Overview

overview

8

Static

static

7

8554b68695...18.dll

windows7-x64

8

8554b68695...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 07:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8554b68695c1a0f6e18285560eea5927_JaffaCakes118.dll

  • Size

    198KB

  • MD5

    8554b68695c1a0f6e18285560eea5927

  • SHA1

    fcfc664c8a774d79d2c45de9908418d76b05b202

  • SHA256

    764d7824cf2173fb23550af1540632cc6c32741b9aa45c09a5fbee968d1fd59f

  • SHA512

    0040bd56e6e2fb056b6f25b2b7710690a4e12ea0501c2d8fbf59e3a5f293ca8adcb533986310a73aac0718f6a39d6c366aec10168fde87ea39fed70e7800b928

  • SSDEEP

    6144:j0kiw2KioBwUZ6njNDFy9YG2fxYa8I0BQGaoSA:ZP2K7BwUZ6jNRWYlYaAaoS

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8554b68695c1a0f6e18285560eea5927_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8554b68695c1a0f6e18285560eea5927_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2592
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1772
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2032
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2800
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2900
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6414f01cda942f8e16a75ce35360c220

    SHA1

    6d17aa369abbf608584cf8272205bd4a39571077

    SHA256

    04806d67dc1562711841e58a3115cc5fe9ada7daa85d353419b89527cbc3f107

    SHA512

    6be2fa1fec6e34e362d45f991bc047e1a456c1c5a6091ab5f313a74ced0165d15c4f4f26f35dfc87580c5ce3631a440cb1186f978081307083df1934ad8457bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94514aeaab66d4ef746f9ea9cd24933a

    SHA1

    80fc835ad830572a1c105885974367ac4bb47f8c

    SHA256

    cec77044102cb0af0c4823fd8e4e6036f60b7ce2bba12499d28067cd6771274e

    SHA512

    b71191d620a41ec464b67baa148cfae04d613f68cc2b600384fcd5ad2ddd0435fa0b8e3becba78008ac3a6f8267e6300462f0df8efaffea9b020f36a8cb94612

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    364a875ab2269c8fae99f4c4d00f6e2d

    SHA1

    c309bee03e4dccedf6b356b2597c58a21cea5390

    SHA256

    61e6ba94d4d31ff222eea107f6c98830550836ab7a191fde5a0cb3ddef737612

    SHA512

    735d96ccbb6b01ddbe8f2e167c85bf7becfa5b4e3d2c9e64a2bdd26b3bcba8b9489ec514fcb00cd706fe62333ad53c438fd6f086b081b2fe5d28faa8d5c08fd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e41fc5f52eb758a97b1bb12c3764abf9

    SHA1

    3d31737f4e65cbd9b9c6666d877282e872b07ab5

    SHA256

    671348f866805d9a2cfee53fedf4a87803d018801b19a35c130ecd45602a9ed1

    SHA512

    6c37a276f7ac39b6c1a78f423c006ce5fbca9e4fce650e5c869132b8c329752783f9f58b8f5011ebc32204a6bdcfffd37941e66a93a458a4f3609037cf4e095c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fec34a7f466196eca8f77d887b68249

    SHA1

    3b58f8fa7768d92c362d306e4129e77e9779e10b

    SHA256

    3830b450bc4f34d2563468cde90cc8a9619c1e693df9af291ba70fb5cc6a7ea8

    SHA512

    1a4f139528d0c573a2856daf4eafe1138be4b17e3dfc7d336fb7968ebbb964b97d5540ea50945ec8ca942c672b8902168895332784f4893fa6a2adb9c48bc64b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cd0ea1e3198979f9c0d3fc61151fc27

    SHA1

    7446bda490b4b4570b699dfe6c9b5ee8ed80b909

    SHA256

    a94b2ad873a735fba969d96bd28781d20a14e920da65a2124e948422b2467131

    SHA512

    7b00fa032a0b503df6d07617c5ecb29a4a85465b8584fec414150e546222a8e66533e07e99c8cd7b4bf2f9c96acac55615df4c64c48ac1e759f63a0cfef60820

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    027990036a6ddf9633c6e39e32a11eb6

    SHA1

    c40250619a8b11bd35ed3fbfdb4f65408cc918f2

    SHA256

    942f3ca28f86aa57888635caa64d458e7010f7f41c5669912bb37894b72b9a53

    SHA512

    51efc17240e029771daf51e0f51176a2005a57c777a02816f6bd76c5dd04a1ff34520ae094dd8e8db633df16296ac9496a25517f22a97033df333f43ebce0946

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a31d2d2cf1a14307ab443a5e36afa70d

    SHA1

    fee3e30df15231215803a80fb1f692402944ab02

    SHA256

    df3357d130dc22fe4878975d7a6c4af30b3ee5480daf42d76ef837795028faf9

    SHA512

    7c3d805807ba4ee1885f996bf464b53c3cc1bbbc6497c939bbca02d63f538a338b872f900afed10f8a958b25e7d1b0f9f48e9fa82ae4b554a47ea3a686e80f49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb592c5250344b72bb380398d505d4f1

    SHA1

    94b6bafd1534d6df8733a72e821c7bc4aa6033be

    SHA256

    9943564a9cede1ec5cb10f416936dab812b2e21b47f8a25baed1967c66866448

    SHA512

    860c86808c3523597a650e741f8c54beebedfc6ecac034a633c974d4c99cfc38c96bc733215609bd1b3f6ffeabb1aec61f67af4e9d913eb2e64dc7d2aa4bf415

