Overview

overview

3

Static

static

3

a203317173...18.dll

windows7-x64

3

a203317173...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 09:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a2033171730495daf44e8e958105e75c_JaffaCakes118.dll

  • Size

    732KB

  • MD5

    a2033171730495daf44e8e958105e75c

  • SHA1

    cb7fd8025d5721616760e6b8405c3cbffb023c62

  • SHA256

    42e9b0aef3f1f745e710b8971d4e3a36c0886a6f21dfafc125c259e69864dc95

  • SHA512

    1f1024904048bfc88e14954af289d30b0adf40e41980718160a672df1ee7ec4a18519ada34c29fda7a2f12be74f5e3f8c7f528d71d3542c69fe7a92dbf248131

  • SSDEEP

    12288:zBH5H5l0wzJFkQVW3mLOb87racOZVq6O1:zfHJzI3SrsXC

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2033171730495daf44e8e958105e75c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2033171730495daf44e8e958105e75c_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1176
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c start http://zorgee.ru
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2408
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://zorgee.ru/
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2360
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2092

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          b741f7b15a8bd41e2d25e6579f41836f

          SHA1

          0c9b0fd4b9297174fdcd04a7e9994fbff738cfc6

          SHA256

          37bf06c40894fd6b6e3ca7228d05b24a35b77dea2a06dba18b8a03d204ecbe7d

          SHA512

          b2f85ae1bf82094981ae73ee6a87adb29c7959a8a8a685a10ba57a0aceb30b7d1da272b28a7686db359512ffd17d8933bf5c00132453bb3951ec6b1962500f95

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9672da449465e85d2999f4d060981ba8

          SHA1

          8cc57711595049c64e5b26a5688d7aceb370a96e

          SHA256

          4c69770ac6872b4b7cac838a8080f5bf06b5b2f0bc897925d237cb106fa2595e

          SHA512

          0295dfb67c7ef5fbaf36c3859cd1a6b3be9eaaa8b147ab899e241ef51dbb152d71d835827e8cc11863df722a958dbb0a9865d871e93c2fbbd4a48623dfa67aad

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dee3ba286cf1fed052f82d0bc700793a

          SHA1

          bf73639c0040b6c6e70ca395b74bd18e60784031

          SHA256

          082130c679b510cb831f19bec70ecc67c2a0b72a34da4e853c240818d352c5da

          SHA512

          0cbdcbb2ea94807913c9f664d41f1b23f05f3528eb410082212ddf7cf42b7bf29f203d66f4e4b932a284a040ba4d9a4caa275e06071bbad100ebdeb119c43491

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8f623682eadad0e1b9cff45fcd7c47e8

          SHA1

          c35616cea22ff91f708f2076a2f2450a95dfe9ab

          SHA256

          fc583eb6ef15c093a1e1a37eb7ac8f8f46e91180388aadadd6b6a5d22bcc9f32

          SHA512

          fd355147aa1621d1dad070be9cb4b268f93581ae6d19909931b2c71e7afcfd4cce1ffdc81da33f424064bf9e1d41a5d7951847045fa546562a14f22b274e4a74

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3373f29f791415c778c7d9dd7a128382

          SHA1

          ff730b3b4d4fdaf035be34941d88b0c603668ef5

          SHA256

          5d5e5952fdfd17a4e4f29f95df260459c55dd1e485b3646eccd3aac54ab80429

          SHA512

          a90fc3de4d7a0921fc321610dbde18dbc82928c742aa8e37268ed79f17cb550fea1be6d0ef6cd17e8b4beefb46de230376f1251eb596ece4cb8ee55980f8a610

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          18a6bc68ebebd397fa995016ba222f7d

          SHA1

          7b8bf305e220aff3bf285ff3af992dd0e5aed60e

          SHA256

          4320df8d3829a21875e46906c00c779a08fb251375e76ffe7d74ad87041da499

          SHA512

          0f0ebc52338b063d445fa9a20a426c730feacf090f19e46c0027efff49254d7092f2175b59e000b22fe527de76ed45eb01c8a79c6f2d879dcc8cdec85d3b9bde

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9d3ffd75eeef2d56315ebffa68d6b427

