Overview

overview

8

Static

static

7

4e181a0297...18.dll

windows7-x64

8

4e181a0297...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    16-07-2024 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e181a029753852087ccfcef6ec398bf_JaffaCakes118.dll

  • Size

    216KB

  • MD5

    4e181a029753852087ccfcef6ec398bf

  • SHA1

    99aa1c4adf27b4acf390fe0e09b6747905022cde

  • SHA256

    c00ccb8652171093889ac6d6391e8fa962980e53d6b863e0667f8001e8a9fa04

  • SHA512

    937b8275da10aacdbec2d2564740e7858feca66f829b178939d9e82bd602b7409066890cbe470d2cdafb727a9fae1f5b2a061f3f96648b34603f729c31950e46

  • SSDEEP

    6144:qDOr7lSFcI4mmRTKkkiDHJYMcMk7Y6vVWWFYrAW1z8b+SzmnT:hPrmETnk6pYMw77oWqAqg8nT

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e181a029753852087ccfcef6ec398bf_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e181a029753852087ccfcef6ec398bf_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2508
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:348
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2608
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1620
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2316
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3028
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2544

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0f22840661e497be66abf071b697ae99

      SHA1

      f433fbc68e0a57de92271c0342447ec0fd9ea0c5

      SHA256

      639bf3824a87c9ecd02667aca3ad1dd372924178622eda95fc5d5fbe25997d0a

      SHA512

      be3f0e13ef7b1b296246d1cfff720b021c4967f369beb53650ba2bcca0fe78b202a9594b3f71c2f02b0b9cc87177375fce4d88f4660cfdf69b3db28943438877

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2971e8740b21d249e5fdb587adb1382

      SHA1

      a83711c2eade1310acd576bb6eae743974b9142e

      SHA256

      15781832a914e731aeca7c10e4506fb9fcfd91b69080673d9a8d632ca4df8eff

      SHA512

      d623e7971587f98dfb527bacf1672253822dd69e02488054777e216dfd82845a3de6f601fc47a08031d7bca42b92e0822cce40e40f3008526e65587aa64cc4e1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d6f04e3cbc8ee55c6304588646a421ae

      SHA1

      b0ce051934c36b23e024b081c34ec1e11f43bb70

      SHA256

      a3d42fe740631406c0a4aa7f4def174487652a9984e63370965cd1ac78269bf6

      SHA512

      822ad84cd5a09af245df84fc851d8edf191ab87188e3c12af9e5cc79f3ba7954305c8b09ec8c08bf0c098e698fe9e95b412149cc1fb731811d87b86341471e94

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      78f90388c5a9219bc398f1abce033bbb

      SHA1

      fa22b369281c70513ce37556e96fb1afe43451c5

      SHA256

      862779d8464c0193b466a0672c8b405ac950a96e405d0aacd7e15334904cf723

      SHA512

      87a28fc00b2306aa6b897b6b3f20f26373e69618ef7d280527ccb76bcb01afdf8543435c85cca8c87c740ae24604765fd4cf8454902ef300d542b99f75286aa5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      58689df2d4eeabae265a473c945994f6

      SHA1

      bbac35809d6b60fac4e2eb7498c9a94ab8ab95ea

      SHA256

      f7e09d9a58477f3b1b4fca0f65bb05081043bcf4df74e63dd54fe9056f265f52

      SHA512

      25de8f1662967a81cb49ec9c9aaa82e084c088ab3acfb723e712e0f6cc884e3e388f4841b66d5b65fc8d99b325a646d0e0bb2928075c9ca79073810d6516c56c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7386304ae67c2308a981bfc3c153303d

      SHA1

      27acc552e7c02d18b424f0a815f76a533d783584

      SHA256

      9393d889c45fe2f167ce3e8174ce899126980327c519203d23ee44cdd9ea134e

      SHA512

      3e12f3226d4f01dfc7d70d8ccabd4fa64d8f0d4283306a190291f40c74ec3445f81cf8ca1b47c54ba9c1ffe9f112c4482626d5b1388b9126c2e031f924127544

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0e20679120aefc58388e8976ea684e61

      SHA1

      35729f538504bef3681a5c278e16d79d436e68ea

      SHA256

      4a663dfc4b7d96bd483b672ceaa86215d4f4c497eee8b63becd83b687e653d55

      SHA512

      f3409f8633804ad3b4234b0c5040e9ee9d7cfb833972be8f803f1914e62866ccd6c44cbbb8edbe139f2cb22a8bfc87b1a10c82a0ac6df234aad12c07c738437e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      83e6d33dd18c34d60752dd60892b7bae

      SHA1

      24e3a752e229c3e93b1aa8b810f359f4d4150996

      SHA256

      54319844bf4898a3322b5360e9c298fbbfc907f143ae8d78fd3411ad6762cad7

      SHA512

      5fb897755724daf45616f2942462f913551eec6cb39a7879ccc53ae1c017d684e62a60ccd52b27b97ed2569e4bf77bc481aa8b183103ed5094fd2885ace2513c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d3ac2c6a7599d1bfd23bc5f041fc9753

      SHA1

      79d26bd69aab30c286d9c88d8dfdf325c9419142

      SHA256

      bf54024e1638336dc5536c494a28f59615fb818c527d3c8fecc7d3ce1442461e

      SHA512

      5099bf5eca2cdcf947ceed7969669f402fcf85ebd65e53a071fbe6527ee45dd2a15dbc594c3cdc053f7555ba5a971eb61ae8f00256d2e1b2b80ea5f3103545fb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      57c21af0d0df7f8015c3ca91007c4a1b

