Overview

overview

8

Static

static

3

a33dcb0ad3...18.dll

windows7-x64

8

a33dcb0ad3...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    74s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2024 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a33dcb0ad31ac46f9c84dbc85debc541_JaffaCakes118.dll

  • Size

    1.1MB

  • MD5

    a33dcb0ad31ac46f9c84dbc85debc541

  • SHA1

    1cbdbd4a41ecda0f9c73043f39640c1cce6d2641

  • SHA256

    2f29d6bf03b9d02d27280616b665d88667cecc07ae3bfa3cdbac9059970f0ebd

  • SHA512

    86d0346cea2f78419349323519629feea45327f97e3398d5efe806008b53a3c3c4fcb4460d42de9f5942830954551634b4e00b6b783ba0ab38e849e79a6bac42

  • SSDEEP

    6144:/MvJ7Kibc7bMyfSyRMaWuuZOjd4ABfl1Fxndbv:/MX0bMSEaWuldvB7rdbv

Score
8/10
discovery

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a33dcb0ad31ac46f9c84dbc85debc541_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a33dcb0ad31ac46f9c84dbc85debc541_JaffaCakes118.dll,#1
      2⤵
      • Blocklisted process makes network request
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.unrealboard.com/index.php?app=custompages&module=view&section=display&do=show&pageId=1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2836
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73089e839b1d9dc54bad2b26e8f38c69

    SHA1

    5e77aeaa5ff2e17856b3ce462881dcecae3ec6de

    SHA256

    9db7e997b7d22064fdb62f4fe458a44d281f7207a5b0e9e4cbc5443d7fcee2f3

    SHA512

    f1bb27503e42600c2ce38aa6103d30cf92b56414306e7a16cfdfbbdb72d8fb8686cd15a9fa3dd85bf4fb29bf68fd1e36280c8d32c7b6bcb474694d9d93e85136

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e91068a0989096c8f5d7944ad855a08

    SHA1

    1fae05bfbb5bf2a2e9759d0d73799cd893670e7c

    SHA256

    a35afc29c4e134d231cc82a9d661ff2c3e5e4e55d2343d9daf8336e4714e3410

    SHA512

    d67958344a46ed0e7a404c323fb6ca5f8a4f2f0255dc1c7c3d91167d1b1788913d55382b1dfa45b70c7e3f70e4414eb118c6cb30031386623b7c3b6bc67f2daa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    110bd88861d19538cdab3ff507525125

    SHA1

    457bc2430d18acb1faedc68174ba715d05ddfea8

    SHA256

    744ab5c62ef459a56842f8b749ba170737f50ecb207037f815fc7ce40951c35e

    SHA512

    438f6b7cc81414dde07a640bc5c0855c8f065cfc2594db235563d77b0e3212c025013021307bbdd2d8dab1c41853f0065630a00165c1ac4214b6f9459c8497cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46ee07cf76804bada50e3a7c5276c0b3

    SHA1

    97fccd7d1cdd757696c6450d51ede37b2d07404b

    SHA256

    059207474d9d944a0ea3a31fbac54b21684c8fbd1ce0df93f787d44e02d34173

    SHA512

    5d25e765876c5a0960ea6d425c7f20884ca4772fb6ccef458ae5c8df67857c546a062b1c4e6342050dd101bc030e630cf80bec2288a484a6456d26cf9654877f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    918712f1ce3da2e12f35ab5185cc04e4

    SHA1

    9150cac3c16c883324c2d0325df5b7959a4398e1

    SHA256

    94f96000c253ecc47aabd4fe0d483211fd3971bd2dfad23eb8793ebe32d4e070

    SHA512

    b3f78f1b8cf620931e4c522cfa6e07ba492c058e446be6438c883b1cf89c1db36b3d15f1d4f3c6e92e5a3908a9c5e21d5acb51ee3b777a9f5699bfb99dc0427a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48fc0d320e1b65bb6fd26968d4b0f3ce

    SHA1

    1857d92d011fe905144de3b68521908c1cfbc7b7

    SHA256

    1965c72262f8ff004d15ce57a6fc8c5af4a7531f45f8d5683e9bdb5472bb71de

    SHA512

    44247de0d3a20f86a2e64285d6dce713c6ad6ea4ebe6417e9bdfb1b214acf287f6a2ef33c56fd2417f53aabf5be763d6e4b0485efd3f9739b59f5a6089a761f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1c0f3038fbff0200c30107460f3a714

    SHA1

    8d9fc98c1df9d4c7db014bd2ac1ba981ebc2c9d6

    SHA256

    3a958445112e987f9a01a78dde9ad9472126154934a508353c454040a6465203

    SHA512

    e024ef88d33fc62174e24b5467e5c9aced6c05c54396f4452c83d9cdcb6c8b9d38dea2a1a158f0d5215dcce72a7c0d7c7f61ccb8a5fb5c50542c01c43801d952

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6ee8b4caf682e9f274cb62f7f6ea9e8

    SHA1

    daa0ac0aaa0908123385192f27f7d852616c293f

    SHA256

    f86a4d507e5e9b7e0963822ee2c1244ba1da7b292deccb599af941d9277d141e

    SHA512

    0261a0f4b5dee40e99dba1b99c92302dc53b6ccf71a127d2b0dfaad8a46ca82c022c54ae3fb61dacaea5bc1e6f3c499f73ed584f992da91ca1a82ca6b6f2a65c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d11e135a03cd127c5b77bd325bd44339

    SHA1

    8722de9305e95ce56cc97e1d4f4cc13a11e0d17b

    SHA256

    b756ca1da78234c5a0fd1ad04b576d4cd745213eac8670a72f2ff5abec6d63f9

    SHA512

    4f791f4a0a13d4776e36af1148632cdb9cf781cac262e56ae9e14c38f366bd594e1cec0f62e7baf78f21e489e8e4d86a2ed4885d3d7e2df1456fe1f03c470708

