Overview

overview

6

Static

static

3

43b5c29fdb...18.dll

windows7-x64

6

43b5c29fdb...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13-07-2024 23:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43b5c29fdbfb9b5ac4410156bbd479a0_JaffaCakes118.dll

  • Size

    377KB

  • MD5

    43b5c29fdbfb9b5ac4410156bbd479a0

  • SHA1

    e79745874ce4421d1dc24014259233eeba729d3d

  • SHA256

    126924925e54d61732a717f991fdc3a4bf95302daf2bc655bac690171433b361

  • SHA512

    321b93b4a06cae99753f3c2b141a4011620c3e9badb32516648f15abaf12edbb357359a9b24a3d3097523ab14a51f243b396fed08e039d8e5e089a0ffbe7b4c3

  • SSDEEP

    6144:9NnAmlF1KfuNlnGzQtiyfLg/n3Fa5XADH8B4AJxDmP63p+u48u7t+pYZ:9NnAS7vlnG8tiyDiVa5XGG4AJxDmP63Q

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\43b5c29fdbfb9b5ac4410156bbd479a0_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\43b5c29fdbfb9b5ac4410156bbd479a0_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1640
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1828
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1828 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1929e8aa21bcccd18cf4352d7153e43

    SHA1

    368bf952d5a3dcb70c84446318cb51b3eb9a5e0d

    SHA256

    1ceebacaf56342119ab71e934fb96fbe7c1b1b8baf422587fe222bd59e6bf409

    SHA512

    cf1a19b05d25896cd8bdb1842b656f363f8c543b3a4e5824bcb5287c7bb4eb7de445c6a7ca1e8ed501b5b79d580277463f871971654596524836eebbefcedd6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d92ef8e4b8d61c4cd0317e244904fa5

    SHA1

    39385c5682877bc9eb0453672762a62443355af5

    SHA256

    6b3f2ec77ba168cf8b103944cace4fbcbc84ed7d70f0d7a5619b5cffff3e643a

    SHA512

    b9cfde2728a803703ee6103066da3aadbca91e4836252580c6ed15f41b0e89e51af318ee42523a50109fe62c785abac0cdebb041c11d4231af7f90de982bb5df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9346f447e0ca1bd8e4462d1d1c1d232

    SHA1

    284930df7f36335900a17c3f95f0dc6e0a919d2d

    SHA256

    aab9e88e0cdd6b4bf777f9b3503de72d42c857922956488e5da3f5efd7ea73f7

    SHA512

    6ac19f23c22fa1ff6b03827ab5e570f353e2d0556b9541381889e60e1b01fc144d85b9ba60f5a9240eb43844498456fcdd0aca7c68f978c0e2d0ec8bead7cd07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a53196acee8bbbc3b7c4bdab6726592

    SHA1

    7c99f2c27da19a37e292d0be8899918d8d9b5ea3

    SHA256

    a5d28ee998fcd55f77f17534df35ab5426fcfe051999fd158fd4a9dd6e5fedae

    SHA512

    77a3e3003a3c8aa5c0e566513d9f1624f6fb75ff67d16c0ba2df703b8d5f0f7eed9afdb165f9c5de20c879cc78bebd88dcbd67248d0ac67f0baf0041da8474b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2627c19720b5ebe9d8ab167f7ca22617

    SHA1

    51535ef1afe7d3978b9244d346a7411cfaee8b81

    SHA256

    f4a99753a1bff4ab1b39a7f520c28f2769340b2061c09023daf60eb2ef794afb

    SHA512

    7e88be1e86c468473483b957a48bcd052150a3d4fd2f8ed6dbfe3e754942a8e2996a20ae228c6e4fff83c59b774a6a01aa5426d76c07fe0c608ecfa48dd27497

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abb51170019042908f745cc5dc1fde92

    SHA1

    9a05f4d332cdd6bfb75e8ae24e5563449301e685

    SHA256

    5b76d049b87943dc61aab3544f1c139fcb4f24d032bfed2b8d0b9e12fc7878f7

    SHA512

    e7a4c8d75da374575d87c47c0d417bba3d324629863494cc9e9f04b5b938c6cd982c45b6fba9f5fa730c935e57ba97d585f6d39f4abea6612767497dc54a4250

