Overview

overview

3

Static

static

3

3b32a05a50...18.dll

windows7-x64

1

3b32a05a50...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2024 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b32a05a509ac95029f3b02e54f568ec_JaffaCakes118.dll

  • Size

    28KB

  • MD5

    3b32a05a509ac95029f3b02e54f568ec

  • SHA1

    20f85366d3f35db308e671ca2cd0917c29692974

  • SHA256

    c75418d3e8fecaca847987e398afd963bcbacaed46e706d8f3112304198939bd

  • SHA512

    29ad30fa02adc7c9094fbb01c5f3a23ef34f5849bd5808371cf99b76a0d8042e1af7cac019ac1981d1a41ed2dd8d08d1b638f7bd60d96f9c9dc5e3375a2772f7

  • SSDEEP

    384:vyh6YArZubKABxESV5wKuK1rj1Ab55Caq1B/6xkz3mhlpfxQ:K6YArZubKABxESrUKNc5CV1BSFD

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3b32a05a509ac95029f3b02e54f568ec_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\3b32a05a509ac95029f3b02e54f568ec_JaffaCakes118.dll
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:1712
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1d4b5f005fba26a8df5e7028c8a72ed

    SHA1

    38284956c488dfdbda6122752da8f461b83c6cbf

    SHA256

    f5438d71602ee0060ae98687f9ba7cc8ec106891d0a91d402a52e546e2cd403a

    SHA512

    6cf8465bd4425cb462b778afde46f4a00f640a5b2a7b46dc25bf1d3ea73f43f81ce08ec496b970de9360a6062e140805a6505660ba5f735bd7d69f6f3d7e733f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55377c77b885758e79cba8b996c47038

    SHA1

    5f9fc627050f866538ee1a98e69f93fd7464457f

    SHA256

    43b22591a60a7a6f61751573cb50db27d8d3271788455a1dab14d3f39b2d7203

    SHA512

    e65999970a883c4cfc90d9b6eb8cb19b043f20a64f3d391b2026d3e50d1a8192e66a23f24a6972440939ec9f63e93419c38a9523a436c0f93bf643b1bc4f15d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4aad67c52dcf23aa45a95681359205de

    SHA1

    f1c15d4fa24af5ac4a913765a7caee0f2f764edc

    SHA256

    5c674a08b0fe2ae7f27c44d9340187f041df32a2a13e5ab857f02a8bec1ae8ae

    SHA512

    2b4f0d113ef4b27a6bc5569d197c4926faee0fd9453dfb498609097be3ec0b379df81f0a5616705ac52692cf32eb41dd43a1e41c218760765f1bb4b08d9fae91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4bbc9ad76f6a71ed8664ffcf95f65eed

    SHA1

    8543f6f193c938008b098777c16a6781b6ab8efc

    SHA256

    a87f8037de1a2d90d11dd0a01e5e418a7a951b549b0dc618a77289a7c0858446

    SHA512

    eaf7bd020684ddd475a80025102105853ca098e3209b56ced0af7bfb08b13cfed49a3545529b0b182c1096edd6d49e7c8e8eda08a51d10aa20d148400bf2b518

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e35815de79f3e52fa27dc3601e5e6ba0

    SHA1

    46dd98cca90852745fd9a921f2794f35a0bb9e19

    SHA256

    afc3e08d5b855af43b45f347ab19b3b7409c8838a0c8eae145a4c0a4eafe4b01

    SHA512

    51ce698ec4168dc209684c73713225e3796366f5e941afd435611a7e30b7bc0ede84494d7785fbb60dda6caa9dcd004e6a591055ef813f3925afc7c701cae794

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a76882d17215fb79341c121bc32c9613

    SHA1

    3fb9c1c98135c10c61e4719c2d33747c16fa4252

    SHA256

    d9ea079ec951314419434417bcfda3b2d9f0a7796bb6b886dd0a4b44a11de04e

    SHA512

    d3b97d5667c766d8378d33968ec75537d8c77bd9a64227bd06f6fe30b8978c599c64b7c389f211f3520e607aaef003439a686c751a4e83c29626f2b4a66b41c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7ded0808053c39776c7007fe6188603

    SHA1

    1b62b191f99e503450fb8e978437ff3ae4631d20

    SHA256

    fbc39741e2e013f8b41f7b47aeeec1a7af9a69338aa1723c77ebaba20f4ee9cc

    SHA512

    5f294819646b89ced133a9ecf3e42f6315ca36b2d0c6f2012f3e1c59a4f76a2f586bd58c171b5608c28a87e4cf6727437accefd46ac1628f39ac3edf598eca79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34918f969b9a94032192fb4da668bf5b

    SHA1

    6609e96414ac308e21b02955f090b249c42044d0

    SHA256

    a085993243ece6ce88299a9fd1c8dd9a1392db79ea12355ddd35f3a8664e1a9e

    SHA512

    2f703f566116a3f2942533255b8cd9e8d42ca45abfa771e0af4879b291503708f30dd767ff960156641622668089b828edf1ae07a37c2664ce00feda226996d5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC499.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC528.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1712-0-0x00000000002E0000-0x00000000002E2000-memory.dmp

    Filesize

    8KB

    Download