Overview

overview

6

Static

static

3

81cc33a285...18.dll

windows7-x64

6

81cc33a285...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81cc33a28596941def3de0626f397f77_JaffaCakes118.dll

  • Size

    479KB

  • MD5

    81cc33a28596941def3de0626f397f77

  • SHA1

    ba39a62be6fbe8b31bba56c35fcefc4116e3206f

  • SHA256

    521b1f2d3ae5ac6ecb7d4d31c629e96e30bf877550440b8749a9a5e65ff31e26

  • SHA512

    d93fc70caf8d9f31adcce54754a3328ea92c42ae4e546100341f3526911a44002af4e9bce772c70f86b75b18949eb178e1faf438ed79dfc01853f1a3d7d42dd0

  • SSDEEP

    6144:+AA/zYgKj4C5jwu/NEC0xeWFaxfVh0xZHyN1wHbBnirUeTATt:+D7nKj4Cn/N8klfqZHyrw7AtATt

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\81cc33a28596941def3de0626f397f77_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\81cc33a28596941def3de0626f397f77_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:1280
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4b5c3d713f7e153a4133fecbeb912aa

    SHA1

    26b2702217afd70754b347809aae858ae32b17db

    SHA256

    9015e900807e3104137660beb985afbba64b81001a54e7c74ea0d82efb444627

    SHA512

    276128c6b121a42ccf022fd48e4f8b7f1c8e4871fbeaf41704b66ad88d4b4e652a4a220befc8859e0612634b39427b0d2cc287057d698fed71170173cf635ede

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15bab3474454b035c5c7ae99a49e35d4

    SHA1

    fc62ce5c4d886755d3c30f8fa0fca66a78a968f0

    SHA256

    6293acd4df86f9a39191d8ac4618f2ed121bd13f3b8f0cd729bb6770ec9b5f18

    SHA512

    0fffbaac036d6573749e3145b9903d67ffa375d479dbf8e26dfdd7c1f2b15abdf0b6a3e95f5498d40b783e3238e931836cf47d522c9efbe8e4fc6a6a80590ce6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46ffe4dcb223665408fe7efee41b9c78

    SHA1

    534226e3f49d33150ce4536331368b9bd1416491

    SHA256

    a2a76b06462a32d730d20ed5aa61a4c42fbce5aeaa06726e90985578c823e009

    SHA512

    75dff6ffe8a768cc5eb3d305bc720a8404027c3ac4cdc576a109514d89188ffc18c4bd1f37feba026902e4aa4f3e0c4b5a73f8642c315512055ef7ce643f0f91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ee9e616532e32b686703f70a7352b31

    SHA1

    9ae8772bfecdf0ceee963e8b2fc5b5c85c8dffc6

    SHA256

    10634fb8e55a2f07df3ace607e5bbf7c5be33ee8934911dd4234bff3244a0ebd

    SHA512

    e97392f676942d746cda1f317a3323b6d377bd6631c7cdec936708298c1e9a1ee8fa5ff22b6e939658fe6ef8105009c2f32f835da7cafd2bd571c0f341d2893e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6f9c247c600d85f455e70d459c72c84

    SHA1

    1df7f2b6d2053464b9b1be46a177a09c90641c51

    SHA256

    31c6c3ab749046ef9b950f581c9183a2fcba9ffc1450ade355ee2fc5246a55d2

    SHA512

    815cf1770bdf2e7a5c11128e14f77db4c5f59e3b5876c058bbdfa7e87f9e2a379ec81326672bef681a78bae246a225f1b474023129c8125606b54ae41626d080

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc46740762b6ea62237d02438a5065fc

    SHA1

    4e09a1ce866e80be0add88cbc742a931878d9aa9

    SHA256

    a7c7a85acec14f0727cd6c72a24a69a25f0233458e56869c0ab479f0013f326a

    SHA512

    6553d5bd478c54deafaaa46c5bdcc97b58a3b976f26f3ee5fca36854b24c2650922da3b5b9b8d65ca55ca10faaead89749578e9c19578ea623ce0ac2fd730f04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2885f1212581ce0e624849883daf10a1

    SHA1

    aa6d610dedd13b9f29d21d252a24219b941f2581

    SHA256

    d74a82fefb64fb3b592b653daf70cad64f3fa668b2a33cc493770cd4a0db26a2

    SHA512

    330a12a492bd79061478e9a184fad3001760b36e61f2459c772ea9db0d5b6039ab2e8f0189a01ae5a0bc3fe5c0cf3c644a34feaa69fc7f18b7cf5da358533687

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98e3fd3430f9f8f3616670a82c364ec5

    SHA1

    5913ed2cda9dd9b7ef82f4e3a734db143df37089

    SHA256

    b9e0a94909590188dc788ee4172af4ca6c7805c0982c280f0c7c7441e3998501

    SHA512

    9132396394e8c7f222e09ff13ad55ba44d6ff2e76dfa0876eae6d67fbe85f95474b0892b7e1a4841d5eccd331435e9d94ec8c14fc3ab3f7e038b7cbaf096b5d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b2253a832ca03a32008347d0c82ccf4

