Overview

overview

8

Static

static

1

31f4cccd3f...18.dll

windows7-x64

8

31f4cccd3f...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 20:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31f4cccd3f13fe67f5400cca470766b6_JaffaCakes118.dll

  • Size

    206KB

  • MD5

    31f4cccd3f13fe67f5400cca470766b6

  • SHA1

    ff929f82cc44d442212095e2f53b3bdfa73f3692

  • SHA256

    80759514d7c26a7c025f570813e353423d6ced9bfbf6a086098c2bfa64db900a

  • SHA512

    f1e4ba2cc4814affbfb62f9455c60097724c84595bbf106c07e015c5cbe6684aa6ae6549163079979ae9c046e2bc882af23132727df39a5897bad8d1868a85ef

  • SSDEEP

    6144:MfPKpU+W9rek0Lou56IzYmDWm2RxwwbDr9b:M3x3/0UuEIzYmDR2jNh

Score
8/10
evasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\31f4cccd3f13fe67f5400cca470766b6_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1840
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\31f4cccd3f13fe67f5400cca470766b6_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:1304
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2712
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2584
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2740
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2580

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      7a232fb65f57d28521560e93d09ec991

      SHA1

      69d5e92cbdfe6f82a2288b10f0c84356af11615e

      SHA256

      0e6757651270ef083df2448144bd25b543765129f5c05f1f1b89d15d71dece2d

      SHA512

      7bd87dfab3af99c0d67acfeb68120b740172e1113a951b0bebe47a9ab5adb4cebe39f9215362b0c117a51606c82bd3cf47048db002961329d1ee65911ffa790f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      663c1dad940129427149601f6c8f9ff3

      SHA1

      7de969c6b74215248573114716882c7e2b5d5576

      SHA256

      a17bc7cb278ab2da6ac2b8466af48784cacdae69f975eea02feeee029c987692

      SHA512

      a8585e0589b4f514ae04bbfc2895ed1f02f39cd08ceac86f9b5db062571fc77732fcaf59914e68e3013f568245e4fd0c0651a27de98a0bf789e36254abf82e32

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      eb190595d64b5491ebdefecb1bb94336

      SHA1

      5292f35cdeb4e5bb2a600cd5fb6b15c9e0418c72

      SHA256

      a5942c36c5f8a7444564b6d4f1d5485bc43d9315c27bb26d85409f3dd67678b0

      SHA512

      9e4afb0058f9b40f31045b8ea8d14ad37c768613100634584205277898bc7ba70bbfa6ac5ab30a3dd0b3107781cb8a9b655951aef41ae3fef14f093ef08d0d10

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      7cf9993ed4b7c713168aa8a1bc02d365

      SHA1

      6bd23da0288e26da5aa28095564c9fc97b314b91

      SHA256

      da9615931f9741978d9e80f681c8bccd77e90f9aa07130e3e86ab91543734347

      SHA512

      5c171c812cc9a746ee42ecb3f437d56c443b5edd618bfcf6149ecbe2bdaff51afb947bec32edf94827300dc655e890a93db9503f32852db36b3d9b8a11cfdb7c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      c6e2f33a4c1401553526c3f278ce6509

      SHA1

      5ba9552c2ff2ca9b8fdbfaa0f00652377cb9c8d2

      SHA256

      1d31feb97dc1e1cb60c2b2f87a8da990328bf777f51462ef654e14eca81d1061

      SHA512

      7078a41288c9fa550c0c05edd8500c8ebb7f32a5b2588cab415b1b9d692fb346e201a19db87bb7abb859677d9a78346e08bb94a37eb266145ec1e00121a034e7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      adaf75f4256331da427407ffa1458c27