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5068d4c59d8c263f0d0b5746637c9f2f

    SHA1

    6fcc19391e49383d61ab748a1a59338ff3ea1f35

    SHA256

    603916ad7dad1b18312590631b91971de3d6d04548dcc0cbf1fd6d150bfb939c

    SHA512

    93a444d612cfc839f041a72adcb4e4f88b97a2c9feb487339017f65a4223b3ca5931ded2651e01c7d47eb990234a7565a96b00705240a2701c101a018eda5201

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63579b3dfc9c392579155667cd826fc2

    SHA1

    646236aea97332c2c2bc745d38d0d466ae851362

    SHA256

    51fb7f8a90d478c4dff0a59c6f0bff71009e1366b7e37ef8d0dcfc360208df6f

    SHA512

    b8810a66501ee89c3ca03583d334715755427da93abb71b8274316ad56e065b8f47cc206b50d24c12779bb9c7226e147a4f534d64a7e3a6c5c7f821e732c357f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    494e4c68bd8c0c6f57d3bf55e50324e5

    SHA1

    8b89721de2c68817086074842be6266d8cab2b9f

    SHA256

    0c3191d985be649a85357216b1d3f529a6c3639ac8b2a6c8fd12703784cf1da2

    SHA512

    35323b242e14a74fef094213e7e5e6935872b9cfdfd08eee9fa645f7dc890a8154944df9f74fb0cee0254902aea05793eaa61acc7639d4766d45549c39df2aa3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    440470244c02699201188bb5b044acb1

    SHA1

    71b5dee787b06d402809c477f63e5184a4f74ee3

    SHA256

    0baed20a48eb78fca6ef30382518816ce2427cd28fd26f3cae610e712535f9f6

    SHA512

    d4a2c50e89825812d5266c7d7bab597600707eeb1fa5db56c716268a64a0032c7ec779239096e01eb55c66a9f5c8ccdf53c56b2ea0b1f111f7030bc33ce3c7b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28e1b70f82011fe9499196d72b62e208

    SHA1

    a8dfb2334f697d7f08f95224de1bf5b8dffd8c28

    SHA256

    61366e63a022334d869729643b422e09d062a4e679a42e082f17b1e22b3df16b

    SHA512

    3526d17d4954467efabf4c72601ce6c8e0bc93163a74ec5f34a36d3a17e7772cc88ede40c648538bbd9e7568216da043b21c04951e145d9988e414d74de2c3c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc97c10c6a2de5cde0fa7dec1e417279

    SHA1

    b356544546c7ec95cd1cb43251d3c2444e1036a4

    SHA256

    fa3d2514b913c698e9491b65c20fa7e60171ff6666842a874bfd25aa5fa2cd0b

    SHA512

    bb696a39b41931d4f238575ec4273c8e9600b0dad31a4f33bbabeb538b0855d479404523caf08d74c67c39494bfa1f8aab8d1175c04960af3f4c115579fefde2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    946366bebd3399faff3217dc65ff6ea7

    SHA1

    f3edfa27182974139de5eae1e870940097ff6ffe

    SHA256

    41dbdc85ae4a5131290e76232a77d9aa3ba885290be9732cdb82961db8c9fe97

    SHA512

    43d4798bfd149bbf24c9025ba7ee9b24603fd88746f2d8977fddaf37f004b84ba59634b4d10da7950d4a7360f38d4791d5d0d91be0b6b107e1fd6d0ec385e73f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce82dcc6f71c99d29159122fb2f0c812

    SHA1

    3f7d33c81b4069d3178a6b2daa2221410692310a

    SHA256

    4f91337f6a7afe93ab3c07df07f820473a721196a871a6f0abde456e4a114bd6

    SHA512

    3e792a6b6098712d49ca226fa3570f629d15131afd42373ad8596071c60506da6c27163ee149c6520bb5ee6b2a98e62da2870e3580cc742dd009e3081e083ab8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab62FA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar630D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1724-2-0x0000000000170000-0x00000000001D9000-memory.dmp

    Filesize

    420KB

    Download

  • memory/1724-3-0x0000000000200000-0x0000000000215000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1724-4-0x0000000000170000-0x00000000001D9000-memory.dmp

    Filesize

    420KB

    Download

  • memory/1724-0-0x0000000000160000-0x00000000001C9000-memory.dmp

    Filesize

    420KB

    Download

  • memory/1724-1-0x0000000000160000-0x00000000001C9000-memory.dmp

    Filesize

    420KB

    Download

  • memory/1772-7-0x0000000000200000-0x0000000000201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1772-8-0x0000000000610000-0x0000000000679000-memory.dmp

    Filesize

    420KB

    Download

  • memory/1772-9-0x0000000000610000-0x0000000000679000-memory.dmp

    Filesize

    420KB

    Download

  • memory/1772-14-0x0000000000610000-0x0000000000679000-memory.dmp

    Filesize

    420KB

    Download

  • memory/1772-10-0x0000000000520000-0x0000000000522000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2032-15-0x0000000000220000-0x0000000000289000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2032-13-0x0000000000220000-0x0000000000289000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2032-12-0x0000000000220000-0x0000000000289000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2800-6-0x00000000039F0000-0x0000000003A00000-memory.dmp

    Filesize

    64KB

    Download