Overview

overview

6

Static

static

3

87d5863470...18.dll

windows7-x64

6

87d5863470...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 21:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87d5863470bacc58f43dab67f11f2153_JaffaCakes118.dll

  • Size

    169KB

  • MD5

    87d5863470bacc58f43dab67f11f2153

  • SHA1

    8a60c98197cb0952edbce6f07b5d12091a3ac1ee

  • SHA256

    06bdae23126a4245047429b636ef5c04a54335a9c693eb326655a729f1d6b8fa

  • SHA512

    e10bd9c46b73e1f30a5db1c2fc4f3f634e29758bb7a612e71de8c81088393a21fed6ee520fd3f8663b1477778e50776ac6aada59daa7a21277e17503c7b30a04

  • SSDEEP

    3072:q0uAdU5EQeDTl4cD37gG2Z91myCvy2ak5mo:qDAdceScDcGKfmysaL

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\87d5863470bacc58f43dab67f11f2153_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\87d5863470bacc58f43dab67f11f2153_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:1892
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fe83004c7eab7516464c448497bdd89

    SHA1

    a0adabcf34f7ab02883eef96f7ac09e2bd126cb3

    SHA256

    7866e04809e2f698fbd3bc7e932f5727d2d314130f96d7ac6429b44f5adf0528

    SHA512

    ab1f06c2d6d9a64446b6b43337270fbeed3ae2fcfa25e4bf32a474e319dd812948964ae09e337c38ab35ad13eddff647277e28ad119470c0af739d15c09decbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf076a266cca08b4796fcee549fd4780

    SHA1

    aaefe554b366c27a9be311ff9d8654f0ef053b98

    SHA256

    929da9f2101a5f82ff355763f4f8e13464bff8d9af4e99647c01414e0043c9d7

    SHA512

    84e98fb83b1ad3fdd4a0a50963010513d3d2d9dd35957f1d2a2eaaf8aacfd18488b5c519b82b5d035be9ec9bb48e7f0f1e5f470dc2a0cf8ca6b13d28a9f6e309

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddcca9eb2eb91a6b5d94169f3e703ecd

    SHA1

    c776cc07826c69f182ccbc149adcf28d090ac6f7

    SHA256

    2425ba1cd054139a496ac4d197c8ce90ab1bad4ae205f0001490ff3a48a0328e

    SHA512

    6a98b7eaf941fbc967684c4c847c8f14bf96e1ef3fe506d06bd292330b4efaa801cec1d17f45fcff800a6365d3ad4215ffa832303313298a227203d6d6a2459c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d808043254881db288015faae306fa25

    SHA1

    898563bbf03333e106b182be75c527d9c00132cc

    SHA256

    c9659d1113af64cd521870f5184099a9abc799fc545799089ad8c4087e90fd89

    SHA512

    adb8fe5e71c5136d628d2bd66a5b1b3f05ba7d98ab3d93872a6a3803c75ba0343074565f36f53248b6f427b0515dc7d9233626c233588f7ad9c9950d62d8db17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3217b771e20fb627bc716c8e21dd767

    SHA1

    f97fcd366499d6996127a3e0009e8e7f5293cb1a

    SHA256

    7757c8066d32aa26943cfd74d3aea4c69689f60e5c62ec6c7f53c5f8f7ebce43

    SHA512

    8bd9a09c7c64580145e7cc01aac9a1203eea8c5dcd2aed1aa06df8dd9dcf11b6e7ea6f56695e5db28724df68fa74f3fd020f2b2ef3cf5f3d940f07cf6eb771f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d03758472b679655b866497848181096

    SHA1

    fbe4950ddb15bb00161e0317384f0d83443881f9

    SHA256

    e86fa585057c94d9e8f37268de8484b69a0ac49cdaf9824cd5ed65946b7ae5dc

    SHA512

    2912ec5fecc925ad9873d5375c9c5c4ac93f97da1abac2f510c4ba9b40a692c53ec7aaf4f72aec8ebbdfe27dcac9cf595f2617ed8b36f2e3f8b893f8fc2c772e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1431848e33f2f8c0071dca570a48071c

    SHA1

    dd7d101586ab3e4eb72ded9059d06373e2dc6a25

    SHA256

    671e23dd669a5b746421b0fef6699fe3dedc9a9d26de0ff8e42faf5181199863

    SHA512

    53f0c702cad9e37ab7bd5a82740696799331e343f7868600fa84c7f9e7dc9b71ee77a47ba8e607c7f508be8a8ce3bf809ae64330c3b523c9665479e450642cc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b67807a6d9b0ce8e43a9aea388fb6502

    SHA1

    d5d37b52ecd079906ec1e421ce574e9400dc482f

    SHA256

    da8130f4b2618c2cf66f5cbeb08fefaa1d47dfddb126a75823a5e2031f0aa3e0

    SHA512

    1d8b93bebbe89bd666b504b6e10eb2e352b585feb9ae53145d366f9df12340b31eb7176ee61236c3d95db8ee80e206b5a797bd53d1bd72cac6f40d78ac4dd3a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    470a86ab0f43c610183b3ab7c9187f27

    SHA1

    095dc6e7fc72b4f2be405e1ff2c20283208dbe9a

    SHA256

    b6016b658f63e845885cd3dfe9f5962455c26b4632bef0dd0d0080372207263d

    SHA512

    734190ecc378861e7056fccd7f11822b25f9dd0d1a87efe5391da0221dbeca26d9a72059381551267103e878fb0c3e2cdc3519d102c3be670ac0469ec3dbf7b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    384538480bc49e03bf55946c1ce9f722

    SHA1

    ef1a48d45dfc59ef31219503cd79d5108d5523e0

    SHA256

    187d3fef719d0ad4ddd50d87ac764d1c978e691ed097a9d80673c91fc50ed92b

    SHA512

    f33e320b63ac6fec665b96420683e5cdbebd189cbd4284a0ab9b0723c4822af457adac68c462b77af3040d66cb439d797cd952e4acf312fb78db6f54c8664615

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    372a2514e59bd2ca25b51192e19d6671

    SHA1

    7df036134f57291bf3fbf9ad8e0657f0ec591dae

    SHA256

    78dde71d1f27543cd21cac065bd39f3e1cc410c33191d9509b537911a93d2f58

    SHA512

    8f6a59fddf10f99ffd94e66366882b6ea2ed868f1dd3c337d93706a397f74fa82bfc3a79159faa1a840a7a493920e28fd88bac0b74159b5ce1bb797a8e984326

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    071aa99548450239248fe06f83900a7d

    SHA1

    affec8ae8620d6e25126001bd20428d1acdbb7dd

    SHA256

    4cea3522caa5710674daec33987e97f116f5159322d83ee8e9d814f781b26ff9

    SHA512

    4e9bfe6ba45bbd91a94ff728a2c981f6b742bf6b3734de25675c2ffef4a719382b4ee0014255cf7651dce967598f8a4726b788457657e29c728f6d05d597e4a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8e81d8c6db9aed99c99d76c2cc32719

    SHA1

    35d018d8bd24b935d7d09330c4255af36238941c

    SHA256

    b83cbf2f2c204c0ce252959ac78f311dc8c2978cdf7714871af0dc39bf81cc11

    SHA512

    18ee5419bce9a68f6ee1b9dafaca40b37c72f096e4d03b2b0d48800c150d4fd3f524da150092a2b31009e8e95ea57b656ea0f35e7690ec4ec47bb428c15b3fde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    258a5364f5b8d006af0a9801d5b0837a

    SHA1

    cd82b586c7c6230604ee4e28cbbaf8e2c884c381

    SHA256

    ba899789f6e485e6885a4a7aa7d45548284ccf0b553356e4039273446651081b

    SHA512

    edc0c449293fc7aaefa58e43626fbabbc7265c074968491bc8d8c97f730292e452da85befc83775defca72c9cddf7b6e1613a7b3c09da154de03ff64698674a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c2b845532ca2b061f62ad5881d37ecb

    SHA1

    2c7f180aaa1df6b8c9d70dacec08f338fddfea45

    SHA256

    a4661d208bbb9df43b17f7558e8b47654360c86ec26d90d8172978ce8315a76b

    SHA512

    4a56495b7b248c2128db75a502504083cceb54da7fab903530545e647e033ecbc61df650364c56784958c9aef4f8610b4731c1245be2b8bd1a84c9fa6ccf3663

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a936d58bbf0bd5ce84cc9fe2a863c331

    SHA1

    05ecd29478430058d44c18e8e97f4d4ce7d919c1

    SHA256

    8eb84aa00da59c9dbae3a10e431cc189d914122ec389781090c07c504cc3b8bf

    SHA512

    bcbf4f0a08a0f7266036642bc035b0f6b24daa30b8f2f85006e5c0217b290201c9f457c0feb7288c38e7c3b285a7ae92f0545e7ac9518955685f2e1493a981bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5aa7fd1dfa4904c29cbaecb5ec973384

    SHA1

    e0724a2eff5ea027562a066a522bbca5575cacf3

    SHA256

    4d5e55a257581781091b3f98951ee13b73f79c012ab1ad8f6b7ec3ba55c843ec

    SHA512

    4b7c8aaad1027eb1b6de724e68385522c8d4da5d744d711f68df5260a8d004d1ad8ce5c7a82780c17db7bf52a369b0d382edf09656a09152d7846b24be9a33ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab3d5091bf95645e3d3d25c9f0caf9ff

    SHA1

    3cd6b72ab20f6729d55f792951abcf03cf9ae870

    SHA256

    728bb909ae722750e17b20a5cd4b2d3e90c9abc9bded181f6793e954b2962540

    SHA512

    02a6e91da9bf9f437b156fb8876c1e916dd055dea605b212424d93159515a4e59c17acd5226a1c1741ca76d17bd0f68cd8b122f6312765675aa23676946171fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8896d0f95d27061726709b2ad156fea1

    SHA1

    2dfff8f2e3a780b3dc9cc992cf9fa449f541c4c8

    SHA256

    86ae918036fc630c3a68751291ce0fc9e8c0797179e4abde2e79bf27700cf766

    SHA512

    44e158ef745234729b070e6a575c26688a48aed5899b710a635d8c41062519ac8e2a1d0f1306680f4809c781b74047592232aaa985424fe045e2cd295959a33d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    785218e1efaa59c9e6cb2e79425ac971

    SHA1

    b45922be90b060a79045a1cb7ebb3cf6f7f1714f

    SHA256

    f157bbb96f09692c283be7432935e0e728997a9a581494815296b889fea6c26d

    SHA512

    7f2546bc4d9ad58a31ab39e6901df501b24714df257f00a663a215f07413d1e7ce77152d4482c51b051416e439f3892066bf34066c6b6a4864a574485f370069

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3F06.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3F28.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1892-0-0x0000000000200000-0x0000000000202000-memory.dmp

    Filesize

    8KB

    Download