      SHA1

      9ff2ceef8a4dc43c3caf6f7c3493f44b929b0470

      SHA256

      7059adf3390206647fcabbd37a18596dea1d38e3c7b9ac10be8a595ae1d0f561

      SHA512

      2df2b9dacdbbc2e9b007211c9c21402988b7a2e35da65c1a17695835601ce7b0ba3b0d7d71e8eab895c1c4d89a2b72ab5270b0622ea5ea36de3c4b1f7458f471

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      6add37bf8cd2dd69808df77b175f4e02

      SHA1

      2efd88c84fc3ab0aba5052ce1f54da1648fadff2

      SHA256

      78eda62eba24a477837c29958ac92fbd79d9a02881390b1a4f0373923268bae1

      SHA512

      8d210042419936e6e423d56fa9df99757e53b6b0ffe03f1e5142e36edbb0a8cbcd99d1c59d8660cc9ccbef38180ae1f46f78f698523335362956a9e32fa3c40d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      f39cce28cc4a807c7041102e2235e881

      SHA1

      4affc8ac14dc663ece3269aad4602a7f7bfd2d98

      SHA256

      891fff2bb5ff1abae10c0154b9b3e838508e3ea6f6c3b7977455406f6ea20fbc

      SHA512

      07cc2107e314c671842ef9bc084e512083a26f49017cde15b35b330733978831f132a95145eb6b0aeaf2b5c88f175972cb257d71869c993e00c5d4c6bc678e71

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      5732829dcb102cc272000f0a28a3eeb4

      SHA1

      9cd0df10eae4fdce0a8b56f2221aaab5db6d6316

      SHA256

      94783c85dd1edf221f7b00efdb8f5c61f8f25f8f2d1b74f2bbe0725e1692efdc

      SHA512

      51f362b1d2deb852706e097efc57071d3f331d0e6e98c4ca96879e4a7be601e0c04b0d0949ab91ad61b795d5f671c6c6553f2568ab9263d06d38096c301f7093

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      1506ff486ad96e072fe2e22fc4c29a69

      SHA1

      b3d0ea7fceddb53974783c920261ee513acba2b3

      SHA256

      83e2621d873fe14ba73c8a458d18aa37863361359c68aa827a07f146d7d433f8

      SHA512

      7b5d3a90130bd5ac75ae00b9e00e521539dc5369121a548d9e7bddc0ae708cc483ba6220aa0a1caaf8beaa813644925feb736fc78f49046b0d7bf546ac74449d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      cdae9d5e0e83541855e73e4d3bd1ba27

      SHA1

      b0b4d2076d4756734124ab68b903e92e15cefe38

      SHA256

      a2c5c4a0be1c0e4d37ea3dd85935f6e908158d4427043787373c3dbc84ea6d26

      SHA512

      980c30a709e49ae2a455c0d3ffa0f68d6601086aadfc3bddddbeb4c001bba27ed9b955877f0135a4566091762e2cab0d51471fe92265138038459251139a7855

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      022f63073ee26e1208b2c0b8c7b294cd

      SHA1

      38dfdf67b213d1e92bfd537d8341c748c17024f1

      SHA256

      7ada8c73a615c5408b635e9fb4cbed625732cc71a91a0e02262ba7129656df98

      SHA512

      64c9669c44745e3e477afe6917a5474a151ebf346fdb635dda88b2aaa7e543072c4ce40c959b3368295ab369a14881655ec0adff4858b98ad57de36febc02052

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      6e8ed2e764f4abaff30bce8976d9a96d

      SHA1

      bd6ca6218a9709d7a588c732a65eb0b91255a3fc

      SHA256

      20333749177b1d8ce7082e199504cfd42e455461a67a951e6c605d5276b39d24

      SHA512

      fefe053754823801abe88f475c5a3833df6840c4631b9e072185f74cbd756e6b0ae2894f8d426fd373a24352163c07f6986b7f4e35d1dfa685e744919f38b768

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      8e4898009956af41b0e33309a3c24f18

