Overview

overview

3

Static

static

3

82d604e9d0...18.dll

windows7-x64

3

82d604e9d0...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 03:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82d604e9d035a507e9b07bba494a30f3_JaffaCakes118.dll

  • Size

    74KB

  • MD5

    82d604e9d035a507e9b07bba494a30f3

  • SHA1

    c6fe099cf01ead2b1a7086f882a51464cf13fa49

  • SHA256

    405b632ee730d2613e75ee9bde45db60c5197242a11a610f80cb7b249fa6a199

  • SHA512

    c9ba1a3f1dab434a0b2bd7a93d957161a018960f0125fab338c506ba738f9d9b445ffc9f68e190cdf9247f2291cf6e3766b36f383b4c1ec110988b63caf3a460

  • SSDEEP

    384:bsh20qYYoYFljyo2Ozd7RV5MjK743ob5KHAvQBdyhe106emR9R+x26:bsh20PEljyo2cddrMR2KgvQBdNGmvu

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\82d604e9d035a507e9b07bba494a30f3_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\82d604e9d035a507e9b07bba494a30f3_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2964
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24d84827477b75db1d9f3fee6061f454

    SHA1

    92fa3463d9f1b087c168b6337bac8c1e82bbb052

    SHA256

    952a60bbcebdabe58fe3d28e729e5d97103ebc4305a97e8ed3fc386dcdb78b9f

    SHA512

    ac93f8e9685e31af13c5c9a5cbda5c3714ef44f90fa12ac0a1310476d04fb7cca434edf6526a45ebeda682c49c97fd85e4225ac15f5fab873ef52bfc8f530d61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da5e24100c24bce61b39977fc8ac7436

    SHA1

    22f19f593511ac8265e9d25abf6f437896babfbf

    SHA256

    cf921d1e8b0a1c98217c98f384f8315cea522bfa3a63787feea5acc2a17ed05a

    SHA512

    5c15459a28acf1d7897cf90f2b14003c0221335eac0d074bfcf3a028df0152c06d00144420d5ade52fee25868b34226176167fb83c74b1e87f9a379056dea226

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8e7830b7d590994327ed754d15cbbb2

    SHA1

    1c34c2c0d92574f3ebc10cf70f81971eca890ddf

    SHA256

    a262edbd9fd2c39663cab1169ef5a2d5463ddc3b2c49db59c082129284097dfb

    SHA512

    b0374aae284b5acc17a7837ea4d935e74a0208cdd4d78a2eedf61ce6a182c7bc4310e9231ece5206cf24d9d4bc86f8c30d789687740b14edbcac823f413d48b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71d738f113c021605c18b7c802a6df70

    SHA1

    3b448c12f6db3418b05bb278449b08f1d96409a3

    SHA256

    fdb7dbfdf66ddffdf9fbb5a6eb70d0651841c54bdb99e5752a84fdba653865ef

    SHA512

    0c7ad7d29f7339901df24bdc84e2a29bb9f22cb99af0ae66f073ac8573990d5a44bd38efde19a0752fab0daa8779a5937a6e46fe8435896814d8066283f4b72d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88811e67df60b09fd016b750a714346d

    SHA1

    86adb9b5c9f1b25a6f7237584929b9f7e2f0425a

    SHA256

    6fec274dac9d9d8a12831ad523d9bb50194ab115336e25687b3d3e037e051ca9

    SHA512

    b7f069afdf6e8a6c0f9f37e7e39dd669f78d3e72ed4e393393f7bffedd567ee803b6565864cb4bd91c449b499d542bc517347cde9abda08f76d63d1ed5ab56b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b5b23208a061d505185b6e679721868

    SHA1

    f73ed4c500537e1eb91e1ad40bb45d625f5be9c2

    SHA256

    bc4ffb23ebb161db5bbd28ec13b3de215297f7c43648b6230c402a4cb3e8a7b6

    SHA512

    17d12105bd03f68a58298c1843e1b03985ae07abc094183f4dd5e51e7c458b8d3a5d797510bf681e9cc242986ceb2bcdd1b1f6e8a8e50c3da17864a9e0055122

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    248fea7ee8c6f4b2e5b12dd91a141efa

    SHA1

    6a4e5e658ab3658d08287d33ecce5f117c47bab4

    SHA256

    4637dd08c31ec90662b77bae76b385d6d42a8d82d3e3b4c47099f094fb35ca99

    SHA512

    9ff63829efae595a0813b2e685ac6ac99c74aa7d59da8ee13d9ea0a141896476fbdb63c60684a83670e224f5dda35954a52be3c53f6e5fd701552b806c6b50fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f21243412deec64730c77b90f6096a9

    SHA1

    d0a278cc6ff956f22e89585a2365a867f816f447

    SHA256

    4a63e0bc8d8372e667a1cef6e6d4da55d8aa31f151bbdb89fcf7ecad1b79c235

    SHA512

    1b07e97cddb8e09ce376942d45a73c3678d3ef4024b4a2cab5702e281cd75dbe1f4fb628c13327d1e37cd56996a12d3484e28a1bf1167ca3a9685a314afdf66d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d578fa7bcf998e020e448828de79593b

    SHA1

    c48ea081b33ddfb2887dd7d86c2dc092be30c02d

    SHA256

    04b114e18382ec3f82d5271ca513c3e3cf653f112b98f31832db84c474ed8358

    SHA512

    ff0ac624d2c46e95c5da6b50c5a0c4c98bfc94be1723b431afb7833873b756b0544026d09c4ee36399cba974e59e1305e0f22e9cea63b08b18c0e08501cf3c63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab27ED.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar288C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2964-0-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

    Download