          SHA1

          cf613b49498d70f8fce331017a3341548db4f7e8

          SHA256

          58bde481e06d4d31a95d56a270c2f69922b55a5cb00943642949a3af60a947d5

          SHA512

          f951b3c36262615fe144d92975768248e41e55b0d4cd9ba889f9be6019bea470d30543e044b80e51cfda5ac83a52e0312f10533d76ba2a011e8e2ad293b14dc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b5f1a983043d91064f425fab3c6d4653

          SHA1

          cd05e4b4689e7a89cfcab945696a9d7169d24b68

          SHA256

          348c5eda206a0d2b54da1de2f4702bac2d614a9d529f406ec2029ecf1540ab84

          SHA512

          efcf9315f29680c04c78d89b1d714330e0c335b21e94d09e7d4ce497c10938a820dd829f734afee714cd09029acbbbd0206d1a3f9c1962ffccb5919b980c2b99

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f6e879cfcb5f66d136e2df880b40627c

          SHA1

          6dc1aeb27a3d89a3924ab309016a06f302a928bc

          SHA256

          b8855a7c8f2c05fdf1dbb22dc024ea8ad4ede51e99d0113c9ef0ac2c883b86e5

          SHA512

          e079851d39777253fbd39bbafc76339d1f445a383e6e754c766a3ed0d6dd452cc21519c917694391262698183a2127885167f3b681298fc1a9fb86f0c6df4caf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          58ee688100694368b0cc4218e1663e54

          SHA1

          a0dd91d1d289bb103ec982b9a2117c1ee6e68eef

          SHA256

          4390335496852a062c6bff56f7442707926d58b5be9cd7f2edb7c14affd114d7

          SHA512

          370559386a88f4d32b86ede8b6adc9366c42f2a81531f7ac0100a7feb3509a031bf56d59aabd6f0c0e04ab9ee5012c5010ff63da1fbd93a1cdfb5c3c700722a8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bd79598d2709368df58ceee305b54c60

          SHA1

          7c8a78b80a8907fa1a79468224d570f9eb0bab53

          SHA256

          50fac4cb68c691b95bced93002360c33378110e11f76e424c55d652381ca60d4

          SHA512

          8f2a13bab97ac864444bc6fca2f8da27b86ceb158367a3b4d9255a91eb7a827dccd9433bdc35320d0b9d4981435c37b1d0ed34a2e436e9a5643d0dd2aaf734a2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8a4a3fa1d82593a1c759b418696b971d

          SHA1

          ddd91f3caaa0efe0d9c04478ea1976364606975d

          SHA256

          33246f00a40eb447c25af9186c07aa3ec2b5fd680d02e5c2122183544a5be38f

          SHA512

          445f514144450f4ef78c0704eb1c6467b861b7a6988bc77f56f89fff3db71adb0ca16ce2e474e13a53c90be7c2e69f5619884aae74e06b3f8e8c043e8eb3d9da

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          739a65622dc02c060c6da6b2ef57ab35

          SHA1

          04b48b7760f0d088cf3464b2478c84efdaf063ba

          SHA256

          b304c5db336c06ebbfc78f9ca50bbe95ce5c1814f1e2d664314ce91770eca707

          SHA512

          b155e37520eda104aef9a31759f08a7c7059c368ad85fcef3a5de022a8888d9a3833ead42ca0dd1157f59ddcdc55120f1f22c54998cbfb4c9367765fef0c7b0f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          f19c3438b1ecaaf56a6e74fd9704f86e

          SHA1

          6213957e11070ce1d414370863a4a05b1d6a9a46

          SHA256

          b893138f7bdb149cc364ab8758303e16b720a3aabd38d6ed8685c4c2ed5ca424

          SHA512

          45df9adefe94d4b9156ed085eb32f1dc72741f9cc033834283aced3419f398d15d3dfad17eeda12ee96bec1f1f719a2be81478c6975955d6e21bcaf952424951

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab31CD.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar328B.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/3040-30-0x0000000075060000-0x0000000075119000-memory.dmp

          Filesize

          740KB

          Download

        • memory/3040-0-0x0000000075040000-0x00000000750F9000-memory.dmp

          Filesize

          740KB

          Download

        • memory/3040-32-0x0000000075060000-0x0000000075119000-memory.dmp

          Filesize

          740KB

          Download

        • memory/3040-2-0x0000000074FA0000-0x0000000075059000-memory.dmp

          Filesize

          740KB

          Download

        • memory/3040-1-0x0000000075060000-0x0000000075119000-memory.dmp

          Filesize

          740KB

          Download