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    652d0caa7aadcfc49d9d02136ac4a03c

    SHA1

    6cf7887bc3074fcb62be1b01137ada0523d71ba0

    SHA256

    7539cd5fe7d1f604e085a637955829e6038020fc2d46cfbfeb4253fd073464fe

    SHA512

    e503663a061417d550b390c6163b2d843dcf99245137c88d402a7c9be30fbbcb97464d8b277d49145998f7ba088324460e2919999f58867e873068d9b3e2f036

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    730a97f2278f4e1e457dd0b2f14c5331

    SHA1

    0968c95aeebbd57ae4cf5f80f8fadb04f5749229

    SHA256

    ccfa2f284e974931179c7aad07ba6f8d689a84e8b946059c8897e5a498b48074

    SHA512

    861ad702a9e2a4b5bedf394e2d98cabaf87b34f53afad92cd851aa14132cf32a43ee805417b6cfe0fc4dd01dc0e002597932a64063f4fade939651572c69af42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8da9b652de7e66a877d75a1cd0d3c13

    SHA1

    b2653e0ad9bb3787cfc4111aaa176f37633bdb7d

    SHA256

    db2b73eb1ea3ec8a807229c2cfe954f3df6bbd0ef30b7405d732e48edeef0916

    SHA512

    58ee698345b848ea0b10385a4ac2829ce5ecca02d8169128af781c66030e4a299931e05c8e4ec92aa17b4b10c88b7c69d914b2307cca362569d14d5cf75c62e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40c21eef8ded9e42b2d8186a0539cc21

    SHA1

    5eba6cac5f826f4f477f6c78eaf2ba0c5b84ba94

    SHA256

    68548985f6080774a61ecd422cce70e38ca2fc78bd5e4a983977942aafbadd5f

    SHA512

    2611c89676f7f92b21ac52c8ed2bb10f6b161da88a7c52a258a7d0beec6accf3aaadea96a4b70dd15d3b3df1a806dd0db248eb3ebe3ffb63b9c301b3814fa4da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c552264b60d24621fe1365057f070a11

    SHA1

    5b30a90e754e354f9857cbadf0a0fc8a9383da50

    SHA256

    cd7d21d0f5659b37ed6bbc250c08a45d089939c8b4fe93d00597ceaf6292e473

    SHA512

    6c4cc07c03e6e152092c4be0dc8245aaa34c2d1b522f8b2ad3303ba85207d41e847d5df57751724268b3b8a4db7182a718f893a51f5ec3dd719df4b8b7344af3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35d1dee1a272ad70fde7e0bac34d59e4

    SHA1

    f5f01b71450fafc655cc111770573154a31cea66

    SHA256

    831848f5a65a0a13598398798c9fc432281fd66dd29a405e4715ae4ed14d08b1

    SHA512

    88d3bd425beaf05e4251f11a4cf56e982f9ff8849b2240938f88f3d2ed6b24c6aa0c57f077b8ce3d46c32c917c907f03ab436caab64fbfeb5150c85825bfaf9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac79b589a976e8d6ce9a3fa6a454af33

    SHA1

    1933899d6a0d8de4de8f75e97bfabde86636f181

    SHA256

    9d3a0cea55c06969ae2d413b16b9cbef1ec736ff9778f26496b5148702df541f

    SHA512

    7f23cf20e9a7d56d3cd1e6ac502d03e448c3fc7dcb6b862410197e15fc011960eeaafced4e29f388bf2e259c2256af16abf275f0cbaf357ae14725d3c845a782

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93500e3a63eb345996efd01331633cc0

    SHA1

    d3e58a93011c2d113f4b5a0490820707ea6783a4

    SHA256

    2310be759d39d7ecd90fa1c6cbf552bfb2b1d726e34646e8c6b2f7dd9fe7815a

    SHA512

    d61322e994d39dc6c80ba57d1264c1c47841e16cd314f1a9659f791378e2c70bfc63240ffcb11038439ee9198743159dedba59a485e019cbe7fe80e8dff52808

