Overview

overview

8

Static

static

7

644afc029b...18.dll

windows7-x64

8

644afc029b...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22-07-2024 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    644afc029b04160bbb3a998595c2b970_JaffaCakes118.dll

  • Size

    199KB

  • MD5

    644afc029b04160bbb3a998595c2b970

  • SHA1

    a3d53a4ae75304118ec44d379a3a5e7896c0e2a4

  • SHA256

    1f605cae44fca207e2f3192b28a3545d64b9541cb22a8d376284e45d8a42f324

  • SHA512

    0cc791022bd42ed9322e6af48a99a40295c2ee6160c5b93f1f9a07f591977c6af856a516f7e041d2da5fa97c8351fc79fab3eb03e9c3dde63410e7f1b2551010

  • SSDEEP

    3072:KRBKSEX6vbnHbZRN6O0y6T/dd0Xukd8zIsXUp7KKwgdDRhPAJ+h4RsJxKPpAiYM:oKtqvbnHbZRALguk8I7KOf8RsqxA

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\644afc029b04160bbb3a998595c2b970_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\644afc029b04160bbb3a998595c2b970_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:1792
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2096
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2316
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1108
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2828
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2868

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      066b81cfe3070cdc211c9f6c59b4eb0c

      SHA1

      bb644900a2b759fc6ceaf05346b5c44144618c9f

      SHA256

      8953bd7d5c543a498f12f1a85b3161b564797e2ba4d6870dd9378868e2aa7502

      SHA512

      a2b3499c2962bf34a288c1389a13ba6687fddfb767344dfb5fb68feb326b1cf7c3f42140dfa262b7927a0a9b33b046dbf5060379cd29aa19d16a059e78624b57

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      1ea321eb2115682430b54381f1e29d56

      SHA1

      2ddb3991b1a125e76e5a9728a74b32c73bf85a5b

      SHA256

      d7affbb94528049f0736593cd877f9372918938355a93f8508d4a65f7b459ff3

      SHA512

      284d16ad01fd96c7886e219990c56a98cdab20b5548886f030d38637ef04cbc1b6af3a4202e31b739f6b6333f00cdb91e672a164ddda9efa6927ce9e1ead12cf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      fc9e4678e4acf268c16b3a62c46a5aa0

      SHA1

      98119fb66fadcb4bb70bfcd5c4962b2421f0ad36

      SHA256

      4db07d025ad096c10f0623606c3b53b91fd68b15d66a3cd71b36831bce832ea3

      SHA512

      73f736a3a2b3fbedc84e60c72cc1bc9a550d48cf7a73085eadbe8063411c565fde9d390879f4f2528a7a2bde4359f2dcc37db22cb2ad1ebf26e48731bb56d54e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      d2cea50091b1b75094d70ab88c9d8b4d

      SHA1

      5ddfd677b93d71cc3c0575247de08dea4110dc81

      SHA256

      521b601e19708f9d943107b0c957bdf2ad3756e19750ec219759e4b4c05d0b8e

      SHA512

      9d3baec676e511662c2b8fa158bbdcadc4a69847d3c7df558bce5d757473e22b29229062fefc5ef35f31de69a2816c768f8f9446c47f7b737535aff33c0874ca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      f93745ae3c27cc560fd4f0734289cf64

      SHA1

      a2782b6350890039ffd07bf339da7045ecc64cf5

      SHA256

      75fb9426f61e8f757340372bed1f172a2915eced1933c962b0bfe35b62e46fe8

      SHA512

      e92515fbe0b244d82b9d0a200aa5352c408f77ff330f5ea18468bb7c3daba00f0afe17b352d7737f5e077cebf8c1ccef9a936022744ec7356a929876a6322969

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      166bcfa174a0bd49c4fa7b2690ce1f16

      SHA1

      3a8a4d64a3a4f3525526b37530e0763d102af08b

      SHA256

      89dfb8d64d0d86e94172066229d35bdf52b44d85dd3fbe9ec21617b0c437e958

      SHA512

      0a73f3d484deaf0e2c7ed18e8e65941459fa0a5f4ae24989ccdf51166a3e9efce8311e22d92e651526669610d1cf238527863b263fc94ffec92359be4eaa0a1e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      67f496c9752d770c3cafbeb7415e86fc

