Overview

overview

3

Static

static

3

7222364feb...18.dll

windows7-x64

3

7222364feb...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 01:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7222364feb5725509e2a656f5011bde8_JaffaCakes118.dll

  • Size

    85KB

  • MD5

    7222364feb5725509e2a656f5011bde8

  • SHA1

    ed51f26895d571b0517938a4cf749889a8bc354d

  • SHA256

    00197c1e1eac49c7289add6409353f52937263542129f5fb682e5afd0c9d6f2e

  • SHA512

    bfe41375180fb65f3405e4cc43023546777e3c8e43dbf3a7356dd03fe8d63801acf5e061d176da6114bb19776d3c7f18a9055fe5b1d9030280d9ca705f75347e

  • SSDEEP

    384:sCh1RqOhALMQ7nUJHd6ycGHZIVRKFKFGCEbvQOIlYghe106emRXCG2:sC1XhALMQQhdaXKlC/OUYXGmRXB

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7222364feb5725509e2a656f5011bde8_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\7222364feb5725509e2a656f5011bde8_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2240
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2780

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          bc837c0382e0d89c3c57ab6e5f80275d

          SHA1

          4fea9952934eeeb5d3d324326339f1275981b3a0

          SHA256

          b1b859ac5b37c738c2ebe0c7d19af4294a8fa7c6db435957ba854b8ffb66c0d8

          SHA512

          3c4f0ef2e43ad85c58308e6454507513a3b4f1fbea88dd138ba942d1c796cbb387cf97d47c46bb8586500f61193e96e396703c05a821170a5e532cfe1b708a85

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          13b81683014d3829a1e440366e7c5ddb

          SHA1

          cf5fc91dc914d304e39f60b1c2253c34d96b8e77

          SHA256

          6a7c713c5ab5e40fa0ff1d38b0c6a10cea2eb893bf5a1468ff39c0c19507be78

          SHA512

          09c7a478443385156ac03cf21f55006d5053dd0f904ddb1764596fa79a47e05a2e5886871036f12c090eef79cc1313749fdc2119b9eff066d1c8262abe8f8963

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          86da73e117fc7bc6e8ef7d261ae12a68

          SHA1

          8daf5efdf0e2642f2a8f52933d9b7aeba2496cc4

          SHA256

          fc3281dd93b202d53ce2022d9883af26e0a860564d3f74af578133ec8d4cf84c

          SHA512

          5778f31d0308af253b3b6fdb8850d28559c2432820e7f1796699feb695099e7f11443f15f600af06b661836ab46f46b07c1988d38f3a53315537cc2070e26a8d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          16394e86283e2d1c2180009bda41a504

          SHA1

          1c7fd371663a64da2d05f6b10fada403a3243d83

          SHA256

          ad05d70a011903199dac4846b09bb572c3bdcf8c2c41d603f2444aaf29168cb9

          SHA512

          39ad3622c0927f39e66fb55b0a9130cc0bf04e4eb555ab166ef7469517441103310aa09658079256547013616c1091a539245664c376caabd6fb24f7c025cd80

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          1f96565b532624777b258258f6321039

          SHA1

          41c5cc65fca41b975425d826cd2fadab952028fd

          SHA256

          fba0953157532386b7ebdec9875e2add9b367757f452a9c6b6d2b378bd54ea7f

          SHA512

          ff02e79567fe6679cc5e67aa9f9c0793c70c513078457e62de42d5b29b2fd22131236621191d7414e501871fe42eb6ef81020f8955768e3102b5c5756a3bb044

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          bffe26415de8d1ed4bbff2a4983b77b9

          SHA1

          bf63468059d945810ecdf1ec86f6a0fbdd0aac9a

          SHA256

          e37e9df637cee1c7508624ae85aded3c1ad98f178f913e29a9b41c0ea914100f

          SHA512

          aad1dfd94f957ec07a2d49954472f5d843f60126cb780fa354fff253c84e6d133e71bfcf45ae189d482986b419e47f2d5ce7edafd7a870a10077cd17c3b0c039

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          1fb4aa3f5d94bd736d0f7826a1352c90

          SHA1

          dc6645c5269affdcbd248bf834ec33b0fe8c4d9f

          SHA256

          5a28b54494ba6d6976476a3da910967f52d243cd473e9378bb9cde0bd8be0f53

          SHA512

          23b71bbd73d57fe6fdc12dafd18611507c6ea2b031e4443ad5c839ca5c43ce5c28209aee8c495b6cb293d9157319e743a72d02c72c998a9194b7221351372794

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          f2f4d7209c0d395e8ab729267b4af403

          SHA1

          3c74e20beb03c6c238075b2d63185afabbeb06cf

          SHA256

          b81254b6ddc087972ab506fba368cfc64f222f2cd44d2547060f2f6d3fae734e

          SHA512

          ea9474cd63bb4bdde304b2a53e6c37138a38a01ff5681ec0c4f0097595206c5f30a0721745a3b6c06af93215df868bb577e4c541cfde93375b144763dbba2593

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          a854d2ea88cf99177458654c25d3bcaf

          SHA1

          e6f0f14b9c7c1d9977757a8c71d22de059aba075

          SHA256

          ed758763ace00060f3fef90687aa115f716e29c040fa953ba4c390feadd30ccd

          SHA512

          aae6622cc8e0defddfb2d7d7cd230cecd5e24bb427a3ff82694d609be0fdfeda9cf4207de801ca92b3816cf6392eb35326706b59e77c195fc61831d5d4d919e3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab7946.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar79F6.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2240-0-0x0000000000240000-0x0000000000242000-memory.dmp

          Filesize

          8KB

          Download