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ee66899bee24cb371f12a320873eed5

    SHA1

    d287a95ebec3e7f3d28d32158c7ccd5e5b7a0f7e

    SHA256

    f581481dedb16b156b2228980248af25b128354a31ac41665395078d8645f5f1

    SHA512

    c3b60ae68e1ab79a8f52310f416c4dd169bfcbfc28e2b577b454fd74504e891d9c4642e064b9801ac5d9f9fb74475d4ea766301286b256ea2d5c8819de1a5f73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2070b992a603a0fdd86e498d321336a2

    SHA1

    26a0fe5ec8dd2f2c21966030bae5051478f96e98

    SHA256

    e6a2080747dfd93f55fe23c9c8c80d2a7cf00b610cdb73e74289dc757be1be8a

    SHA512

    a16ab09a209745fde703874a2bfea4c8622120a04b79c943f8059055f172992f8cbb72301b29efa8e5631c1eeee0a2059bc7f606959262f30e6d6db17350b986

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83033876ae78fa07225fcb03a9ead0da

    SHA1

    dde0ce0cbca062c0d8d6591242d6200cd2ef5346

    SHA256

    9bbe8329532048b60384306aee6ff360976581aea474c2dee42356e7c7f9a939

    SHA512

    51ffea8ae953cb024bf1eb85e4725fc6707f47fdb734659d892f891b0ed0a17cfb918086802589026f88619fa4a86f5320da66a368df29efb1f5ba444946017c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de55aac9ed2c55b11159b9728c031315

    SHA1

    39d25c8822324bc7b65d345b2648072d5a7c9ab5

    SHA256

    bc28bbde6625f12185bee9696fe7eb875e3b58dd46ce62db5f0117e33be6db81

    SHA512

    50591a757ec2419a9068131d218ee1733b10bbdc18ea95ba67bb20be5d3a5d04038d5269ed99e1044b964f5d791d334a87b190d2df38df9fdb75ad3ee336d7d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0de50905b751d5ee8cc643ae6aa687bb

    SHA1

    2b33ef4f10b1da972de3c6e1bc9baf8ec0f965f5

    SHA256

    e78eabcc45c735110362343983bc79e640a2d09212c1ff1f76de2350f7961182

    SHA512

    389e99cce85ee7522c6d66c04ba29461f31ad34f9bd52d2c462aace020e530ee23e6087be609d6949d72834f98158069c4682c75585116fbe50f16de75616c89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19e275eca77c98dd4ae343e40a0494cf

    SHA1

    a491cde9032e5d9a27832152b8d1378f867b42ca

    SHA256

    d07748ae4979f6d8952a609ce5a5f6ccea6d4193f4ab034100edad6169e1bb7e

    SHA512

    a6a75ee7e319e661d9d0d13cca766b5ad57d2a208037ae1ac0f0aa24b143f7f09eb00f1c33e0c5cb85d260b7759ca2edb66c68ac0be476c2ebb07552ce6d504c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3cd405b502641c3b557842b3ba70f382

    SHA1

    071b667bdc0a9de05ffbd74ff7b28f6c2ae9e971

    SHA256

    e4efd7f409dd5a3676e7e0c06a61ca8fff8879f7946b94b78ff95b62b735141d

    SHA512

    d96c1557e43c2568bcbf4102d72dd337860713dae0ca97819385c460d756124cb14b1148ee94937490bfa957d116b7fa33a1b36f09a7b506a812d8ac173e6baf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    189dcf32b47e652ba90b46ed9785fd2a

    SHA1

    ed777351c9e37a5b5e2af98dcc63f62078c103ef

    SHA256

    937b00cab000e760b00531a00fa20352c9fd2034b4911bdeeb00cd56e0219b92

    SHA512

    b5ce3fcf632c292123ca761724fce17dabc7fcd36603bdc69720813f2fbfc2e3b926dc765434c8bcff6aa3138d7fcad709d34dfe198bcd877132b6b440899294

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab536F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar54AB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1640-0-0x00000000001A0000-0x00000000001A2000-memory.dmp

    Filesize

    8KB

    Download