      SHA1

      87966df8aca9f8675b63304788b1e9672789b5f9

      SHA256

      cbdaf6f3c3a4a44c83c4a58759b66f2f0deee3ea682940e6c5a64e6446f5735f

      SHA512

      a8201f76738560ab8a96fad5b7067351aa4e3e26a670b9a2d901f5c080189fe9785082cccb61e5a73caf6fd2579d5ac860cda0721f1e504303c2c213919bab1d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      ab2534558118b5b8c7c9bf512ee8b660

      SHA1

      9708fcbe821d690f6bb702bd8cb261082bc114e8

      SHA256

      cba492b20a58fa3b7c9b44a4fcdc07eb99cf02fa0eb24f65e3794733da340fbf

      SHA512

      ee5d503b9e3491909d1470683b905116282f275ef3145ab1e4cc4c0db520900624a43adf1045978391475a289890d5ea11cb5481576d3c358c7bf35c69ed0b97

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      f41151595a1ec2721bd4998043ee65c5

      SHA1

      b1fefb02b82c4a71210c35209844e3a531f44ce9

      SHA256

      6d1261b042c4f0ed8f1b5f360bbec8a8e0a30d065ec5e5389ae7d6ac3affa6a6

      SHA512

      8fa8b63d7a9768d9e813856cc193773fb7a6141fed380336c6fc15bb21ad85b008ca5e709039acd6610beac3f683654b614bc026f8ea68ef2934009d55a46cff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      a2384c6452617215661a21fede31d1bf

      SHA1

      bb8e82d1d423a09c192ae200ec31eb7887c0d93c

      SHA256

      a3f11e55f194f70a515b2e1f41ddd790b352fb1df0cba731e49612f1e0a2e34c

      SHA512

      849c0154c787dc92c38cd9ac36fc052ff715c021cf4898cb374e64b0cc751e4f86ea6ded06a57cf9276f3a5af1fa48e0477b79ec6d49b117df8f22247dbd64c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      95f7c721c2d54ebea7a77818082f915a

      SHA1

      d2a3297fded203b4f867666e77c1f4376ba1972f

      SHA256

      fccd591eb525aea60500bc3ea33a6b92075243c7329448b9e334a038eb88dc69

      SHA512

      d42ed03a3de35793f3dc4c84f4d1a798dcf4985dcffe54a1390a6307c789986a992c269cd460c21457ebb1a0b88a53d4c718b0cf0933cc6872fc14feb2213ec4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      9a6f81a81a9cabaec87ba9704524e962

      SHA1

      7ed315ff60948032e74dd41ab2af13d49c86069d

      SHA256

      ac8464f6318216897c40e7750e52859005cc216e60698f1d1bebe693c21496dc

      SHA512

      a4a3927b1269c3f5a7fe4c4607ad8367ab5cf91809411e3878f4d1b09510b2f9afbd287e8e72ee3ffb7bf7c587dd780845708092f36c9b73efd0394cf7e7317a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      91be5d1849eb702f073b686678509cac

      SHA1

      7200e7a8bb7fd8ec12e8094fb2d333c5552e8d0e

      SHA256

      8db3ebfb73f9b114e1fa4eca7f0e2240bfc9929230af69fa76dbec7c649e8186

      SHA512

      b5a78af7384bec4687595f36c1da6249ddd60223555fd9d38b79505900700a3249e8ed961061674f8b9c0f9217cd5f8f600cbc6f184f576828ebb68b0976736e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      204beff20d7a082fe6bdc926d9a634bd

      SHA1

      aed0988de705f657c1ef84e580175fdf8428b3f6

      SHA256

      3c2debea2e1812fdcaa27793304bcbeb305239d97be1544a39bad89308d4125f

      SHA512

      3c68a3c844a85958416db8caccf89fdbec452b9921f3352c519142c5c09975244f4e0599d9f455cb58d68fba722e768fd91c5e62f402a9a2a4ef7295e88fcfa2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      7612f5ca9801ff56df4b1ced949d447d