    SHA1

    fa407cb23be57fb9c685ee6c2968701f666a1816

    SHA256

    44a1b609d7b5b8d4eed97a095c67201d364f726fd4382a62fc2b081de3fe1a4c

    SHA512

    76b3258ed36683c9dbbbf9725d07a5f4f3e0be5ba7d2b221cd9fbce82d6af52a7311a3b3efd8ae424f30b5d1699e5a9079ad5e8639671c42dc5db2639ad46b4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f5d00aca56f45f094e0f0093f409ab2

    SHA1

    35bec8042d38fdf7396fb8065ddd02a491c20f4b

    SHA256

    ed0b268f48148550d524f2a640fa385b43d66bc3f9ceab45467d38d11e1b26a1

    SHA512

    6c440312acb234ae6d53cc245f4f9658f029a4d2efe74bb0d22fac8813c3a858e5acc47d303dece04e31557323db552a26eaa56f140443c15bfa8e3b70a2d85c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd60be77c98f107bf5ed7a4665962d2c

    SHA1

    e887971858b78613df9a8b0c7fa19432ac8dc8ba

    SHA256

    0150e4f7e0c9e24341f7ce1a7cd62eb52132a0d4040ca580a29838fae0e8392e

    SHA512

    cc9c215bbe3cf5ad5106c12e14cdc9290f17be3a324071766f0fb2e69be35ff997d62bfde6486ea17dd0a6af5a520fa0672b004be931b7a23b9e26adec1db571

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0dacd82411ccc9ffb01ce05aa3e25236

    SHA1

    6e5947d5083a7ccb8799d4e942cae04ffcc82c35

    SHA256

    3d2d4986a1410eeaf957fdec25c1893a1c3bd564c6a854fed6190fbd6cff10ac

    SHA512

    22bbe8ad183b466a293e57a26f933e65d528984926efce667387a6e04d23abbc5b85bbb034ac2db3240fb7ce30aca11ff5d9bc423bcdeaf96599fabb32afcffa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5738fffb6bd32d72874674929c76b12

    SHA1

    4dbdfe025c40d509fb753270c8dd82f2bf1b355a

    SHA256

    3ae2accbfcfe784b9542c194abf68df9efd2577a14ed99d45b58d83b244796b2

    SHA512

    33c85e8854a46d96948f46e7e549d6eed32be8d5f40f372eea75de337db598642794d2fe28eead18216939dd2c4273b2afaad591b382b6801e806f52aa2a6240

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8012464ce0ec83449e1b7464c37ac30

    SHA1

    a3e56d1db42aad1a4b2ca832da4d281d4bb89486

    SHA256

    86871b258fa0c1ee37bf9750f49ec0eab254a4589cb39fff92daad5a38f71f9e

    SHA512

    3a71410bcd9f916d720fdd8df66a3a17df91b9b2149d873e5c702f5e1a871619e90a5cd4842496bc8ff026e2be672c7c4c589dccccc11fb615d09845f509e4fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a60fa7ebad10df3cc7129f46e491d97d

    SHA1

    6dca5710682a81ca5b5993b62f573af9b4a3f847

    SHA256

    08fb3281d10d4283e52c0f219389c7a10a9199b579bbd22c79ab6c88e8aa3400

    SHA512

    7366c26b240a90ccfd5247fb7193d34da0ca80e95f48160c551b69eedb0b2bb076a927a6f8d010956b2ef2eb0333d5b95dc08bfa18f2b4f4592a8bcdde77b006

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    818fffe52cd04301a980f9ccd6bce10b

    SHA1

    62d60f7ae3100ac18f45c7706692269d1a1ca3f8

    SHA256

    4135a8cc8e769c0ad7845ffa8f6c40aaa27d69af57022230463da4891220358f

    SHA512

    7e1b27cd9e2345ce1f494d4d6809ac65d68cc922f89f3ff10bbf3d9bd0847b58fd42d8d554314fd6acca5a057db547a422065c7e1e735f570fc5a0f45b97d3ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82f679f657a57b912cdbaab01c2a16c0

    SHA1

    7592d1e53763f2ac608660216802b6a71218f801

    SHA256

    825c55eecc005cff4d99c0d9ba007c05ec215974c892a4e8202f25052ee12048

    SHA512

    55d8fddfc5d094b04f09f170536c9d2d08dd0d39d91ff50f3b7656f59b6ec83ff324657ebd4e174925da02d0f23300ae3b596a39056f97355a9c44ea670a99ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d26a49974608ea7cfa945ba8f796be0d

    SHA1

    a6da3787e747e323e6622a347581aae641dc68cc

    SHA256

    1839bfeb0f9076b009d8b8b363099f95bea23bde81e3303116836cd7c971984d

    SHA512

    04344c527d4df65e61fc7367bb7acd7e8f01cf5dad389372843d0fd976d003bf18724e9772fc663062c2a5b7284e5bc4c15f0203c07571db9ed406896d75ab9e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDFC6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE038.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1280-0-0x0000000000130000-0x0000000000132000-memory.dmp

    Filesize

    8KB

    Download