Overview

overview

8

Static

static

1

3a54aadb1f...18.dll

windows7-x64

8

3a54aadb1f...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2024 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a54aadb1f24cc16632f1cf0d35feb3f_JaffaCakes118.dll

  • Size

    254KB

  • MD5

    3a54aadb1f24cc16632f1cf0d35feb3f

  • SHA1

    f72242f1a96127ac277a708fe87015f090cd88bd

  • SHA256

    512b04aa1c75e4d4d4de5aeb0c4a483ba2dfd6845f431100c83ffbce45613f3e

  • SHA512

    35e93270bb6eb2868aa083d60779a10ee2b1ac134366d8e698f5aee7dbf5a5e44502fe3de414469a2c4c75b84e6e02f800145b0f67eb97db7367e480b4c923b9

  • SSDEEP

    3072:DqHLn7oFbe7z0zR/sHoEg8El7Ut3SJ9DLa84CFd73yOjIyZrG0og3XTo3VvApN85:C7z0SHFfU7YCLl4Cb7prC0oVVvWipz

Score
8/10
evasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a54aadb1f24cc16632f1cf0d35feb3f_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a54aadb1f24cc16632f1cf0d35feb3f_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3004
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:1272
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2104
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2656
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:1744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3020
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2368

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8278aeac9287a1aab7b7194d6fa877d9

      SHA1

      96207f4689fb228d40a2b9691a17113cd74bdfac

      SHA256

      823e33d8a54a484905bb840fa7471a4f6b6f884ef867ebfa665d7d982fd9c6a8

      SHA512

      9761cb7b8c5afaf86379593e2cf71ccfaca88d9946203c140ec6bd1c25581163677ba95d92c4d6287fa39244807b3301db7aad0396c72e051dc87c6c064c51f6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      27ecc2d47cd5de9bebc53c6865b6a287

      SHA1

      c42d6bf1346ba9d5e8bf1581d7a76b509e9ecd5e

      SHA256

      650eb4d3a89d059e3811e5ed5d9d55223056dfc324c30fd86d8253ca5b1e0f24

      SHA512

      0d7b7f29ce34fc1ecb607e097be950079a7074a1fabac886d68c490c79d378be60a108c58e2c5942190dd6a388af9c23b81fd22c9ee808aa4785b494d243921e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      566cd41d49c978068e46a2d6f186efd2

      SHA1

      5deea6f020261b6882852c5a5257aedea8b92e46

      SHA256

      6d1a7ed002dfa6bda3a694ae4b6f8021cd8c5e303e756c98cb08191501318281

      SHA512

      d37c2812902564fe1954d62c2963e87f12c69680ba63ba34d7f27f05da621dc7ca76d0f1cf6161799d59347ec727200e4bc0cef62f147d5a151839423e46bfe8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4ddf317738c2a8dd90ecc3af1898a02c

      SHA1

      8d2f9a333f4435fa7c0153cd035f43d9c4fc988d

      SHA256

      237089db8957cad5404b6fdc537153506ed9e24fb4be98fc1f8e1c1884adac28

      SHA512

      e6ad5c7998d6af1ac90ed74b2ca5800fa87ef77d9c961816a1916203caff919a4ae876d82698a19dd0f59c0252725cb978041f5717ba606eb0b1eddbb51d189f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3304b04aaf072ce626cc437f223d7a8b

      SHA1

      2295a28ac6dbbd958976b909e41ccb0c0c37f521

      SHA256

      df73835bc8faeb656f09c8873f68a95a2bf211416c886b63994a6f1a3c3843cc

      SHA512

      826ffb7a6e1a9f7d07ae619331ca5d41ca461c2127df9df2b4818698a71d65a36fe13694ea89ba8586a3ffa35f37fb38eef06f65aa5226c0377781aafbaf2b95

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bfb09f7c630e3cc640c8f1fa640b8682

      SHA1

      00660c491ca2c8ddd9b153cbf9c4cf06b4f59549

      SHA256

      ebcefdd631343ffaef7353dbc47997ed1c94281e3d7b0ca25d4a4a302e25a79b

      SHA512

      56c4ff83e7ab519e0a3b79061334d170fff6450f490a657b7537181a17683da99ddc0a9580697209bffa29612c610e03d32cfd3e461f93190db03112c6d190c0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cbc49f0bc219e2d66d7c8ed9727ca2a1

