Overview

overview

8

Static

static

7

749f0bdc01...18.dll

windows7-x64

8

749f0bdc01...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 15:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    749f0bdc0184b8c12a1cb9ab0e534ac7_JaffaCakes118.dll

  • Size

    270KB

  • MD5

    749f0bdc0184b8c12a1cb9ab0e534ac7

  • SHA1

    d555a356a2dbe153579ca8f940c6a5508677140a

  • SHA256

    0000bada61e9d28093e597dd8e02ed3087c6e181173bc0a8d9fa9711f224c606

  • SHA512

    2587ad595a5be4695fdf81a011da116c48c7aeb91b225ac73a32bf036dddc6a58cc3c22e1cdf21cb9b4314bb36fc88a0d0861a7d67d4af2ab2a98f21a3a3bbfe

  • SSDEEP

    6144:0qAsgcYV4eXKjDbqhkBTmDHSuKIaWw+zyOVbCiDc:0eg1qBzz4hhaP4yOVC

Score
8/10
discoveryupx

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3428
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\749f0bdc0184b8c12a1cb9ab0e534ac7_JaffaCakes118.dll,#1
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2740
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe C:\Users\Admin\AppData\Local\Temp\749f0bdc0184b8c12a1cb9ab0e534ac7_JaffaCakes118.dll,#1
          3⤵
          • Blocklisted process makes network request
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1424

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.ini
            Filesize

            353B

            MD5

            f2e2499f7de094f609ab56f3681843c4

            SHA1

            6bf2c3e990a75ae7c86e416f58cd561f06ac3c4f

            SHA256

            8c177f1e0d533a98fde536ef82edf8e35b9bcffdf4272cc8f2b0171254079dfc

            SHA512

            0c6e80c26d3d310f6ebf5d77228bd26191aef0ffa8e78ab46affb902db08ac06b1cbc09b6f29f9122a792518928b18dc8b9e0c137bd3f97a5ea937bf5a363c04

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp
            Filesize

            425B

            MD5

            190eddf63008483f76432b6bccd11a28

            SHA1

            e9fc71843441a6a5229529581b3a34dc950a02e2

            SHA256

            611902536f8e80a466bed9d30511a3f30f9b1befbde923dc4b99062c556e1905

            SHA512

            2d21cd3707f3e7d334bc68ce90b3737a9dbb13358ce9a7d6e86aa53c29d794b24874bc19cfdec5e452bb06451d27104b651cf2aeef3b56bf6d224a5e3c542e82

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp
            Filesize

            425B

            MD5

            cb4eb1715b3823266871db7ae54e2721

            SHA1

            75a1ae75bdaab2f58a5239c80d95234259c1f9bb

            SHA256

            184cfe0932cf37333dba0fe8db15e4884022df813f8cf439bc7b415f5e5232d0

            SHA512

            ac961ef6910ba898cdcbca51c9abfb305e5d7565791c94caab474c878e02755a0181de4fb8c6e61e528b99cc5e19b559a52a3ce442a7787c27e1c114dd71fada

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp
            Filesize

            425B

            MD5

            755ee4bbbf5a4b930cbda79315695f2f

            SHA1

            01f4bd7740879bff6ec4a7fcef0dbd6d4110773f

            SHA256

            6901e69744d7c56f8f0daadcde69564ba2b1e6cc1d210d673684d9521b82e177

            SHA512

            8d9c4de1d62fcf6c29ff6cbe99a931373e7acd43a31fe44466ac0ab07ad8d23b97d8c4e221c2524ac756e3e4ce072d6af484ba13aa4e4d863748dc6ab1747f7b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp
            Filesize

            401B

            MD5

            18240e2d24645393bd6bc5a95da887d7

            SHA1

            dfd492a596d30f6391ffc9162ab6e9022f677f6c

            SHA256

            28d747b6e30765b7e57cd975dcf76f096ebb1666a674adeace53e50a4f9c88c2

            SHA512

            a9ba2c68f0a1c31f39f0b19837bdb20940fd4e9a73c04293caa08918d2b6200d9fb6e6b74f070f5d09132f57c8bd32ceb86b24efde7b4d2d64fc37194aee399c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp
            Filesize

