Overview

overview

8

Static

static

1

ae1db88834...18.dll

windows7-x64

8

ae1db88834...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae1db88834f0967100762dcdcc8ab97c_JaffaCakes118.dll

  • Size

    237KB

  • MD5

    ae1db88834f0967100762dcdcc8ab97c

  • SHA1

    1d0892d5050d78ae92300ca3c2603ba44ce124cb

  • SHA256

    233ff20921d9768816931bb07f657e7eb324457a31b33058701ba8f33395f691

  • SHA512

    a86426efc803e71856d8b53ab2218dbb41ca3bae8beabe71b125b706bac575a2414eba7717ac48256dcbd18960681d2f1ed88136398820cfb2b367cd72f820d1

  • SSDEEP

    3072:C3PH3PitAMPoV9QXwq2Zhj6Fs55lZ9OLvO2F8TMnxmi/6ve9QrFvHHCrwqVEiu9J:C/qPohhjesLtOa4xD6vkQxc8Gx2

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae1db88834f0967100762dcdcc8ab97c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae1db88834f0967100762dcdcc8ab97c_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2252
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1804
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1808
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2968
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2672
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:620 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    820021374d5436e07696211e167888d7

    SHA1

    c32e40ea6cb86590c482036ad295ae380ed83d2a

    SHA256

    f11f52bc2b692d23e8da8efee9cdbd0fa2bb20fe570f45e989f1a3d8ead49914

    SHA512

    4326c893f186adc2c16950ba2ded163a3a93f79b0114930169303bfbbf5899d54442c30a59c85a6b1e830be592bd55e11193201a019865e2de71f6ba0852c104

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    601867fce7d56ca5c43c3c9b690519cc

    SHA1

    813b75eddd7dfa1abba5b93cda171f287cc8d804

    SHA256

    eb2445147f70df5da361ec93eb4d9b4436227174c89a27875c1fa05b436f65bc

    SHA512

    23d784d74c24dcc47d362349fe7143a30ca914a77a01df71c24bed0d177e9d029c5e4e509198000791eb81b9b84689299f86b80e3c13b6943591cda9df6713c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e793b47bf0cf2194a12c0d250c20cb4d

    SHA1

    82f41c6d26682deed020b12a276bc2dd85537ef3

    SHA256

    52a2fd057c5236c9f996936ed9937f14958e9cf914e749eaf9fe2a9cc1fdbf46

    SHA512

    d64032016a8fa21c73473ced54285b552a2de304561c17cf6e387b9d5de95a92917aedd74c94f5b6be7878482a5512748e37949db835613947e6d1811b0ed507

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4abb5ef2400691f0a97eba41877ffc6d

    SHA1

    933442d1f55ca855502f5f2f191774026cd2e05e

    SHA256

    90fe6fcd5c11c807735c30a119ff199e0354f9c205e71bd73deed5fdcb1c300c

    SHA512

    8346cb51f28e92d753a29728b7764d9b47cc72a3f6bd1eb6775cc6076c341d11afda676d9552737a8af875edc752bf149296ed5db7afa852886b5e38e17adbaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf9104cbc0379036facaffbcbfae0f94

    SHA1

    43570717047799181f1ede4485234b921abe3a33

    SHA256

    d7964e612a86c0eee8aed848ac267a3b5fd02fdf3d835a48db8b71d0fb80d626

    SHA512

    e37b6fce16acf25e616c1d4620c96612e97cb95264c716f3bd53648c13de94cf759d9434798d2ed84346b8af1ef110094d5f5526268407575f77d7de132d6acd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4087ffc1bfa83842e13fe56996f6c46

    SHA1

    0cdb519a5ac1eb41b0620a5cf5b5c37cbf394b3b

    SHA256

    b224baf5968b950b1905b178c572fd9eaac98dcbbc0d65e4b4c2ebe4a98f062d

    SHA512

    9cf1e2f9427bcd4a68fb6fc03377135f832ade14880123690fd2b4c156640aa7185e6e89d3d828c5371653c6e5d149fa2370dd6c350e1d404c3df81964372f42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3cfc55b8ec498ca846a8cd792de0d87

    SHA1

    d5ac49b541d671cd09550b82efb92ef3cf73570b

    SHA256

    2bea799ec40b41359846e7010c6a1df853efe56c07b80ccf1071229ed5992eaf

    SHA512

    bb722798e85c4730cfb92be032c0ee213a159f6dfd22807ba710c9a9679e97e40746ba9994ae95ab9a6c0375066ac855ae43ec3bea42d2cf2f476a416369e2a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ddb1a6cb59fa5067bcc1ad4e147e144

    SHA1

    fce646acb2e623dcdfb59587726be9313a8fa931

    SHA256

    bbc7e25990bdb3a778d4ec1f99b756e36df35269c09122a08dd6b9d8020b2518

    SHA512

    5f391305a9938e8a51e619086b2616ab11dc012b07fe619744ee584052706e2a4d5f13c5172ba1b433fb8d2ddcf2d6054c9da2a42c9a5aa08f1fc90b762351af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad87df55d1174e890ae7153799aad07c

    SHA1

    0035d66cd203ea4b14a9182b186ecb91153e250c

    SHA256

    8b4d91f42d729a6f5afe032e5b3e32abe89b6e7097015fa2350b183de3207a0e

    SHA512

    bc40c8598d30fc9e55fe94bdeec19847a720709f07199f1e1660a5fd9a72856ef38f5b938b4b4880962bc802225ebdf45899f7297b493768f3543b9cc9196b33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a36d3163c87aa3fc693556c4e337fa28