      SHA1

      f88ec57bd74486363e1f3ffa89ea0cc9e271a261

      SHA256

      c8e71acaacd561409ecdcc17d081485cd8314404d3ad3fb26c280c25d203254d

      SHA512

      5be0bd77d0a2713955e435cfd8ce69d9fcec21f11c228dd357f9ba44a6180421415f608d9b3917452f4f2f0076429369eb928f36f3425df7d93a07f1a15aadd5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e46fe092296560442bb0f0744f296e77

      SHA1

      3924e9b0aba0d924aecdab54ff6f5a68873dc133

      SHA256

      092a42fd54262408c96cd9a34314fc4372be1c54c44f02562d076ba9aecbf250

      SHA512

      bbd4444e5c022beb847238df23606ffddeb1eb4e686e1f245433b528971a122439635b6708dcbdf12d233de245b9f6d21b5c4613a6501292b6a730b2f20a7d44

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7f259a2af53388409ebe6351a579c8eb

      SHA1

      304e244bf497fd1f5844560fb3dd64f97f55fec7

      SHA256

      ceb55227c9ecf8a4298951132ebbbd7bc5617f620c0dc7445893651dec9ca0cb

      SHA512

      128ddc6ae5e78722f3f3f0a8775d5e5ae01e2bd78e86a7b99fa05a5b0ed23e35a09ce2c7c20063c7b1f1f5d782bff8837584d72f66a53532ca1d92cd838b0eaf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2a67c1c165ddb9ec622a33d9cd65a4ad

      SHA1

      7ce02ad2b4047829aea5358fdb7b1b2a3e0271cd

      SHA256

      683b2ae14821f3e60b6baed92bcfad880e9d3624ad916d35ceb6506671fedd9c

      SHA512

      67d0b0d4f1ee924b5b7c509162b30c4937866cde5043d4ab837b1af48f9f28bb3e7e9d5e36ced3caf78f7d1fdea0851dcabb7774fcccb4cd93951220db1e9f76

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9fc49d93e0d2f4630394eca215f4f4d9

      SHA1

      75c65a2868d7d70ad638e276d6452119e238d64f

      SHA256

      fcbd78844ff7e909f2a375ad097aa76931447bdf94b095d5007c77f59f004394

      SHA512

      8e728d36ac2c2d8f9da0c5b0b074592a430d8096fea4ff4e73cea50a8832723747fdbf02207c376dcb1270974477603731e1356f40065faf2940b185cba3f036

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3843a536b45319d62cbbc55465cf594d

      SHA1

      c7988bbd6e944a3c83ebf029bef06bea8c5348c4

      SHA256

      8771121c98342fa82c62e5fb13365d47532a737ce76006cc7ba8f0048669585f

      SHA512

      991c42debfcbcd40b4d873161aea72c50eb2701c1b59fb15ba04f790808dabbfbc831c405c07731b4107d269e27508bb6ab931ac58a006fb95f13ea6f93d9b9f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      25cc9bec8e358142b97f13bda60b8e09

      SHA1

      39848edf1e3fec8e8890a67f0ca81aa7f7477046

      SHA256

      7867763780b22ac199faf7c7e6411806e79049fb16862989bfbc3758b26679ff

      SHA512

      a1ac11f6b9a4cb035c9e2c8ddda33bae5e65e836064ce3bb6ad955ed24f861792d2ec3edf3a9d6a751c3ed3b10155f0ea356043a85b371c797963c689cf002e0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c7b7e20801dde308fa8b5374761cc570

      SHA1

      9f8f0efd0da8f07a744caa6e89cef756d5ed1543

      SHA256

      167a91a21f5aea34269b4b484b39462194604ea4a4b8b708843d0d7c3fd47a4a

      SHA512

      2884e2d1f750fa7a5aa95c1e9cca75e98f09056e9a7927f4bce196d83d0426a9351fea78ce0c6e9400a4614efce803c63bd147d623beabe6a0927d95c458d977

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d29d3a0b2c9c6f0a66fec1a4cb4bf8f5

