Overview

overview

8

Static

static

7

530850cb62...18.dll

windows7-x64

8

530850cb62...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    17-07-2024 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    530850cb621e89af1a084cfa10f7460b_JaffaCakes118.dll

  • Size

    224KB

  • MD5

    530850cb621e89af1a084cfa10f7460b

  • SHA1

    db95980c83669df95ca049be4c09b061004d359a

  • SHA256

    1a2ec310ec65184670344e1f00c9ccd64ed7e8030f3ad8ee7250a039589da9c2

  • SHA512

    c8c31a4756d1bc7af8ab721f194eb85ace02e7753a52e7ed7db516e12ef7d0ebb647ada1142103de446d383e6b1413f339b1a7a7081dce0f856636e49919c87f

  • SSDEEP

    6144:9cDbJf+58p3M55NfLbfhptwnffqXRgRjwxLTsMp:CD02VM55ZzvtwXqX4jw5

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\530850cb621e89af1a084cfa10f7460b_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\530850cb621e89af1a084cfa10f7460b_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2848
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2680
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2524
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2568
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1052

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      052f25b47052fbdec18dd06425324684

      SHA1

      3acc574be5b07a5b8ef39fab55ae256a1b242d4d

      SHA256

      2b113125672e8312dae8dc736c89ade51c5136135af4766dd5525d1baf6dcdc0

      SHA512

      cb27b0ce800eb5dd94d0bb63eb461903d9a2cbafd2e16f8b13a244fc1f1344c0672275e52f584743573de2df1f909bfc549097d3ce9677137c2d9581aef2acce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fe3dcb45bf6b7ca39d2911316f168433

      SHA1

      72445166a08380e24013519c937173dfa3a501fa

      SHA256

      8242460aa864e8da6f3a9c31d9963c8a6011570f72421e948681a0c139991bf2

      SHA512

      ef8b743e80ef7429cd95478467d3eb10cb1f88fa8e95051146eb9a4d4ffaf65ad9a7abd6e64e7b1149d5e11663dfd41315bd6a268c6b78b7b00fa947baf3b80d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      05c31767f01c28b50859c8e7ef31bb26

      SHA1

      ed65dd2782a58d1d784f1c5208a02610553d5868

      SHA256

      32dfdfc748117840bd29d52865ef815fa0f518d9e4470792d514341598b4ceb3

      SHA512

      2638d0dd620b180f3a2a08a62eab3f67d9957f3e4fc5a5d61c4bd1b7e6e9d22f5b5fd8d9bc07c2736d9e9e8950f9eb417a3c8532af4a31bff42601ca73d9b982

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      23782b976de43e25aa524ade79b1e5d9

      SHA1

      a61bc1bdfabfca2c43c64747ad6b03bcd98020b4

      SHA256

      507b4382e338032fe18ce2431ea2d15660585c67218cc98ebf78bd18fa13fea9

      SHA512

      c335faa2f680299eb839e7f7c0f1ed5b2ec830a97dc8cee30d5e50899423d20885c3354fc753193a0e53137eb187402060f759e679d9dab9c692ed8956937495

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a83457e3ab16205f288833ebd1654167

      SHA1

      51efce6543e4dda8b23da2648b154862f6a40cc2

      SHA256

      c7f627e9f7376f3242e7b63b80607c642e6a8ee64555f5f17d5f7f7ce446d6bf

      SHA512

      102a237497bbde4706dfb7b3d216bf8dafae7988c296a0473ad5e9b5d9af6694e603fcdf2d9be9cb5ac76c53e450dcc97bbf64dbac022c6c3516a1b6da87ce5f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      529334a6974d94fa0fe0b07d773b26a9

      SHA1

      87b1a9beded8f1c30860ec8f9bcfc80609f1b812

      SHA256

      c665ca8464aecce131f9bbf58ef6529c3a0e79e5be9cc69cc21e3f94d74549fa

      SHA512

      6dc092a191f50cc8b892d988683ec1c85e9939285e82b58c19b65924c210169b59297603994b2a00f4b36b2574a57da9611f93abffba5a7997e48a5804e265c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2ee6c5759151b95e84770dfd4ed01fcf