    SHA1

    8df3d1a611bc32f4f470ba397603eaf69dd66352

    SHA256

    4cff81456f33f240b4f5a169d32292decb1106c46533e11cc5f60e34ff5245fc

    SHA512

    3868cb9deefdccbd9a8c2eb0df6fe265dbc1ad496c4ab9cd76d3a288130d332f93a8368d7f17f5bf114b9b04cd122c6f017b44ccc47e60c85aeeb9033dafe6ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20766c7894054b50a97f0bc4dd11e3ae

    SHA1

    aa9bf7f88fa0dc880e315cdba5ce7b1554be91e0

    SHA256

    7215b031b91c7914d2c6a490a2c3228f717ce65dc213c6164a1c78501e361b58

    SHA512

    e56e4627a62a2cd22aabfa71a75ba5a3a1ab19d780358b664c8ab71f7fbdd82150766f37dce5f3049097104a9e72abf73a38edcabf61e7c85d5629c01a8949e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aba799646870bba30030352bc70ad527

    SHA1

    7e8fba7b19bb00b89c42b6a3c24a3e0bc502fecc

    SHA256

    0dd08771d4fc9c69781d134ad7175b455fc2fb451c6e8cabacb204abf2fcc9af

    SHA512

    5717924aabff212eadb69e3e66ad7ea4f77428bc15e36c80c8f36f674f098f59bd5df758ce28f177f00ca0cb360d1d2a44bbfe2501733a3a9855afff81a49681

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb0e9b707a6506548eafcf720021c480

    SHA1

    8112ac01e2542aa1872539f4d72dfdf173cf0dd7

    SHA256

    c14a0ba34fdcdc2bd2f7ba5f45c7f67d828c2ef0494e55feb24d8671880cf0b0

    SHA512

    a4e55bb3fc2a413045937689578eefc902204d6290d0092c59b8ee7e2a20e8e4dbdf7636c7ccd363c8c61da149fbe1236acd9560c0dfc4dfa4745ca574710af2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    540aa5e33a66a011b1aa2d348e692362

    SHA1

    adf75838d7a58c6e6437b8c605b4ec11d0370149

    SHA256

    e198dbc28cb8aca6e2e965524aa1464e1373974dacc9829898b211c1c24eb6fb

    SHA512

    7272951a02c95574401301fd90ab29cb67b80f1d9fd985821db772fae55e903f10008edad20e4044ec043e3ffa4786cac0f8c9c2a446677fc152b86610024744

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5f929adf05c08d32e087b45f563155e

    SHA1

    e60efa0d80db4029467488adc59a228d8806d11a

    SHA256

    37bb14f451e749a404207fd672d3829099c51e971f7a3ed297737e87e0a91c66

    SHA512

    639d468277fcaf701f0e52a57970011254fdee0bdfcc7638eb73aa76c6bbcaef48d226f0b0633441faf9ab9942f41c75b9c7552a14152d3524082fbcfeb934a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3900b4ac8a86b6bc1e3cf3e5d6a39647

    SHA1

    daa66b34fc559dc5f309455d947ddb055a8ef3eb

    SHA256

    2c7689c2853e86bb8e1a29847c4178d143b2a690101dba72770520d4fca12312

    SHA512

    b668fca0540fa43a4ca8a057f2f014e694b8e6c48098ae7e24b7cd875f2a850043c5aafb1129488dc53cb6b9192981df8a543b35254dbd647127927fba185822

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95f3718b5c52450118deb85f022111ed

    SHA1

    c05e0c365948055a1dcfe811afeff10470ee5e11

    SHA256

    4e3fe4a1f526c7f69bbfd09364eeaf5bec6fb66e25ade744df30923c7c153d90

    SHA512

    08b6fec376c8f2fc050af2565f5f8a3d38a989da03a01e950a1af4382380a2593ad4914687c9c96562d6677e9e63395e718f08a43a1461af21920a42d7a72573

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67a773599ce155da99475c1ddf84530e

    SHA1

    f8140210df00d8b19c13d2ae0e5d05ac20b07a80

    SHA256

    70af91b6859a6a0bf5be2ea7f99efb362226297cb5e3fc4a8a76a6812a5518b9

    SHA512

    f44d9b360402100ea5b40adea59eae303c2269598c8becbf47eb3920227243c686775108bf4a71e8755968aecc25c09f0a31316e0c1a037bc19f00cca1d09d99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f29fd27f59b7267c5b008bf1f495157

    SHA1

    89de718da08e1881eadb70505fe79e154052f102

    SHA256

    a38b13d8c2496fafccf96f538ffd857d7af6048bdc36b5a72799d9b5ff54432e

    SHA512

    82aa2caf4fa1ff7f71dd666f514bde0c0e7a85701618cf8442206c7bf5a0d43232cfc65d92df6f37e5c6c4e9a769aab4d5c0ce3c424d59bc72765778e0a42b1f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC22.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCA4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1808-16-0x0000000001F30000-0x0000000001F61000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1808-15-0x0000000000380000-0x0000000000382000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1808-14-0x0000000001F30000-0x0000000001F61000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1808-13-0x0000000001F30000-0x0000000001F61000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1808-12-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1808-17-0x0000000001F30000-0x0000000001F61000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2252-1-0x00000000004F0000-0x0000000000521000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2252-9-0x00000000004F0000-0x0000000000521000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2252-3-0x00000000004F0000-0x0000000000521000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2252-2-0x0000000000230000-0x0000000000274000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2252-7-0x00000000004F0000-0x0000000000521000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2252-5-0x00000000004F0000-0x0000000000521000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2252-0-0x00000000001E0000-0x0000000000211000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2252-28-0x00000000001E0000-0x0000000000211000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2252-27-0x00000000004F0000-0x0000000000521000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2636-11-0x0000000003B00000-0x0000000003B10000-memory.dmp

    Filesize

    64KB

    Download