Overview

overview

6

Static

static

3

a034da2647...18.dll

windows7-x64

6

a034da2647...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    142s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2024, 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a034da2647ca83f6ca28bc00d6af95b6_JaffaCakes118.dll

  • Size

    539KB

  • MD5

    a034da2647ca83f6ca28bc00d6af95b6

  • SHA1

    5d6feb1a0b8ae02648549a2b10b42e0bede0f9be

  • SHA256

    1065190f57e9153f5cabf41453983e8f0238b5a428b90420d8e317f5fae62f3d

  • SHA512

    df70e208dfe888939db76c795752b85fa84d6ee621c815974579530b0e330317d61c04a982d8f1136dc76093b3632c50a1748dc303c9777078e403c6555dd4ab

  • SSDEEP

    12288:kn2ObcqDfhwpX7WkYVkAmkPYuVootXtm9aY:6cqFWrWk2kAtZGoJ4P

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a034da2647ca83f6ca28bc00d6af95b6_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\a034da2647ca83f6ca28bc00d6af95b6_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2656
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5dbb2104d3aa3d91c7b3586453da8607

    SHA1

    3d626db71fb2f1e382e2b921de8d3b6129b4b448

    SHA256

    4b35d858a1102bf82e2d4e988e031800e35f690e455e00685e90b6bdf36fbf76

    SHA512

    ff098f5c83185b19f46229a76bfaa3959f9ec4099c4dcef6ed9e712fda83e24d8eda13b3fdd26fe13821ea5c8b87e0d6abd560095355d3bba0935162a8f1a90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b10809ee46f8ef40095a246de150c533

    SHA1

    a4ad3bf59277f6ac51b4152f71945776285330f5

    SHA256

    5ad600eb6e1510f8b3724a7db43a94a462780b09aa85e0891a8807c777814ee6

    SHA512

    0a67d8860e9da7fed38ef545475acca4fdeb5d14b2d734ec9eec8c0afc1b051077ec2f4c928034835c577e2dee07f296d5990d02b5d968caf55818451329e2ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39738cf3c211f9a9b7be0f2789104cca

    SHA1

    fb8205dcb0caf7a5676bddc946d9b2f92b82a556

    SHA256

    49caa1d104df6f3afadcd0320bcc0f00137f996b55ecf3bcb709b54adb69873a

    SHA512

    f6fd4d3c330f26010fb61e2bc05a083ceec63bf76b45a1e68dd61a1cd021b8c4a93c56706bfad9f699df5a30a475eb98e8d06fe6a5ae8dd9dcfe6adc73e3ef97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2f18b611cc58bddba281227590e1d5c

    SHA1

    b74a1602995e0c28fc281df7d454c7be41d6b78e

    SHA256

    75e9bdf865280daa2ecc1af9719b902492056b04bd63224eed54f366f9f8422a

    SHA512

    7dfda1f29bc581d29e02804b696e5304e8e7e0d310468bc4ea7497ee8eb8c0dea1d185ec0e5e669a9c56ec048d7f1e6d7b2416a7f84900b43bc0f53d36428cc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    821dfff2d2d5e17b74412cd87365aea4

    SHA1

    69c0bc517e0180ee8465d7b972ea0d6e4d6db152

    SHA256

    d78778cf6beafd10e2b6fcea02b607515b4016cb605899a1e3d1aefc57f4900c

    SHA512

    ae75c4e52f126016b211a6e658058bc7adcddbe9102c58d79eb79f665e0e211062a168f780ca661835751c5b77cb42944b96baf9152b31c78110878e1361fb87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c25f1a15d521896449d452dcaf4be13

    SHA1

    445843d70198a9f2cb7a0fbf11467a19d527e3ab

    SHA256

    4bf099fbef0d54adcf7ee489315a58e27c336521328a3bfcdbf6a39da3b4dc21

    SHA512

    97856a511a551006a3e88aa7a487fb2b568001c05644d3f9e1042b141e0f2e2229bc44137c8812b79b698f4cfb47d48ae77e8978454cc05e1fff27581306a9b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a5db86d0a42a5f547f3affaa29607d8

    SHA1

    8f7fd29715357bfcfa7a29bcdacd8f00c8ede55f

    SHA256

    4cfe752a64c89757c7ad282a98663fc0ea465b9224492d90738afe1710f39218

    SHA512

    4468db38f4b07b630a7ce41db38bcf6b09646ea9ab94fbb0d72164d45014c8948dfd665c4447d7652aba3b3d49b04f1393504639db1e592bf061d120cb683bd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ee316d60fa58e944bf15e12b1066171

    SHA1

    21e97d2803b2b758be1d18924c5d2c754f6b6e26

    SHA256

    bc7d41fb64dfa60fd08556573805d97452932856391b2e59bf0cc5dcd81dd26a

    SHA512

    6e692897c89037ca0cf0139efb3058d2b9d7e28dc100152f02a7acdfacf28f41ef266fc7fb426f721bdc2a2d2dbd9e925f142278b324c6e59370404dfdd15390

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    697147ece4f999f52defcb8307d11b78

    SHA1

    3fc480e53a1c384a6e4f7ff95a27918b6d75120e

    SHA256

    4ff08fda321d198d613e066afbae0d82ffc7bd4a25389ac1c2d4f3ac77817d20

    SHA512

    06eb2bb870fca79fbb5c18c8d8d1ccb156d87ecc4d9b9e852e54f289a2ed2e1e4388a0de0593020b2d3021656dc69d17e66a9c3bfc992cae039b279d12967139

