Overview

overview

8

Static

static

7

749f0bdc01...18.dll

windows7-x64

8

749f0bdc01...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 15:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    749f0bdc0184b8c12a1cb9ab0e534ac7_JaffaCakes118.dll

  • Size

    270KB

  • MD5

    749f0bdc0184b8c12a1cb9ab0e534ac7

  • SHA1

    d555a356a2dbe153579ca8f940c6a5508677140a

  • SHA256

    0000bada61e9d28093e597dd8e02ed3087c6e181173bc0a8d9fa9711f224c606

  • SHA512

    2587ad595a5be4695fdf81a011da116c48c7aeb91b225ac73a32bf036dddc6a58cc3c22e1cdf21cb9b4314bb36fc88a0d0861a7d67d4af2ab2a98f21a3a3bbfe

  • SSDEEP

    6144:0qAsgcYV4eXKjDbqhkBTmDHSuKIaWw+zyOVbCiDc:0eg1qBzz4hhaP4yOVC

Score
8/10
discoveryupx

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1188
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\749f0bdc0184b8c12a1cb9ab0e534ac7_JaffaCakes118.dll,#1
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2220
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe C:\Users\Admin\AppData\Local\Temp\749f0bdc0184b8c12a1cb9ab0e534ac7_JaffaCakes118.dll,#1
          3⤵
          • Blocklisted process makes network request
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2396

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.ini2
            Filesize

            425B

            MD5

            71557c0b61ff3535afedd0679df53637

            SHA1

            bd036208254304bf2ea2160d1ce6a81b9e79aec4

            SHA256

            73fdb2acc76f4f298ba592a846a92cf747e328bca37989d0718a7c85cd85e0fc

            SHA512

            0e6500abcfd79231842d1ba27bb80829e5ddc84e58cf24d1344fb1e96ed8afed7ea97f9b36236bcbc4a8bc280197bb292d7d2e5e44c021ea8dd0d42d6f21c637

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.ini2
            Filesize

            401B

            MD5

            afa5efcc8b068d23f36e0ec0e1e1d03b

            SHA1

            1fa879527059841f1cc38414d11b9399e7a0267f

            SHA256

            6caea92d1e224a3c62764fbb16f6d5d714f0121b6052559f518abf0933c01dba

            SHA512

            bf308ac9a5cf985cef884fb4e6669e0b6d32f16c7a6e9c99537627125b6d43e819d8a5556a5f102fa98c72523f3879feb127b96930dd4c4a17081911a743e983

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.ini2
            Filesize

            353B

            MD5

            a6f3e74fa97f4dcffb78354c399e4f9c

            SHA1

            b8589806ed3bdf1ba4b6b2a0bdad32f7b6b530a5

            SHA256

            43f3009994bccf278b516b523c3d0ed7736154dad2ec7d806eb46cda7ed182c1

            SHA512

            f63ea4288d1c8c94f4e4b374bb84441d1927fd4e60fafe3b133a2d6a7fcc1feb80f972cef6f3dd402fa0fdb8609fb08893fb289670c042b5e882c2c2ec512c78

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp2
            Filesize

            425B

            MD5

            144d13c7afafc764e43ff469819a4a2a

            SHA1

            b449d435f40b8c421981a8afe0931a6235be595a

            SHA256

            35ec218aa9b2b7252957ead0e88950acfe2cb790e352da40501982531c3ec29b

            SHA512

            072f2721ab0e8010c82ff8597da6ac2a6136a713fe6215a9e7a4214dfae730fec7e5ae719e6de5d3fd21b0cfdc304ca772c6f79542a852c25034cd62d5e15359

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp2
            Filesize

            425B

            MD5

            698bde094eb2205164f2d105d1409474

            SHA1

            9825125f0018df73031063ccd617cbfea4350aef

            SHA256

            d000067e914ba324e696ccdad65c4cc3804ec03389655bc2fdd9abb982ec658a

            SHA512

            8824816faf5a582453ad4698e2bf938e1f4ce99efd4299facfee7845e9932fcff1e13644a526a68b472c551e06635be34e029999d0ed1712efed8226fcf4c9f4