            425B

            MD5

            2db8a5d6d09f7021c6135bc6a644e3bf

            SHA1

            fefc68244cf9950b7d1295f043188ac39c2844c0

            SHA256

            a9ca2cd83f94205a50d2ec93abbff1bce3753d78909ae27315735704cb7ea677

            SHA512

            59ca9122052293af4400d8697ac3e4cb6994fa7edf78604033e0a12e16e8fe2c08e88d3057059c759afddc2359ece128733db289aba866ed98a6e9cbd1cadad0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp
            Filesize

            425B

            MD5

            2eddba8641b26d4826fc7b5b496dbdad

            SHA1

            06139669be5b561548add2bf7862bbfb10f5964d

            SHA256

            6f8984e077f47c429f1b883ccf3ac3a14d6e0d06ab8b5a3502986d0ffa6cab6a

            SHA512

            d4acc6179f4bb40d4909a4bb7edff508f2bcfcb658f1f338ebbd6d6bd1c50b51f800ed017183658ad909c96ff6c92d5f482a0fcca03d4a3a9dedebb6efeffb2f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp
            Filesize

            425B

            MD5

            34dcc3d9a965720fa96233450ab56799

            SHA1

            63b968f5ef378fc927a7333d7f466f3c82566a7e

            SHA256

            adba0e5c021907102614defabbc37886e9f161698019fc2a8d19de7ff69fadb0

            SHA512

            3955d5e7eb7281930a0afb12b43206be7e986a1dc5f10645224fe30265b6bc3155ba2f7d4ce253550c6b2745f6ed29fafb584350ea21506c981e1c2fd89ff17a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp
            Filesize

            425B

            MD5

            751406cdd5e0a97f63ff49c7b917a281

            SHA1

            a93252a0889d8556b1dcd4c80329e8f35e758b2a

            SHA256

            7ab97975785dbe082af901a5de530b9896b152f3e276b30807681ec7ccc2ee1d

            SHA512

            5be334d483bf21ab00e2f3df75fd22d8653357c63fde4f6d64ab546711f25974b5ed14db0011803951d20dcb7bd6a05dcf2ca6d6a5a1b829103e2f4ac2230f11

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp
            Filesize

            425B

            MD5

            9261090e704fdcae40aaafbcd8f4816c

            SHA1

            6de6d63fdddc487321ff42e4dfe5e92511eb5fb4

            SHA256

            73491f92dd145f72abfdb9853ee605c9eaee0740fc228ef1a71b48dd6e0c62dc

            SHA512

            ca5a10d5d53f30abcfc65c02980a25d9accbe7954eb26e1e59f6927dd416e2e0c15b80e8795fb2b732a5394ae9050372f6483434d0210d36f7ffd8750024f7bf

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\811sekaCaffaJ_7ca435e0ba9bc1a21c8b4810cdb0f947.tmp
            Filesize

            425B

            MD5

            47bff5987d5fa46f5ab8d1b9b2e945cc

            SHA1

            87d8d63ab8eb52d843d9ce5923e0a32b2b67fa7a

            SHA256

            b37987685891b4885ee6dcee990ee9c3e2816c19d11ea6710eb2fc04b9454d7d

            SHA512

            233a58f96f87832fa33c6ebfb8c5f15fb5bd344255bebd0be0ff7f8d5a3c2427311e2cde99b92280419eaa7917c87ab3de191e1bd8d6bf07e983353f3c3d0df2

            Download Submit

          • memory/1424-96-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-166-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-177-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-193-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-160-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-224-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-129-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-240-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-257-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-112-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-288-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/1424-0-0x0000000010000000-0x00000000100BC000-memory.dmp

            Filesize

            752KB

            Download