      SHA1

      e451b731c06ff7a26845a9b44004598c08c94363

      SHA256

      1ec0299601d203a30289da0c4d19af6c5eb52dc5c4818b08135c92ba65193fa9

      SHA512

      1f9ee1ec265d7f892e0ff1b82d215aa8cfe3324912f93b628461de328deb2593291da56aa0331d5001c1afa76d4e081e2ad26d10101b03059770384d2d893c98

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2a2c30b78b55f3c00f3d87e1a4e56be1

      SHA1

      15b3404a1e05ba95992e714eb17116a58eccffde

      SHA256

      2547ccfeb19f08ac798f824eced455c548f90b6721ac251ca14efd115f334159

      SHA512

      9f9679ae143b0b7a8af8afb270407ed714eadf66db7d53f90c5dd8620da3ac7415ce43b85d020bda2298a2f7a8ee3477a64f3a88b96f81a5fdffdbb149ca86ed

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d0d6cd686be112d43dc564fb4c86f719

      SHA1

      9fef04c30b04257e7279b9afa997ec7ddce2f5bb

      SHA256

      8ac4427a45225272350581683d55e372e795d13b15a6781448833b622abe9523

      SHA512

      be075c2e732982e8410c887b028c9652e29a1459ed140290df3685e20e4d4dbb145ec5ccd8c869449bc2f10e769ffd3e9308796d577d77cd6c9364eeda02a1cf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e39637597f421d6561e5dadcfbf6dfd4

      SHA1

      ceb74a2e51f92b20ed5b47296e85ebc3366a3e12

      SHA256

      4ecdf4d837b1de90ee8cde62d633b7f6c06565c5220bf7e33749cbba2d5244f3

      SHA512

      def9e03c20787a9884436a55546f535f00e6f0a879128c432f5845f6688e1664299f15004fefb5da11e0e0d14d05680673fa5c13e253a47ddda996f7b2f86825

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dd6f589fd5cab91f479c88e85f652329

      SHA1

      93b8c462e81ce83c06c0713b2117bb31bd434b0d

      SHA256

      96952b8d39501e8dc9584cac1c2373f024e3b47468999a63e112b8b4362131d5

      SHA512

      b7c351b46a39aecae75f3efc09eb1e7973dc094f47dbf4ab11babd095880f80e95ee7d467d9fe3f909147bcec6ec8e2ab58fd311da748f1528281b49f2386abd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      80521e26ee65e30a671aca7602d36874

      SHA1

      b22d211a6ecd50e299b14e97ff5728d0764690d7

      SHA256

      a243729f2a41fc298de42d18bb4bcefd144b74697fba6c23081cb041b93a2b2f

      SHA512

      fe840fd0779849a26a42afc217d03bd18d48ac5ac6c10809039182ca6a6e2e34dc8ddf9b989dbcfa634582af1771d061186e906c9af0fdca57b892861b9e12dd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cf1bcffd612efd041580e6b54f43d391

      SHA1

      d8bea088e43c1e5faccc892d7fe8077da1fdfd44

      SHA256

      a408240b2910b429be75688860eec2a0afa148656b6d29ba5ab04f444a4e9436

      SHA512

      be1279628890dcc8e3a8d80db3955383580b1f82f8e1d448ec9ace93db76089a4e1e6322e2497c147154731a9078694e8a6befd9ab3c8213026a287d27c94453

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dc8a979736f71b8caeea4733f6f5f203

      SHA1

      4b534c5966d7f158a80ba5b7da3d63b848bc2979

      SHA256

      029a2630c2a9062cc274c6de43fe30b811d1d8c1c2c9075f0ac007b64292006d

      SHA512

      7d8ea35f59c22d47e8182e0313b064cb0b5c544e03695c922a8b6f98da0c915b69f14c2e40eec73b2cf5b1d5dbc91e42dc77d18dad033ae8e840d7b4f0513e79

