cf62102275edba404ff1ef3a64492f227ef5c6a6de735283593e6ed477352f26

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

317450f00393a9489c4dbb3de38f1d64_JaffaCakes118.dll
Size

744KB
MD5

317450f00393a9489c4dbb3de38f1d64
SHA1

6f7540c38d1472abe35abdf95acaa7efc16db880
SHA256

cf62102275edba404ff1ef3a64492f227ef5c6a6de735283593e6ed477352f26
SHA512

b6ed854e0b90b59af3d088c6c777e57f5baf4b030125b15ebc30c8f110b691176c88c79697928e046ae25135aa5b93854a32a0bc5ad59ef163c3d2dea0c36a97
SSDEEP

12288:iqjFiQ0mJrXIzOMgFx4FVPlgUFfGsgZqAGo:iczrICMgvwPsqAGo

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.union2011.com/d.php?type=5&said=4704"	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2564	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2564	2384	rundll32.exe	30
PID 2384 wrote to memory of 2564	2384	rundll32.exe	30
PID 2384 wrote to memory of 2564	2384	rundll32.exe	30
PID 2384 wrote to memory of 2564	2384	rundll32.exe	30
PID 2384 wrote to memory of 2564	2384	rundll32.exe	30
PID 2384 wrote to memory of 2564	2384	rundll32.exe	30
PID 2384 wrote to memory of 2564	2384	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\317450f00393a9489c4dbb3de38f1d64_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\317450f00393a9489c4dbb3de38f1d64_JaffaCakes118.dll,#1
  2⤵
  - Modifies Internet Explorer start page
  - Suspicious use of SetWindowsHookEx
  PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads