Overview

overview

8

Static

static

7

60a0aa3090...18.dll

windows7-x64

8

60a0aa3090...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 13:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60a0aa30906e8028a2d8052734778a16_JaffaCakes118.dll

  • Size

    143KB

  • MD5

    60a0aa30906e8028a2d8052734778a16

  • SHA1

    486ba13a91c9814805d420667030b2afa6fab64d

  • SHA256

    1183137f844303c82b16981a07f895402ae441e4a74783bc40504e25e77e48dc

  • SHA512

    402a58c22561335043ffed19e86ca5ee247623696bf09275e767851b29cbbee9d0244039cc21fe66e64a56efa1cfceaeb4dc37a3cb8fb39c79a95d8b03ce300e

  • SSDEEP

    3072:/m5VVsV3GkI9ODv8jTNvu/KcoqYaA1T2Skl+5z8xgsTi2LwE+VVlGNou1:/msV3GkIYsTNvSwaApfn5zfMi2L3yGoS

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\60a0aa30906e8028a2d8052734778a16_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1512
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\60a0aa30906e8028a2d8052734778a16_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2460
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2940
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2012
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:3024
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1232
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2132
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2844
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2440

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4482f728690b5baa5ca42daacf294855

      SHA1

      89021f96a698fc5e41bf33c26cbbbbf23ffc09ee

      SHA256

      98b15bf90cd2a6ddaf3612d8ff0178f2c0e6d4a36038c8ceaadae1586ca3ca22

      SHA512

      18126343c9c407e11108e7b7e0a59d17a42669ace1e77ebe65dc1756fc2e80093e2c1920c422b2a5409e00edeae4fd0c6a41f28569944d43d0e2081863774299

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      66b73afcb922af6faa724a514ae361f0

      SHA1

      ba6b6cfa02bcb96583dc1ece66fc021dc08b2b6b

      SHA256

      3db613436d7f7c1507154bf167339869a3ecdb5e53cb4517d9da4a0d5601829e

      SHA512

      fa1210b881d4027b6dde88f544b74a5292b132ceb3fe526cc296d74e7215203c2e5e09c454c6636121f36ef7205c6d2542292cd4c3a1853e3bac2dc38e0f3c2a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7acf02693f8093bc743a5211b2787f89

      SHA1

      bdb824e107abe59a441e6207a0e0efeea9a5f882

      SHA256

      dc30576fbe1206bb1a47e719f750bea38dbfc8e5362df8d7a6f471e5e2e69578

      SHA512

      04e775ed3b70db320e54fc188d72292a77e10d2ea956b277b93727366364cdda2f2929bfd33bf43dae0d0c99e388a1307829caf9a19bfb7a09e5c3549efbecc8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a76fb3b30c84b00b47b5bc02420fea54

      SHA1

      bf552b53583ff6cfc2e7c718d980a42111f4721c

      SHA256

      dd2ebe24a82bd5a7cbd637f47948430207494cdd2e45830ae4423b3d34ea9646

      SHA512

      80d54a5eb70ca10c725fbab07bbdabf26964fcf3bb4d9927345ef644429fcfca16c8ef19ba132c66ba6b083d131382a3a2f1c80bc0acfc308ebbed62ee280b17

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9abf22d46fd23145910af9b8852326da

      SHA1

      0813160dd192930e13ee8dddf6fbba86deef4c4d

      SHA256

      ce44e2b43b114ef7afacb15a40a98fe81595d3473fd444e76670079447a8d593

      SHA512

      312df1b0c50c229b09d49df17bfa43a02a013a7033817fda5b593477320fb24f72b41e7d81b3c09d81fe3f770be0aff8503afd9ef066f9388d86e6167e388d28

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9ea54fa007abf321721d203836446a7f

      SHA1

      9ebeb2f3128e328eb3516f4b65382b9d7f0afe22

      SHA256

      b2ee69b61cfec0c89070b60246d1915d48ab18c7a9b018ca3f5bdec3161009d2

      SHA512

      cab1332d0c2c6e9e95b0b688340268dc633a5faab0533018217557781a32bb5a5a68603b5f4f0fd117adf796986776f54ac19f3105775565cbedaef94355b37f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      43c81b154be30bdd61a362e93f8bb352

      SHA1

      3451e4e552282d0e2d44e95297120378831d868b

      SHA256

      cd4c21e27055e3fef107e9b4adcb5de45d7587f2ae23929c7ac92de035c72519

      SHA512

      8cd6e2a65c52147accec1645937a00d98d63e8356d4d4885db8d586c6ccd9c8ffe9ab518d233f225aae5dc249248180d37b81f9baf102633c758ed05d1270621

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7442cf59687ecf77b98650a744a16d40

      SHA1

      f3148da5c04c876000595e45705d4b4295629c4d

      SHA256

      038c72bf9eae1fa939d2bb03924c3ba74cd696b782d4d8ac03710a4ec69e1b8e

      SHA512

      11023eadde2e82a3503c4057624ee73987cd029c55c67f8e96fe3fd71c7b0e9b1a597134ca48db9849c252bd2bef571991aee86c2554c90e699826f16316c7b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      270552953ec18ab22975b73308a2cad0

      SHA1

      acd60f6141fad4b1655bacba57af12ffee4b6c13

      SHA256

      206e1a751e2e535c36e35b49f744a0523fe51aa112eb0b32b66ac567214892ec

      SHA512

      2e961fe769e01ede245856b794c8bc3a232928f5c680c930614dfcb591bb3a08e1f64d6ef47b88eb4b66374ac224645b0bd7ce16e09863b55951015f0697fe92

