Overview

overview

8

Static

static

7

3d66b6170b...18.dll

windows7-x64

8

3d66b6170b...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12-07-2024 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d66b6170badfefb74ff2d1377d5afb3_JaffaCakes118.dll

  • Size

    201KB

  • MD5

    3d66b6170badfefb74ff2d1377d5afb3

  • SHA1

    1212981f325c60a6a7d296929b047c7d74d16776

  • SHA256

    0ff3c9098a2b336916c3fecaf3d0a90354f6e3332c099f7171c302c572f85dca

  • SHA512

    d0f88a91ba58fa04ae883d59617ddcd83d8a654a6248ea3abfe04e88cbf296b25ed4fbafc304cdce2b067d57ebc198922cce99f596635b02ed4b20148ee03153

  • SSDEEP

    6144:bNhusqvH9ylSJI8eCgD8yCish9EfKfys/g+5:hws2918UIshGKfyK

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d66b6170badfefb74ff2d1377d5afb3_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d66b6170badfefb74ff2d1377d5afb3_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2884
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:3056
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2348
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3052
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2796
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2612

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b1efa80134718f43c82997e33ebf8fb3

      SHA1

      9cbc42fba5d5bafd7dbe85f6877f547924aabf3a

      SHA256

      2446ec82a657bedfe57e23d4edc1c53bf1180600967d86c29de1f22650c38599

      SHA512

      2d283b8d4f85e338c2a0826687e928bd5eb30675257a5e1a16b2cf4db51b21c31bcef44907be35d698b7d172cb3c9b6d7fc2057866e5ab08815341fd54c096cd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      eb1070e6d49f23ef41451cda214e1a9e

      SHA1

      68fc5f8885276229028d2dcbcad6913b1479c036

      SHA256

      96f62acf15f2027b5a2b4ff62ce9c39046f9c6d47a14ea3a78032f72f69bfd37

      SHA512

      e07608d2e72cf30e74b3dd5230c2357325a0c7b9dc107eec6fbffee6b22f27c64b669ae4988d042a6bf60b03eefa332fe428f48f69617582d7dd547cdbdbd9f7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ba12e39b67c352e628a5fb3d8330b16f

      SHA1

      e0040592b4c5802408f47b84894860b40e18184f

      SHA256

      28fab05d612562156b6ac8b3b7038eeab5fbd294708f5a6832a20a4b28dff407

      SHA512

      f3549e258c456a755f76536358f79d20e4ba246d804e11b16b34e2ac0e77cb2e4ad6ffe5a73946ccff73dafcf912df2769643bae45cfb774c14deef5362717b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aa7e7efe83266311b4f8b266c90c379a

      SHA1

      10bb06eeac9db1ebadf51181c12c3e98770714c8

      SHA256

      2ee6a4ff781af4e7d7ae7364676d0175e34ccaff652b709ffa50ad65de517c09

      SHA512

      90198c4b9c156d07371f770334f0f29029cde293c9264279e89db57b272ef69b67ca7280da519a3e1777a3283f3c0416ca7a33a1e41d14af09bf65a60a988f13

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d9e024174057bd919ada7523a4b12413

      SHA1

      ba8ffb78839c21ee434b8ec52dd1adeda212e225

      SHA256

      edcc9a8278c79a0ad9a8a486f8e1e1efd14cd6b5b23dd6119aab2cbfc3f134d6

      SHA512

      9a9d3449b2628755a1765622fb41e58b0b3d2f3d6c0893d782b3b7d873360e906a0bd047e0b4dac90ea83d2a8da82372e17fa9f0e3c529b648b574c87fb76b48

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      41495af87ba583e388f4ffacea2f825c

      SHA1

      6eac89b97cd355ac1dd52430f71693a361e7eab8

      SHA256

      df19d9d4fa6c05d1a3802c7ee5335d23c22e0c64e1ac502f8fbc5045d646a380

      SHA512

      db625d6753225cd4b29c181388ddd48e2995ae99dd0182ffe1c2b03c361230fa702f32e34d34bcedffbd028d525490f08581a914f14727dfab7d2d87f32906ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      08a51909dfe2e2ad10ae58a35a6fcdbb

      SHA1

      d8420d15449b53a7dff6723c07960909495846a4

      SHA256

      bd2e5dd72d9d2fc2c743129446d1b18031ca28577a2e0939a22ccb4e4a785fdd

      SHA512

      bddce9513e77b7d6965ae96159810f01fc0bc3269f9bb9951e41af1c23ae9df4d62ab70432bab5cb95db193e74d42bd0e3fde7fa73a0bfab771fa502b18bb0e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c60f19b0a585a6138fe7d0a0759f964b

      SHA1

      9b59e8ffe9d279ae925e092f43dc448bb068d639

      SHA256

      aa73f27e87e6fff5e1a788b446e543723e45e733df28784583a24ed6d62174ad

      SHA512

      688841959bdcbf43a3a194089e43592ee021515b59532c22d48efba53a55459467838d5da3d22030c53f7a61f28077fbdcf0b0c0d12ae6966e50c81fcd9b4ff8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0f9534cbf286ac96323c314f58b9ee4a

      SHA1

      2f0fe4b97650e3dcf4e90e61f85cf82fa22f07c0

      SHA256

      fc27242939eb1d5d315efc42175d63a15215b79eb546f733e78210aa020a3ca3

      SHA512

      ba62e5919b55c043dbb88922b614aeee91697749b007432e30f98bf9b4c7b798b85d5879e10af20545a40f9646b9c1dd08050206f1c6de6090813a415b079562