      SHA1

      c500394c73cc86f045fad7f28ed1c6cbb5e17126

      SHA256

      93a07997820f4404ad7fb97a1eeb538db52d028d643e315ba9ca5358f15b8fe8

      SHA512

      9e7c4bd3fc712c1368e552d1d8635d0d0538e947d4a0fd51c848d1f820bbc45dd05644119bd545cf3cfe9b89855dc20bbf0dd0c3e15bf3edc0c19534ec9f2ee6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7dd6b815491a9fefb75ddb5840046c92

      SHA1

      53c6466b7e45980296d2abb4c89edc41a01a2ad5

      SHA256

      fc48a32dc29aeb6b55b0fd40ca52ff9ed15327dac5dc5a86578162ebb2cc82cf

      SHA512

      718232ca43337055bbd159da9d3faf1edd0fef56d49b05c4c09f7cd2ba6eb3eded0eb1ced0ecf29858615c09bd3b3b8e2210d7ab95726a78e81b30896798011c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      edf3597e085c59649892a5faacba4e91

      SHA1

      5a43ed436ac1102a94e9f203701b8474e355a58f

      SHA256

      2758ef7c193bc5d06b60d6cc285635b12b1ce9c263cdb7f083948d49903c9983

      SHA512

      0207e0cc9f80e6b379795b78358406c21834e12c79a9b6bbaf7d4b1b8703f5a70209ead470bbce2d25f6da3797aeef776b627bcd85068f27515cffd73c9f7c18

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1e9208a395623705ce63ba6a503e6fb6

      SHA1

      90545d6cec765e4b029ef165ea364cc3f5ebc2b0

      SHA256

      3e48a5d38cb27228fe3436a28931094505c06d8e88fdbe084c2c0c9fe001caab

      SHA512

      787a0c254edd5e2f0b34acd7e83cbf6cf5914101ba136e47c01831acdb7ed3c2d4510c45843bb15e91eb554fb25fe14b17fc8c6725e7b9c9ae62bf1e13ef65b8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      064c85904889aa237e9dc9d83b38445d

      SHA1

      6ac4fe592d27a08993eeca44faa83fcbeb2ad3ad

      SHA256

      760fe2643790bf6d035414c525be5d433062f525198d56bc5fb71948b40a25e5

      SHA512

      b3edf94c2ff030da0db121c3067b1bc5560d60a74b3cb9ea27459e377cfe52281f6399a3782ad9fc9017e5536a8120ccefa30d310ccb9a0089b40bc1bf32afe0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      81994f303eac80342622e56d364ccd17

      SHA1

      ac7b56544b3282b00d169201fe02ff43d18a3848

      SHA256

      e1242ebfaaeaf95fe478b02463e1711778ff45a8a0460f4a493d08031bf77c3a

      SHA512

      737ca5098da183895f2587d3b87098eea14d8a5fed7259b0461a10cb7c2272bf0dcaad7b378f922f5512b0e6777f9187e9c44a568c5851a6d7534cab9fb7c98e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6d31614633ae912ef7f4f4b815278051

      SHA1

      65df8cb48d5f759f70f700cd05afb96c89798f66

      SHA256

      1acc588dc2754c83dfc3082ec457ca4cd3a94b594f7a9fbcfbcbb7f66d89b884

      SHA512

      9afab9723fc01aa3750a1e27d31e954a119782d24939cc8754f8738256759dea2b7dd8e53234317a364104c1efa23bb7d9e5299bf6827f0732783ceb0c21a630

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      19df9df0191b901732785fa8f1400451

      SHA1

      b85a03a1348840396e80aec2ed797e54a4004f47

      SHA256

      02cdcadb37f2083254af0fb04bf9558f836deb2bc1dca6039aaa3b195b9a160a

      SHA512

      9c7735c53b7b160139708799a73c8e2553fed08ea7a92f7e86c47a8a3f0dbcb130dfeddf20f2b13b2ff40870c002c03c260a752c71fe4a527daf4da7cb6630bd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab6664.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar66C5.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/348-8-0x0000000000330000-0x0000000000387000-memory.dmp

      Filesize

      348KB

      Download

    • memory/348-12-0x0000000000A20000-0x0000000000A22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/348-7-0x0000000000200000-0x0000000000201000-memory.dmp

      Filesize

      4KB

      Download

    • memory/348-14-0x0000000000330000-0x0000000000387000-memory.dmp

      Filesize

      348KB

      Download

    • memory/348-9-0x0000000000330000-0x0000000000387000-memory.dmp

      Filesize

      348KB

      Download

    • memory/1620-6-0x0000000003B00000-0x0000000003B10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2168-2-0x00000000005A0000-0x00000000005F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2168-1-0x00000000005A0000-0x00000000005F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2168-3-0x00000000001A0000-0x00000000001B4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2168-0-0x00000000005A0000-0x00000000005F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2168-4-0x00000000005A0000-0x00000000005F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2608-11-0x00000000007E0000-0x0000000000837000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2608-15-0x00000000007E0000-0x0000000000837000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2608-13-0x00000000007E0000-0x0000000000837000-memory.dmp

      Filesize

      348KB

      Download