      SHA1

      7a3227483c3ddd87efe3bdde79575e4b7592b938

      SHA256

      132a1d4aaaf52a2449fec597244a3bc36aa8dfd2d3d2f72dc956a20021e0d3bf

      SHA512

      3ab12feb187339a35be9759a26bdc0db62d093d705ab92f41e180fe8c36abe287d9221529a57b3aecee7ad9741de4f69939290bb8eea1914db5da37c4a5390a8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      52cacdb0bcf520ec763b71466f767a4a

      SHA1

      a1811586b7f8c3f5dcaf766d1093cdc1d26d4480

      SHA256

      a67e13d03a36213a82fb5a8da7f25778a0b91080a1ad08d5e06f9e8274fe4d07

      SHA512

      c7f640dbabb27d65d9a0f91c394d03da9037a40a02bcc33fcfc1968ba981401fc5a059b405e0d079e0d6cea41933cd8267297590edf3603efde6dadd95765986

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a05a1d8de79579d3946d4083ecf46951

      SHA1

      c69377792e1d477861decd8820c49c386e76901d

      SHA256

      0a37f1a0df728c991c196b73b49fad6d215b7c99a776904fb0154664cd95d44d

      SHA512

      5bc2442346808c54ead3945d4bf458faade6feee1afbc0a83a2e334005811dba1d3211909da816172ff47f1eb6b7b6bf339b206e68c68376f174e7cb7af0c816

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3407c6a0c10a194e1286b4292fcd01a4

      SHA1

      69aecd99aa76e87dac6aa6bfe3b069a7de07e692

      SHA256

      78f822feb1ca15ccd106154a09aa7d20034e269d1481b22b12ea3b56140834f4

      SHA512

      e34851e8dbf7127ba8ad250296a1885f95169a76b817e6e575ca79faf9375e6c7c49e67dfc2ff9c5c201cbf1386846bae872faff4d45c4007fbb6f7ff6028c0c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9f18a0d593d7104a9e9e05c18fe1602b

      SHA1

      cc184e3aeff075e3ffa61eda5f2a274a8a54569a

      SHA256

      d70504f3311405666e039efe1193e7b160ca0166b1b22cd150d3ffc498e93b86

      SHA512

      1593a3b671428071e5c0506003ee49000c8cf657678941f496e202f6b223ceb3da4cb3f0d654b5a42ed8a9e878e8856f98cd4703d11bef6948a735233a742056

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b147be90acf0910fe723b6ecfa17b8bc

      SHA1

      c38a15f65c1cbf9423f59ce981f06fcfcb37ec8b

      SHA256

      fdeb739d61083a8a9c548be143b2973ff80bf1fd50627cd724aa56b2eaafafb8

      SHA512

      52f3bc3d524ff0362f0fc50c572016203cb625293439904b8e13e709c4cf62ab95a5774bb1f6bb0348923d419ee8524aa752f4aec5e795f05c2dfbba0f8c6d64

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabD318.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD3C9.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2104-13-0x0000000000A80000-0x0000000000AB2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2104-12-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2104-17-0x0000000000A80000-0x0000000000AB2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2104-16-0x0000000000A80000-0x0000000000AB2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2104-15-0x00000000002A0000-0x00000000002A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2104-14-0x0000000000A80000-0x0000000000AB2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2384-11-0x0000000003B00000-0x0000000003B10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3004-0-0x0000000000740000-0x0000000000772000-memory.dmp

      Filesize

      200KB

      Download

    • memory/3004-23-0x0000000000810000-0x0000000000842000-memory.dmp

      Filesize

      200KB

      Download

    • memory/3004-5-0x0000000000810000-0x0000000000842000-memory.dmp

      Filesize

      200KB

      Download

    • memory/3004-7-0x0000000000810000-0x0000000000842000-memory.dmp

      Filesize

      200KB

      Download

    • memory/3004-9-0x0000000000810000-0x0000000000842000-memory.dmp

      Filesize

      200KB

      Download

    • memory/3004-3-0x0000000000810000-0x0000000000842000-memory.dmp

      Filesize

      200KB

      Download

    • memory/3004-1-0x0000000000780000-0x00000000007C5000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3004-2-0x0000000000810000-0x0000000000842000-memory.dmp

      Filesize

      200KB

      Download