Overview

overview

8

Static

static

7

9ca13dadaf...18.dll

windows7-x64

8

9ca13dadaf...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2024 02:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ca13dadaf32bca689ec86dd5c69bc5c_JaffaCakes118.dll

  • Size

    216KB

  • MD5

    9ca13dadaf32bca689ec86dd5c69bc5c

  • SHA1

    1c6da178f7b9c3ae28a2370fa797385e993775f2

  • SHA256

    88da80af3cb1b030e5264bb64fb6e8e33fbd952c88be17ce3c3d064bc641e287

  • SHA512

    f9856044417e7e1a1389d182d40f2920080cfee4c1c7cce69c2b9d59fbcf0d91f666c2f464576f9fa87326c632562915eee8fd26ff5b2b9816e2619c8fa62aba

  • SSDEEP

    6144:Hj4+5PYFPco1Zq/TSucVWPo4Bpof1mslhx:5YFRZq/TdUWQ4BCmsP

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9ca13dadaf32bca689ec86dd5c69bc5c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9ca13dadaf32bca689ec86dd5c69bc5c_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1984
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2408
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2592
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2864
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    647e23d3a71693c0da765da390039fc5

    SHA1

    c37bf9d08ef76f42046c50760929853e79f58a5f

    SHA256

    736430d9ade0229066a8aa45c065ce409a3d785eb6aa62b254c62837d36d030f

    SHA512

    771eac6cd8db7e4dea28be8c7494e44a4f00b62c1e3fc0ac0b1685740d3b51cff7277c507be27ba964f213d8ff55d6f9fbf85ddfe57611b150a506e3e211b70b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6771af1e79ae2a50fab95f9cf81c63fe

    SHA1

    2ecd5d0db38e6b36c225a18f4d79cf6ac963c064

    SHA256

    6a2da9e2abdd1be00c4c3da8577e54bb4114740a450c7c65ecad5f946cc1d7a8

    SHA512

    72693b587abed9797abae31be565949cdb4fb4b7531c18c113a46d7eb69312d10908f876163c953ee40fd385ad3582fbc2a0cec79ae38a71e2acfa631b4eece5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d552c01dee9995c3179fcb8ee749959

    SHA1

    ec1c7a4be02f2993a4af29f9b3ea9c06a05cb8a2

    SHA256

    9b9c7191006ea54525d2f872e9540532874b856abbc67218b30a8f9e521df279

    SHA512

    6e7dc3c57a96316d0b85d73ecceacf9f4114552cefc64e2f703280ae522773b4d1923cc70eabee03b10bbbf6f374ecca504a828910241e1c1a22103904c64a2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e26909e78db9af13b93ff66d9d29aee0

    SHA1

    d31b6234ad450f6968327ef2b603d9817c6e120a

    SHA256

    5c230e3c63722c3f6d67211a1d74c2a53ba6c7ffd76c478ef7a3a40b5e57d7d1

    SHA512

    6d764c4d786e95bdc2c3d5649bec5f257eccc290c4696372ff52881fa9572198104f0b8098c0d64c64691b773a79b8b43312658a7798f45b08693ca44b55252d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b5d08a959be3be5c2d28b9867d0faae

    SHA1

    ffb723d30bcd4efb71d4d504f084a18ccf764193

    SHA256

    3bfa76be0819252118d7b080d80b4f45aeb433c8dbb81d684862805585ead4ac

    SHA512

    8d9df9468801c90a09fa0f20b55f5beadb559bfd3fcc4c70836cdc82cd82cead0c717cd7d07baba76123829e60a1446b8979580ff6f37edaef27cc937c88aed8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59bed0ff6226dbb096ffa44289b75d45

    SHA1

    fd9a804fb920e8fcc10bd28aee0e9ffead246059

    SHA256

    97542b497c107efc89a4b64da2e1f34a61d24b8354492cee5b1b68449e7ba23a

    SHA512

    ef46626546a8df25027ddbde8fc4aca8451ee59ea579884cb230b90fa480bebca307a0e241474e4d54f039f02242520b835df19a08169682f8dd94e92528b7e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d9178ca697467d3ab0e6458495b4a9c

    SHA1

    b1c0ec8b9b7e9ebc0563d4d3044220e867e4ebb0

    SHA256

    821caed46719bd6050a07a5ab147de7582929b7387f19263f4abba3de27045b8

    SHA512

    872d19538eaf1bddf05ceb7c7579222cad90f142773c5401d8237e78de103b1471930af10e8904ada4a5bd128cafe10713e951fd5084d9af10de1f0703d7dfae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e524c884162868f23b6d7685612b933c