      SHA1

      54aac38f5b2ac85fb3cac181cd0ec0d4b1c45fbd

      SHA256

      c4e1f3c8cab5e15fbd22cb418baf3a75fedf77d3e0088404bda2607cb0730a10

      SHA512

      d605574e8b590297dfe18d6ec4ba1167bd1f5ada79e90359f39fd140b31e5f0fa9e569aa3dc4a3a8ec3fe3fd019a46aa94547f6f0427d23fe172aea0ed5f78ce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      1da8f7e8c00d1538b01abed72ae87ea1

      SHA1

      d9f1bc7f4840fcb654b5cbaa59cce73d79044b96

      SHA256

      31265272141179b112adec5f27c3e400ca6f84dce51559a060aa5a16cb1acfce

      SHA512

      d37ac5a2c7d36b79d5fdcbd4b25790ae85269575a820f2b3917b1f9cfed7d7a198609db2c13f562c709a691f5d3ebba9f3bfb0bca9532819e65862fce3b844f7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      319bf6e8b37099c95dac0cdad3a59902

      SHA1

      da47b661069dd033e4fc17fece7e26095e6db3de

      SHA256

      64b58fb2edcab86390d19584282792fa7cb6ab1bb6b3a441795b057d3ca5b342

      SHA512

      836508ba05635ca568b3edf37b7d21eef6eb16f4bda5610dcb4dca1127c4f504363b51fb05457690fe19f05b47cd77510bbb585e0cbd39dfe597a0b4e39b1819

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      1e36ac3c79014d112d0dd30e617b4ee1

      SHA1

      f1ea928140e7765fdf8d5453ed34f9b8acb55f96

      SHA256

      82432414bddfd8bd8c163ef8f4503d6c5a559a7c5319e493f78fd5aa1cc0e274

      SHA512

      ae81a3f75e5a9e9572aa4882f485b033d5714ba0b172f827bc29583ba10854f19fe12e4cbfb044334534c56a21401bc49fee76ae33ae16bb9c25071b41163870

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      03a9ef8dc045b7284678d374590f4c8a

      SHA1

      39b19f96caf095671afb5b1f79704d3a5e81f1f1

      SHA256

      8423dc6cae06762bff70271ed99256032431d28007847691618a42ae8004e247

      SHA512

      23ba8535bfe96c89ebfd0d0a46bc80aa885c4628578adf67cc888480d6411da59b02215f720798b396e0e5caccebcb68187b5d6831c0c2c4005fa2dbe546911e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      99e1926edc97593bf63c9fcd81226c67

      SHA1

      b84bc7cc310f87583b3bd7d6771c82bbb5e58cc3

      SHA256

      9f31bd03672cef1e6444835eb1cede62017e7b81fe8331f8ccfee89177b09193

      SHA512

      4581cfd695ef0ef599d8bfab75008f56d34f699839cf251e9f2f26822ea213a383dbaf2c7d97544c726a1a34c1a7771e7bc9d1d40ad837aaa08542880f30875f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabFBBE.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarFC5F.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2032-5-0x0000000000790000-0x00000000007C2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2032-23-0x0000000000790000-0x00000000007C2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2032-0-0x00000000006A0000-0x00000000006D2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2032-1-0x0000000000710000-0x0000000000748000-memory.dmp

      Filesize

      224KB

      Download

    • memory/2032-2-0x0000000000790000-0x00000000007C2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2032-3-0x0000000000790000-0x00000000007C2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2032-7-0x0000000000790000-0x00000000007C2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2032-9-0x0000000000790000-0x00000000007C2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2620-11-0x0000000003B90000-0x0000000003BA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2712-22-0x0000000001E10000-0x0000000001E42000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2712-12-0x0000000000170000-0x0000000000171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2712-13-0x0000000001E10000-0x0000000001E42000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2712-14-0x0000000001E10000-0x0000000001E42000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2712-16-0x00000000003B0000-0x00000000003B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2712-21-0x0000000001E10000-0x0000000001E42000-memory.dmp

      Filesize

      200KB

      Download