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1232811ff919fcadce50f52e16e5df3f

      SHA1

      3b2e3304a16fcbf18196b6ebef823315b2568104

      SHA256

      c36d2f6ef6028a6a0b6ebe7e7df5c70b7328ab9f98107990e93e34e719a9c57a

      SHA512

      dadb223ddfee07137320ceed4af42bc0d52a3c601fb8f69657c2c31771c1965dc3234fe5c07973908d82d22be7c0a7aa31e95f40a8b19ac155cdeeab739b1a65

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3a4373975d9b8b50da2b9dfe6c51aad7

      SHA1

      28317ed6132e97609a1af80c6955bf674d2caeb3

      SHA256

      7668f74b107ea884770dd97bfdba8a0d56c980e5f58484f13cc3592bce46702c

      SHA512

      d969658ffddca5169203e5ad9469a5ed000ee2e3ff35fb1d0be11b01024593cd713d55211a69075d325be271b7ab3fc5acc19414803423d82b51e440f6adcebb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      31e13247a3a2304a6c6c0de19a824945

      SHA1

      fa1098faf0082d5fbecc9e23c2eca1f4d3677a48

      SHA256

      0a9165503766d7742cf0b628ab096dc169f56642c6bf0d5a023c7e296fe1b9cb

      SHA512

      6ebcc2bda278709afae81303d6f0529de4f434ecc6095a6ed0afd962ba4dde27ffbc792c8e80b51b581eaea3f7f6b450ff5370ac5a0cdbb697a7d5b95b80421c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      74081b4baee309e171ebb089a1f38ded

      SHA1

      da201b3f2757c296958926f948743d9896a06e03

      SHA256

      9a9ae4e0aa7276a4548076102ec0e3e22aaf3a0f46e533d93565925d48feec23

      SHA512

      e7faf0bfa5a9ab14475a695423478bef48fbaf66297366746dbaaad8068e0f2783ebd103deab7886af580026db89c18538cec3629a78be736f1d9a8c13301690

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      56f773ad7dd5cbe55199856be177672c

      SHA1

      9b4dc7e321790f71b7a3db8183b4119400858b60

      SHA256

      f4f710e8dc3e6c862ea73b131cf88c8d769efc3824930f0ee4370e4155e1b9f3

      SHA512

      85e52790be8363bbad6c0ad8c9f01098a9d9891b392c92e3da3468bf6454cde49806a8f36416ab7bc199893a3108fb40e9ecc6d49a2ee48ae820b53f51dac727

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d6418f328e7e31bd55dde63428220b8c

      SHA1

      5dda888f8fd6c87942ddaa2dfd26d70a1b10699b

      SHA256

      30472342b45b09d2177fd7b40ee2c17a8f245c6d05cbc4746e22479e88b0f785

      SHA512

      43a845b37dce200b118dcb4f9f12cea1435be823f0d1727c6704b03f47b028829368fc2a3e593603a8cd73ca0c4c6718d0d726c04b46c2254ee63086e6404b61

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      781b67ec60ec095d07be9108606c59a5

      SHA1

      19375d43ae31a637ef1e77c9156012438718b367

      SHA256

      452e5c744ed94bc5d5557a75d3cc544a03eb2a1a6d7cd3fa73f1ae20b56a7564

      SHA512

      06e2a6371f31b9ddecefa36f49eae1d96d45efccf80ae9b65161ef935a6c5f37db2126f6ae28828e9b57e682e44ab5b39e2bd322ad6b9b6c7501a8a6d162dbf4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3b93480b8bf58614f31939d35a6201e4

      SHA1

      580795af3acf03d57177a74ea56675b9488e2574

      SHA256

      58895a0195c6048319e87c3f68691ba418cf176f0d9927f00ace1555f0b0cd85

      SHA512

      732074bf62f637f43e249392b0ca26786bf360f0eded0f09d47c2f146e3249c06d25844fa1340a51397f1743e34d7585bdc1218de9de41a559251c32f6d18f75

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      312d2d9856858785d0336a5efe321a6c

      SHA1

      a375dd0cf183b7737cdcf69e41e4f8fceb98c477

      SHA256

      b420b531570c163bc39bf663c7df5021e792c5d9c1b098b102e5f315a6b362fe

      SHA512

      34f7ce6e2f370cb9de914aaf393fb807b562b9200cedf3264ac52b2fc0d6159d684c4fcc41021c956695633e6b14b26372225d088fe4208664a05ddf175f8368

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5ADF.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar5BBD.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2288-0-0x0000000000230000-0x000000000027E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2288-2-0x0000000000230000-0x000000000027E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2288-1-0x00000000001B0000-0x00000000001C5000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2348-11-0x0000000000D10000-0x0000000000D5E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2348-10-0x0000000000D10000-0x0000000000D5E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2348-13-0x0000000000D10000-0x0000000000D5E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3052-4-0x0000000003A40000-0x0000000003A50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3056-5-0x0000000000100000-0x0000000000101000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3056-6-0x0000000000790000-0x00000000007DE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3056-7-0x0000000000790000-0x00000000007DE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3056-8-0x0000000000890000-0x0000000000892000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3056-12-0x0000000000790000-0x00000000007DE000-memory.dmp

      Filesize

      312KB

      Download