    SHA1

    c4be18773bb37295722c05dbdd9d02861c1a649b

    SHA256

    4b25c0c9db24d6b80fa364f1f655fcbd36f235e44aaa1fa34ca8c399ba6a8966

    SHA512

    3d1e9cb6a4ccf3bc7aa769e1dec262c9251591cc9d2164a256c2ff47be52bdd7fe886f5e87f9a7c412e08acfc115ea560c750868214168185e097ad716328864

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe39ce8b17a0344913b6b2ba69f7c475

    SHA1

    7cfa3f889c6be34b6032faf365ed6cb64b750d6f

    SHA256

    cf3a9a13150297ac7ed1c6ce6c2a2f78c942f4488e4abcb3bf908da3b939d75b

    SHA512

    2375be442e9dd21ee2b53e8090aaa2b7a6bd7425e044266f40615b322d63b9d5eb14c34135f53513fe32844b75b854866793d25f68a2325da0f7e53204483bda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b877af137090313e65ea55efee0df993

    SHA1

    1d8862e591e7e6c9fdb49ac4bb7f1a6242444fd2

    SHA256

    f833d82cff04df5d776661a96575701d7e5ec15841253343a71256e7ae2bacc9

    SHA512

    f50232746c1b0e427b340074f548b7f3294399296f0ec166af7f0046bac811ae77afe69040a936077603015fff49a5f84c1b266de0c39b112f0b08cd0d249799

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66e1a6b209d6671e73dfcce1d304355f

    SHA1

    3034abda5ebf021fee94baaa34057240d3dd5a52

    SHA256

    4837cf639858f4b523a2c8e8815e203f94ffdaa8ebb9d41fc473cb6ed0f22841

    SHA512

    65a6e027f104312aa3ea40a7bc5907243088478b1bd84f7a8f0fad4e334a6a6867cdbf60eb9ebd158a8a7144242d077ecee4ca7c27c68b38f063fea96dc0f9fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3577dfde30eac143a7e49a75aab527d9

    SHA1

    baa2c26cfcdf40adc77ea58a8acd8ec441d71e97

    SHA256

    82a352e46ba79e440b243ea1a9e40659ff2fd83276724701a28b765b53252e5f

    SHA512

    3b53b126276b017aea0194ccf59fa4a615e4027fab447f2c93cfad39cb04fb7bf872cb7c5626fea2674d8a2e62e498873914f8d66d23304ea8236083ccd7e13b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e8cb638645cd392cbfa07cd439b22d6

    SHA1

    08c29043da03a0275c412a22c00838e48973565e

    SHA256

    bbc5294605e6f97f486e1fa7b3a3c63569a16b55f32cc7fb0bfc540b238c8a0f

    SHA512

    82ec54e4dc765804836688861855a73037c119603bbc7821791eb00111f2f91d73265cf3fc76bf8cc5afa0e1dc8425465951b7b4484eb3a3c2872a636aba55a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81f3aa6a234438bfeb16ce97e4b0211a

    SHA1

    a8394c49238fe1e497e444259da1615e59f154f0

    SHA256

    ffc55d99e2cf67aa8bb98b075c4b4daf056a07ff34c1a3d63d8be2262dd9e3b6

    SHA512

    74a128256f8144ad7051c6f419776b60c634f9dca6ead1171e358d358ee2f1d430d587feb35f41d10baa399f5aa8217399c4ada54a3e06e6daca37189437b1de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e513a92a377e14d0228006c9221d4a47

    SHA1

    177487b288399d41686bd5a35f19cb762db23d0f

    SHA256

    9ed7f27640f6d40b98b2d00c2bdd00ad3d47793d8dc4c32bf218962290065238

    SHA512

    e8e4c1e2736ccae1018f64a952d51ed821f33e8627284a0673702040dd2c535b29686f0b669f045f2b4f65660122d2116a8d6a017ab08ad1c054c24a08216de7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab45D9.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4659.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1972-2-0x0000000000190000-0x00000000001E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1972-0-0x0000000000190000-0x00000000001E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1972-1-0x0000000000130000-0x0000000000145000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2352-4-0x0000000004180000-0x0000000004190000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2408-7-0x00000000032C0000-0x0000000003316000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2408-6-0x00000000032C0000-0x0000000003316000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2408-5-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2408-8-0x0000000000360000-0x0000000000362000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2408-12-0x00000000032C0000-0x0000000003316000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2592-10-0x0000000000860000-0x00000000008B6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2592-13-0x0000000000860000-0x00000000008B6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2592-11-0x0000000000860000-0x00000000008B6000-memory.dmp

    Filesize

    344KB

    Download