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    041a9a17c74488878e56df187c428573

    SHA1

    6f8f96a3bec3c5c04f0bd03027008725e27058d6

    SHA256

    defbc7241f27fa58aa7da72d87ace5560c4230c1a46d0c79b2bab3ca86db0760

    SHA512

    3a334b02e02219b5a1f69bb1c1aa094c940b9ce14844a55fa7b0dd0e3f47e83f70d382606d77f17c21d68b841331723416436a5b95ea7e49c6d7e2f5edc0932a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    908494f830da609ca02a9106a2d92da8

    SHA1

    de9d26ce36cc5eab35925da89c3ebcf4bb7ae2f8

    SHA256

    59452ca5ba65247a63a3d2b016fb7b0594f60c5c3b47c304546e30455b867072

    SHA512

    f1c7421b408c59a05c0b64683165b42d5d1f83f79c340a650aa0faa26ca82696a646197f786b5bf8c6af4f6774e756364258af875e55e4ee471746433887f55c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b1180b328390f6737ff3ff5414ff59a

    SHA1

    a39a42e64780527265a95e0267c27fbb039e4e7f

    SHA256

    cd35c6b82e4836f2d51260a811db88fd681a8260fdd71f0316c3e65cf0b9ffa4

    SHA512

    0e3c55ad3d3ee7e59dd5460690cc042989f84fc00d00b3d85cb71e2c1ac25d0b6aa769ad99a84ec8f380dfa3415afeb750a5f9e5650eee1b9a126308c91d8a0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4bf4d0ba80f39f993352adf6507ed98e

    SHA1

    a9117d0d88ec1304fbaffe98e8d2a5e5749227e2

    SHA256

    0b9092a8b587b9f7eb5ec2d3ae4619f10264f479e74b29e7928bdabcfdce01cd

    SHA512

    6d7de6e26cae7745dfff20e228315d0ca1ea5ff44899cf76be44a29bcfb2e14c2c492fa2437799415c3d53218d5cd02f2efd3169f8f39108e689d95b22bac5b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8645db4bc495acae55338e3c5c46eb7e

    SHA1

    ae9e30dc2548cb16d352a7a08a90212f37900f26

    SHA256

    71e57de813763d837d6637a249e52b5f06aaed1a870196e8b9d5b836b7389b0e

    SHA512

    7f3b0230277a73fe5ca24fe7c4dfa40941919f40cd3e5a185c475842233b001e6e9fd44f4ea4d28609b3f2846e806c7f1b1321a2db884c9965a171e2924f2a4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23df84830792904d8f48db6b25412779

    SHA1

    c72322c3c7bb7f9a786ff2f06d12678a3eed9e80

    SHA256

    082f8d0d4808805d8e084056f25f0f570f21901145b54b2064849c1fb25dd588

    SHA512

    14d70d237341b914216554680c89ac153e111e6c14edf0bcec3616da152b1a4499d0afbccc78f4e4af60e92b765859f15e6d1d3529e07507315f0961b4c94131

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c23462ce6aeebdb31de795b716b711d4

    SHA1

    1459c8f1fd807b0d55fe5a173ab93e1e480e587a

    SHA256

    e3641bcdd4643982c99ba74e0876e411c83a479a76cbee3c5175dd719b3739dd

    SHA512

    ceadb6a620370481f60b32b5967ad0aca9061c9e5b6a7653af41eed32de72edb991cc312ae2f755e69f230ca4f94592a61be5ee33869f7a548437217be3dd2a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H1FOMV1\arrows[1].png
    Filesize

    11KB

    MD5

    0cb2e5165dc9324eb462199f04e1ffa9

    SHA1

    9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8

    SHA256

    67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865

    SHA512

    7a285c4a87b9f9093b7ba720d8fe08e0ad7e2ebde9ef8c8d11b70afa08245af8f8a7281c7b3fbe8bad21c3afde4f32634d3bd416822892aa47ba82c12f4b8191

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTBGGANG\sale_form[1].js
    Filesize

    761B

    MD5

    64f809e06446647e192fce8d1ec34e09

    SHA1

    5b7ced07da42e205067afa88615317a277a4a82c

    SHA256

    f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3

    SHA512

    5f61bbe241f6b8636a487e6601f08a48bffd62549291db83c1f05f90d26751841db43357d7fe500ffba1bc19a8ab63c6d4767ba901c7eded5d65a1b443b1dd78

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X761FPIN\123kah[2].htm
    Filesize

    15KB

    MD5

    cd4edfa7f45818206b4e5563f51b37ef

    SHA1

    55f17c11123988f4d55459b59b602ca63f95ad7e

    SHA256

    eb6c6f02ae85dc8f19d7cac83c2ff14f2a764e65eab051412dfb8f45860de66b

    SHA512

    5ac585d7ab0f777e14b163b983fdfe50cbe57f9cff383200a8b876c3c1722ce55750c8abbf1f890619d11e1877ede609e998ae195c00a782ca5e869a2e662e5e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab657A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar69D1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2656-0-0x00000000001B0000-0x00000000001B2000-memory.dmp

    Filesize

    8KB

    Download