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34b94a2a99dc299f590db5967417699b

    SHA1

    b6ee6ba2fd1fdd352ee5a31b6451f365834af90e

    SHA256

    4a1a2e4a7cec60195b486702d7522fcb061e364005efc2662560c6184da8d172

    SHA512

    300151a5098766f5cd56f1c59684bc73ec7c8b2f94fa21774a88bade634ef5fa71d4684691d4aeb4e3adc44b9f334738c406c1cd755e0e909ec9a4c0b641503a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25234f7b42e32ffba717cfbafd2f0d35

    SHA1

    c867120d0ac1f4c37705550766d9b21147f9a2a5

    SHA256

    39480397eed980743d49a34c53c7283a67cb2bc41076a48c65fe8f488f6c8d6d

    SHA512

    7f908d855671853d964d7d521cc27a4993935847b4342c3af0a3d11a9d31f6ba311d54e9770bc6a27d1fc6ff8ef16c849164d5d3c0e08e9ee237a96f83cdeede

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6a796679b7955b5e59b5204de7298eb

    SHA1

    84edfecc25825c1a3af772c71ee579cbbb0d080c

    SHA256

    80401a1fd1caaf24ad6805e3bcb3e5a5b5ead310af0c7135f03dc2338e940468

    SHA512

    9cde5940799d6ae7c0cdd768a8d29615eb10fff49a23a14c8ec8852fd8d56e515d290b0e40eef47c2f30230d7bb199bc611ffd98da177f3f38ed567b76214d2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd2b1a9d84d407e5543ba876ac323d53

    SHA1

    f508d90d5697296dab5bb37da462043d5f12db58

    SHA256

    378ad92f805c1f0651d2f5f179ac3fde6bc81dd5fff9ce18489e8923ff2e285d

    SHA512

    6c85d66882155ad35ed11341968854575a62bd534b7a70b64138043e1c237e26728a2ac69f84288e657986de4d752c218f138fb10e9423dd71556989060c012e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fefe1e14841b66d1830778e77d785faf

    SHA1

    7a9002b1da73b880cec9f8c8cc92baf4cb10c2e5

    SHA256

    f622c6c04889cb51d1eba776f4919c10f164ee0358789554e67aaf972eb56251

    SHA512

    93edaa7f4af0e7efc5734c94b1c505094ba99a7e293aef73db50b05370d17715539ab7606d70c5451f9075beffc3290ae2d84bb3ea3e09146c6a3751ead7aaf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f59a1d3945db5d6d8073c560bff6b54

    SHA1

    efb8fa91a4d2f8c72dd72fe8e35aab2a3ca83fe8

    SHA256

    3a662fe83f631f435770008359bc2ef3b39195a0ebdebb383c9a6052adc6b806

    SHA512

    c50ab05a3f20f525a748cc264986c72ba1718002166ff07eef51712ddc38a61d51f59ec7ac7765e20ef5a254239f611bd95141da651563612093a732e324d892

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23ac2b731a8709c5b588fbc252e55444

    SHA1

    587f06519e35cc02aa69a4d2a178c57c9db80ace

    SHA256

    e3e905c4203aea6797137a7465610e6fbe47d67d95a5eeee86498565483a0de4

    SHA512

    91c607fcb97c3fb8a7f0ea1948fd66ec37630dcb7316795b768abdd7637661dd68014de666ff6f60be2dd17823f09e9c90aaecc7ffcc160a9d245c3b8c55b0e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a02f82831937a65c0bedce69f108cc3

    SHA1

    a71c3d1bd8ce3f407d0efd4131770b8c37701358

    SHA256

    a8fdf8aadf93fe29dc80fd1fb9f943410534819000c14b26aa2de3cf5d5cc339

    SHA512

    1a28a98d887b129bf9240577aa01740977d4bb01c172eb4f9ec9466800e09a3bf11115ec143df5a314aa99f763ed37fe6c5420dfd3c5caa4980337403f1c0586

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    104f52d255fed2cbb7b318d2e239c6bb

    SHA1

    c5994f2d027748d8a6f733d761a6e8cb5ef6ce9d

    SHA256

    3e95013f583b4f7716ef768cdf36ee920ab0c53c68d2b6f05a35345aadff0ff8

    SHA512

    27d78b6bf5e5e1b0598d5f7b895749c1dd6064ad61c71af5f20fbc2faf88e63c28cfa35bdb59582dc6dcdeb5ff1b86c6502cb8ba49222bfb7f88d041c1e8845f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat
    Filesize

    776B

    MD5

    1bdbc004129a9c2ecd9191f499981490

    SHA1

    1f00434ece2665f67af6fdaa3cf89da13ea41996

    SHA256

    0a359a72668d6b32fac4cc7edb3980b52da9d2876e7ac2779cc243d19e4c2c65

    SHA512

    ba52db38f727fdc54c8eab2d762da0dcc2c223cb979bce205c67f602b6fb852f0d730c6a3e512108201d211983290aa7771b9fc2f5389e0fcc24851b2f88216c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\4Kv5U5b1o3f[1].png
    Filesize

    610B

    MD5

    a81a5e7f71ae4153e6f888f1c92e5e11

    SHA1

    39c3945c30abff65b372a7d8c691178ae9d9eee0

    SHA256

    2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e

    SHA512

    1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD471.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD4B2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2376-0-0x0000000000760000-0x0000000000888000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2376-2-0x0000000002370000-0x00000000023B5000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2376-1-0x0000000003BB0000-0x000000000466A000-memory.dmp

    Filesize

    10.7MB

    Download