      SHA1

      15add367f9007236161bd9a90f8e146549422074

      SHA256

      0822fb91cf3f6957e949d6f6dc893c83234bad3db0eb8e707efeb701c0b23c90

      SHA512

      e75e5699cfa9e7213e4786ecf30129e197e6141f78d87fecece5d07e4a4abbe83ddfea0ea46200824881035120998dce9b8ce376af2d6de89eab28b0300b47d7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      727cea91c0a998cac81cbe95286f9b47

      SHA1

      07c46649a3bed5c3da8ed137cbb4c5771869e97f

      SHA256

      6e19b670066f3b9df49694572a383836e4ae83d2b7dbf1ecf6138ce703dac5aa

      SHA512

      6b97c3e480be2711ce14398d22b41baacf9a938676ec041064aee37fcb37ffa36f1ff341c7261899a072f2183174931ddb0b489c9b9e2f23fe8828cfdbbe2ec6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      a919020a26acbfe42f3ceaa51d59b029

      SHA1

      b6148c3a6a7500caee941f211bbbd832866a7a49

      SHA256

      b9f7630b512d137c3252511465120db58a6e53f1fc83752246375b25010497b9

      SHA512

      9ea1c725efb2e627c0bfb7336a710ce32c2954c57fc6d8068f7386a1b5e32ad4b4bf3fc4cecea721fb8cf614136f733b0d8e9c6e1f6053026c454d1c8f981489

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      d2a5df3094ea6e03ea55650873b72fd1

      SHA1

      8984823ee688a5d0e3ea41952016e5a87ee0fd89

      SHA256

      4572e5dd8184051ad3767d054c5be064f96cd76a0524801dd752b23d8292f6b1

      SHA512

      9d7b4642a511bab756a87679035974dc555a7f27edbc518b587cceb046238470d09802160a0ae03b162efa6ea567647118d7acfdf766efeeb0fc8315f4ba15f2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      45aea0fe96d9eed521c91fe254dfda38

      SHA1

      52f1b2628a33c9d4997b3e0f7c58fb8ada4705d1

      SHA256

      284405dcc4e982493350471db896af5a082eb3f8ee67c50f8a458e93fe47b765

      SHA512

      e76f5de14bdf3cec814392cab92b64a43688139c56efed4fca1e1772a5a2389a3f8f337fd4bd5dfe29681f5e072a17e36197716898efee0016d493fb716611b7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      b2dc94db417074616c501649f78d2a36

      SHA1

      ea5d71a31c64afd4c9a782c395bee9ffc8c0f6e6

      SHA256

      3d986a129ee5181a592fdcd421e72b9cc96991e0bd5d09da98bf24d9ecb803bd

      SHA512

      d7142069b4d950198cb28f897e6985f3d8075c1e75643c2add9aff6c90ab583893e3a6e90c6ff1889c869374420bfb0a87a80d1fe55f3bf3c5b215b833b95adf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab6940.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar69F0.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1108-4-0x0000000003A00000-0x0000000003A10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1940-2-0x00000000009F0000-0x0000000000A45000-memory.dmp

      Filesize

      340KB

      Download

    • memory/1940-1-0x0000000000110000-0x0000000000124000-memory.dmp

      Filesize

      80KB

      Download

    • memory/1940-0-0x00000000009F0000-0x0000000000A45000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2096-7-0x0000000000260000-0x00000000002B5000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2096-10-0x0000000000300000-0x0000000000302000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2096-5-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2096-6-0x0000000000260000-0x00000000002B5000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2096-12-0x0000000000260000-0x00000000002B5000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2316-9-0x0000000000810000-0x0000000000865000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2316-11-0x0000000000810000-0x0000000000865000-memory.dmp

      Filesize

      340KB

      Download

    • memory/2316-13-0x0000000000810000-0x0000000000865000-memory.dmp

      Filesize

      340KB

      Download