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2e00b955a2de9c1b87ac62a6b87c5d15

      SHA1

      a38800bd723a40507c62c3ebdaae8e32eb570448

      SHA256

      f26ab82b853e62eb0f8dca5eda0df9aa6db199bf5b661eb5ce1186ba41545f8a

      SHA512

      de4fe793f8fcc33abfc8fdf973cf6b75ffc388ce67b23baec1eaa735ca11d04b25cb50fce52fbdf14b29621ab406c8020ada78a946d36962f97b5fe1e5300373

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      40b8c056965e26b4f3a23022e7d63d72

      SHA1

      3ffc1c381e096cc3427866b0a51d9b708ce998dc

      SHA256

      6d471f7e868391b00af9673034989004c00afb58703c2a93749df699ca622f36

      SHA512

      9ce7afebcec1753717a3432ff34787dcf687eab111b73d74d7dd99f84fd16b916ffec1f32619752e1ac4d951ce0e48bed349d9323b1fd0109461970b539f42c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d45f43aeb4f60e2f730b42adc654f0f

      SHA1

      b53924e3ad0ce7fdbde0ccc14904898e042f4d91

      SHA256

      f8a0965733eeb7fd737672e0474ae2f3a5280c375ece60c55d5e47e44bfb457c

      SHA512

      e1a80ed076e660b087e709bca4ee145296ea1bf28bd367703740a3a7e3e3463a53c6eb8de17bd3fa3d70be1b5b2dba03861301ee65e8031af43480c309f81606

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bf781a0aa3330dce973f9536e20cc9e6

      SHA1

      2f5900175c1b30b87afdd45a9ebbfed7855e27ea

      SHA256

      b4b3e17e8f3306a7708e4d7dfa57c6357150e848a850c6a361564b083537ce20

      SHA512

      c2a78bbd408671ea38f5956599a61f234489e8f6a7d720f296c9a4cf8acadf5ed3f75dcac048990f315d8e481e244b5777090dd38ee184ce721f3c62c9fe3c7a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      182e78381e1b6e8c5e8e13bc2322fdaa

      SHA1

      2bfa93faf7efd14d90c225befc30ed6362532580

      SHA256

      e93cdc5ef199bea208a55a0ce8ced1d2fde0405cd9b6fc5a5d41f25f1af6d2ff

      SHA512

      64a88864a4306e448a7d7d94701067a033191606a91398d734766545d1eaca1040ce7d6d0df41e1a7369c2c9fe2075a96c6dcd0d28c9ac25e9434ec08d647f31

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e844fdb66ace2d9c5cef7bee82c03f58

      SHA1

      23dc824f542fa055f5a1c55c97364269d63ab128

      SHA256

      0b03537fa535cb20881cfb78f21c29c86ddf751df460e7d9ca48edb476f1ffbb

      SHA512

      02c6213fc395ebfa278d4fd32e163784a9f3d448b404451ef9b7cb5210ded2365d50e9ee7dd4c0441881706f0ca12c46c4c1becba94397f9631429a0d52c2a4d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9b8ec4f30b8822c0b72357f2c321b1a9

      SHA1

      af3436a32745b39c34d30d0c334edfd0f4e5beed

      SHA256

      a32b62c8c994307b9facacbbba397420628dbdbdb4fc2707836cc2ab8685095e

      SHA512

      33c687b7665b0e3b9fe087bce76597737bc7a7e64717715dff9f5e7b2d9d880cf5b618f8daa3164eef44119f3ec82b12fd1a4ba88bf62ef11e3e0264c5134ad7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4fa9cf4ddc91f746f1f7fdc701e24d6d

      SHA1

      c72cf1e5660010c2728eeb20fa3e058dabf467e5

      SHA256

      3b567fd2ef43025c8fb328a1005f0d212a664c9643091310e882219ac7aa2b77

      SHA512

      8f3cbeabd27670835fb0eda9f2aa6509edb072a778994c0520f805f117375702d43ebc5ff723ef9abc04ae079da109f68bb56e393818bffe5422b79a95a07172

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d69f1544b8bf2620f719ebc622f8835e

      SHA1

      5f17fdf05a9fae9cfab40cb690e7d0c3bf26c226

      SHA256

      53133e1952e860e8baf7944ef2f2f6d292b28b881386e6489d3c8752b90cb5fa

      SHA512

      6b7b998fa478d2d2b1ccf8773233dd3becbf021636d924bfe7e43e52bde37437e7ea09a795dc7853b1a7eb7dee40624273b656baa1e34153ca0e6576fd75425a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab650C.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar657D.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1232-5-0x0000000003D90000-0x0000000003DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2012-13-0x0000000001ED0000-0x0000000001F33000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2012-12-0x0000000000210000-0x0000000000212000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2012-8-0x0000000001ED0000-0x0000000001F33000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2012-7-0x0000000001ED0000-0x0000000001F33000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2012-6-0x00000000001B0000-0x00000000001B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2460-3-0x0000000000320000-0x0000000000383000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2460-2-0x0000000000140000-0x0000000000154000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2460-1-0x0000000000320000-0x0000000000383000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2460-0-0x0000000000320000-0x0000000000383000-memory.dmp

      Filesize

      396KB

      Download

    • memory/3024-14-0x0000000000790000-0x00000000007F3000-memory.dmp

      Filesize

      396KB

      Download

    • memory/3024-10-0x0000000000790000-0x00000000007F3000-memory.dmp

      Filesize

      396KB

      Download

    • memory/3024-11-0x0000000000790000-0x00000000007F3000-memory.dmp

      Filesize

      396KB

      Download