Overview

overview

3

Static

static

3

731c34c479...18.dll

windows7-x64

3

731c34c479...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    731c34c47908d5078c87bcf5a85383b3_JaffaCakes118.dll

  • Size

    85KB

  • MD5

    731c34c47908d5078c87bcf5a85383b3

  • SHA1

    e9b574aa6972fecdef2ce1bc689f8b69ee2afc8a

  • SHA256

    9ff69703fd76346153269550ce1e47a2488f51118dce4fba2dbe0c37b62c04fb

  • SHA512

    ff80e268a982e188e2ca37e021e0ee2b34d2cb53db34ee3fd339cb9c59beba5b4be806197f15f9c2996422660792797d642380b587ef4ad714f278a843762cbc

  • SSDEEP

    768:aX8s6xwDEkzDju/XKQbNMYU/hGmRXyov:assDIXKSAkwX1

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\731c34c47908d5078c87bcf5a85383b3_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\731c34c47908d5078c87bcf5a85383b3_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:3044
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a20352e14529a6c64f847c457403a944

    SHA1

    f4b5f6a7a0b5c59a3b7acbeaee94ffe47f830610

    SHA256

    45853638b9bc38e10b19aafa10cdd5f7898e2496fcdca935f415a7462c168053

    SHA512

    0f65564d9b23de8703c46da87329b1190be58d7143c5cbd3d1988046cf27d79b3dd71183ddb7a5dd894beeb801412be011f19a0fbadfbb396fd06ab789f54e4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d499c7ce8f9f50113034b421660476a

    SHA1

    77cbfef24a5a93b261169bfe5f19ffbccf4b6504

    SHA256

    0ca4ff19082b03ca7b985e738a005ed656b6dc48d035ba71da343dd168bb57b6

    SHA512

    e11498bb1a7c1b467580d9f6d38e057a6a2e6dcb7d448bf5b7e9cf6e69931e5c15048fba81f60f37129470dfb51fbbe5abe0238395d0929dea1e41a8ed047636

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f103a16f7627c561e55601a880f5c762

    SHA1

    e5b1713297122808f871f46ae73b727aa0436614

    SHA256

    1a9454e0c64391fed024e19100adcf3cb3d9c3829eb91be1f751ca1ab638e7a1

    SHA512

    e5bee4061281c9569e42a1e5fff0ede15736021d469ea00ffb866462892ddeb9e8001baa7a930ba2100f8b30c16ad034d70867dcc0d0eb76416c552328982764

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b8443476508f33268274b07a837fd46

    SHA1

    171e717501e46f18ae1811c3db79c1f1cc062b08

    SHA256

    4f8bf58206d6628a28bacf7f7cf49c8762aa48e47bfbb530de57985d639dcbdc

    SHA512

    8bdf4413cb94cb23b81cbafb307fe5f5a73663e3c7ffb710a5c5beef8db90a0f038ac45e60cea58a5c281266c080f526e0ff06abbf86a40482b621adb469dba4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fe8fb2dcbfa32876240d145f3f6e68c

    SHA1

    197c771355f1c551e3525511a51969c6aa8e54ca

    SHA256

    e371a583540c6ef6cd7767ef5b7286f0801dc0292eadf9ef58c56a26206c6988

    SHA512

    cc20a920e9628da70b29a84c4c7c245bc301746046a46ad62a1f5335d29a430e381ec66a3b1d42a0f6c6245287517cc7f0806f659ff90b7a96f48151660de16b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de5e2c70eb8de18ed353c2b04748d1e7

    SHA1

    411c963b4661e744db2385557ce6c9336d440985

    SHA256

    5cebd2eee0e2cffe9f9e4a1ca6f32a34ae3cd3d1c4354bcc8382be51b6b8f759

    SHA512

    19e393b6b4777214789efb8e4c96c7585a959728a2b59484db658382fd2a13e716415a90f33eb9bae9eca9761fd794040083ef0728cfda2f8c015b8b6595987a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a3ed52be84ef174c9787aee91ed5f39

    SHA1

    00a46856b9c3ffdb00c4de7561731e4e8af66f33

    SHA256

    376436aec494250cf1138ec9213e63e496bcf89b1524ad0f4f07385311f37daf

    SHA512

    132fe9ed7b5ccb33708e114ae84abfa0efb0303be0721ca6118f280af8f697b9bd5920381cd81c81606e4369d4dd2b9fceed29d3fa5fff647206bd3f047bcb0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8671506f47064138268879ba71f7256f

    SHA1

    e51ec27efdbda8fe7d740fd01bbc20cde9e2a526

    SHA256

    07df08a80d5a36a733a2da2cd579dd3c0d1baedaa9f80c2e1b9e6233b78beec5

    SHA512

    7c48860c61b846d00f8bdfc16f4df9e88df4591664c638bcf3bea737ad283917ae4e16a158c64623eff48975e3615b185c7b70c4c5043c388b08ebf53cba065a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ccd1b7f44bd6c0b4d0cb39330a1fe8d

    SHA1

    06c3b071c7a60790ce639ac0af7e4bb388ef3d40

    SHA256

    ca7877ac151ea089b3f193e09f2f55a80b3f0d4745765a6c6a6a5bc68803d6fb

    SHA512

    f2b48843c0c40942ed4ecf9e8274502012bdffa16512cc524c1b14d5b1a009e208ebf6848364bae88dafb34efff0e02bc424aaabc484d009a172d3c000ce1ea4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC831.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC892.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/3044-0-0x0000000000170000-0x0000000000172000-memory.dmp

    Filesize

    8KB

    Download