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fa39ea60b11a713d1a88a9a60036dccc

      SHA1

      2c968fad1fb17af6f66577ff5df517795235b21b

      SHA256

      c28bfee2db9d01b04c7220f7399b6ad02a07f8342cd71400b11e541274632983

      SHA512

      0b22a1c687c7b78b3f5cf5fe5d176c59b64a8a98eb24ec3e12f3fe945ee33e1a9a4283a93429b6820b7d620d61dcb8ea6c93d1f5661f9f6a4f5e1b760a8f1dc1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6016fe13ca65586357234362812c0216

      SHA1

      31c81531d121367ca2fd40162b07e97640e16d87

      SHA256

      161fc36bee963bc3d4b1a26ee84f67494d905fc069ccacf2a585c27f034245b2

      SHA512

      7816473388e8a1483c0cd2db371b25e3804b434b1c032349da8cb097061a64b1e707f8cd845783ba019d1a1cd24504da95b2148d93efe3a82d4a1040db3e56ca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      986d70fdf1b84b6fc7837235c6294342

      SHA1

      e1f3a5202a820d6e806d0da0fcb65b1a8cd1d3d4

      SHA256

      10b82444098230ec34882d284e83fb1617a3bf330cab52c2ed05d87897efd283

      SHA512

      45f17e996212ada7b069402fff5dc70b61187c7dcffc609298967ff2208b5aef95f8b1cff9277490174cbeae2360bcce05d201afff34a9ee4b17e5f6c7335e74

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      24198887a67aa744353b70af0f6c40ee

      SHA1

      8bbabd4982c6ba0e165247fbaa6e3cd4a39ed2db

      SHA256

      33bc253d097bde50cfdda59f1bd4b0f0ea0f845978fef5ccc665065f7aba65e4

      SHA512

      e897e0f1a01ebd98cb3bae7416c057b55b5d20b1ef3a9cd94a304b651637999dbb191f962f320cc3333f19a9b112a1333c99ad9bf5563294da81b70cc97acfec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      45f4d6fbbfa76b45b0e4b49d9b45d4f7

      SHA1

      9305eeb55a49ff77c25b4597422478024291d1b4

      SHA256

      2400665065a1cb422682418516d363822a42c7b739f12e3d6bdee53d1a0660bc

      SHA512

      0d0984099ef0214297272cd91634de9111cf8409289a1c51d2bbb0f9b3df410530af33a84f8b77cd3ed6b9d41f3637511683819f010c3f87db4ed6eeb8cfe586

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      84efccb631318eaa343ed5c7b73d438b

      SHA1

      f1884fea49ba86a954b98e7081fd88de9b099e18

      SHA256

      dd2bcd1ac7c968f47666a1046c640e0d7ae666932a9ad721a0453bf056032647

      SHA512

      4bb59d06f5ac14fa25dd1b7d18b452f3bfc926ed143eeee1dc3bbd3e64856809252ef39d2ae633eaa5638148f21a92df21a2cbbd080919da7529b93767e2b940

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabE582.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarE5E2.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2524-10-0x0000000002B90000-0x0000000002BE5000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2524-13-0x0000000002B90000-0x0000000002BE5000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2524-11-0x0000000002B90000-0x0000000002BE5000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2680-7-0x0000000000290000-0x00000000002E5000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2680-5-0x00000000001C0000-0x00000000001C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2680-8-0x0000000000670000-0x0000000000672000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2680-6-0x0000000000290000-0x00000000002E5000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2680-12-0x0000000000290000-0x00000000002E5000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2700-4-0x0000000003B00000-0x0000000003B10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2788-1-0x0000000000190000-0x00000000001A4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2788-0-0x0000000000400000-0x0000000000455000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2788-2-0x0000000000400000-0x0000000000455000-memory.dmp

      Filesize

      340KB

      Download