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp2
            Filesize

            425B

            MD5

            f162cc6ab5b74d3fd4706dfe74e6e6f0

            SHA1

            19c5aa634c950ce2fe6a401eb603e779ef65e109

            SHA256

            3eca5eea0800ffd6b88277330e1f555e4d98c9d043e709019002ca9c56775de0

            SHA512

            678232c896eb09b3b4a927d7b19d939de46568962abfd44b6de06ddc791f4b6dbe5bffd14d741db6145e6dbffbc09d63154e10859eb1a8d1f4913620c03373ec

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp2
            Filesize

            425B

            MD5

            9ce494ec8350b03ee4efd4d06e8fec19

            SHA1

            a05c24b75b9e9988a42e4c6511fae8b9c24aa1d2

            SHA256

            2c3319058d927b3bee7afcb8558f803e967f6d29179a389508ade1be231b9e57

            SHA512

            950ae8ef3b1fddc991c780c38e5365e6157b5b831e7911e868f1172957ebe5b6529d9d1eb3a4b85d8650442c839a42b257aa423a5181bcb324085e0cb44df9a2

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp2
            Filesize

            425B

            MD5

            5a058b18775da41237e78126a967ea4d

            SHA1

            df0134f086d4ed07958021e368a513aabace6e1a

            SHA256

            c68fd64d372e20a141a0d20069fcbee750a59efcf8d6c135148229d87d210381

            SHA512

            727dad4135074b6d6bd4ff2e9e35371367a919b729ab84ad7087bb7eb2bccfe61e84baa9d149967103965bb5a8c1e7e13451c60eae050dec408dbaf22fb52233

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp2
            Filesize

            425B

            MD5

            73a3afaacc0982fee841d11c417d21f5

            SHA1

            1ec4dcece5b534ef0313f52e223e67eb89976670

            SHA256

            9a938aac36b1dd8bb4c56f92bddeb8e2a51fff7d97fbaa0cf9fc24334793c654

            SHA512

            ab72c861cae70f819378ab12d705ca8085134ca09621f4b832d01374faccc3485bf2c00eef5a7268cd8db7ab2f63d657ede6f86efe323e36dcb5a9ca318d7cfa

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp2
            Filesize

            425B

            MD5

            5aba798e742cd762ee51ace468779924

            SHA1

            cd507381b1ead6264b553f357efde9c64aff8cb1

            SHA256

            cbcb53408211191d1c2ca13d3f7b802c1b1418ba3c946e7b829c1b2cd0bf3849

            SHA512

            b04a4087c54d212fcbdd166057a17ca0d85f5eea040b11b7373689fd8706d2031011d9fe151fa31773f9d6ecaf6130db1ad69d6b8d01a0958288d672f136613c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp2
            Filesize

            425B

            MD5

            6c39d09b4030e208ca95600efd6d39a8

            SHA1

            c289d45d575ae1f78b3ac02778b65a71e8bb081b

            SHA256

            a3617a1ff51aee4c267f874a966ab6a4aedbe700925f8d33cf25befb050dd497

            SHA512

            51463142a84685b2a06549774ec19eb651881ae152de3529b10a748f74ee0a0692dafa3226fea451f9d78b9b80c2babe0f63ff24132333998dc5f559a7814c8e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp2
            Filesize

            425B

            MD5

            31ffb3d2c32fc7bf189833328a91876a

            SHA1

            3e1fa5464b76f024abc8f8bc7cb97159633dbfac

            SHA256

            42f50ae57f7d5d4da01554c69f06d4b94b87e46f2b7f2b91ef160c5f4fdd65ae

            SHA512

            c87ed2e53934b528a157af27d231c8b546d96e5cb1b608ec6a25773c4d0c4d17eb6be1760205ae2942c391b99b94efb1608af7bc8d4ff8383cfc95581abf10ac

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp2
            Filesize

            425B

            MD5

            eaead0ed64f72761724bd433099830c6

            SHA1

            d66ec5804949d39d79407b2409c0fb61177e83ea

            SHA256

            a7c5d02d83552be21da1e981b277b0f1fbd8d274fc39f40acb60a650320fedd4

            SHA512

            84a9d483ef9cf703efa47221eb820198169f1b62ffd2aabe4c60aa4545307f5477b08223f79852a0a6d8a5992b8855926ae1ae0df40e667d24af2573f829727d

            Download Submit

          • memory/1188-24-0x0000000002A80000-0x0000000002A81000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2396-154-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/2396-0-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/2396-122-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/2396-91-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/2396-1-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download