15-0x0000000001E20000-0x0000000001E6A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/2428-8-0x0000000000470000-0x00000000004BA000-memory.dmp

      Filesize

      296KB

      Download

    • memory/2428-7-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2428-9-0x0000000000470000-0x00000000004BA000-memory.dmp

      Filesize

      296KB

      Download

    • memory/2428-13-0x0000000000430000-0x0000000000432000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2428-14-0x0000000000470000-0x00000000004BA000-memory.dmp

      Filesize

      296KB

      Download