Overview

overview

8

Static

static

1

afb5123f9a...18.dll

windows7-x64

8

afb5123f9a...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afb5123f9a29744d8de12b193dec7c05_JaffaCakes118.dll

  • Size

    203KB

  • MD5

    afb5123f9a29744d8de12b193dec7c05

  • SHA1

    0151d22e896173330de6ac57b4ac3a73366b54ee

  • SHA256

    9a1c07a891330e563d4cca2e2cce333ec83e27225c76bfc8b31f2b204c5bf140

  • SHA512

    c77058310f17824a2fc92a0e1a4f0872ef3f39c71324534889a2240a76e2ec769610f11e0cc3a3b8d46e4a81987184498bd06fd7921bbbea84afefa2f2fa6af3

  • SSDEEP

    3072:tiJuBXB3YfPUHp3SaKHRXlijZIT/LhYyd7WW9/Kb6IB5vtP8rLLf/tlHJgK6qepr:tuUpSa2l4ZITThYyRb9/K2IPFPI1vg

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\afb5123f9a29744d8de12b193dec7c05_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\afb5123f9a29744d8de12b193dec7c05_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2052
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2080
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2092
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2800
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2236
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2828
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51fe85fa66252de1ef21f162a6f38300

    SHA1

    b4d365e24c040029f04dd171cdbb25b37cb3f776

    SHA256

    ec3d7728821d54cbd6c9763ecd2137a65332362780a8224283580e7ac7f3c8d0

    SHA512

    bcf58491d4e7ada64f7041ea7e906f65702fe9ea9aaf5fa39e76f9cad9a1b0f351f632798caa12757a84cb66ac7662b796e3de9d17d5c378ef7bee9c14a45e34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a94708f435e2ade02d7e79b3f77328b

    SHA1

    db0301a03406ab5433beccaa2575b8fbd8898bf0

    SHA256

    df578cc21acefce1f61fc69142ed488bfcf372f665ebb634cdf9d1576f3d4197

    SHA512

    b56be71e97ee624afa5077fa288d3c1815698df2d07be0cf24c30f06c13e1c4a0eaf49728c86027bf2d22e9b962c5b4223c687c8840182130d8b1632fc2c9bfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    327455eef89c0e90d09a0b65bfc5d360

    SHA1

    bc99510db593b857fd1d3b6c3f112587e611e58c

    SHA256

    414229f41f0fe2b58dab3adf68fc01baeb2625a9caa04f5fde2674a1a3570f21

    SHA512

    f81b03a026a8d956211e1e3052ec1419a290f4d1b07a3d94c197ad7afafcdeb5126bd2731addc044f05b2f4b0e978a4e8a70955be9292300048e7190478fc0d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f26a3c968cba94191fc261cbc70730c

    SHA1

    740bffbdd0c44e0ea9594634ec19dbe33d4a5eaf

    SHA256

    6b1b73b01f621f291fc71c450909c8e8403d3b427e3a9a755ba191901bff5a8d

    SHA512

    908cdaac14cdf90ee5e9508178657d1f38330fb3552bd0ff8092f2d771f1d2102c4705acfa0e9fc52605d8dc93f3f283377e4a0e166871bc4e096386af735e98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39f03dc9457bfd130db433a700e47ad0

    SHA1

    257d95ec0d0094d0f69ab936ad1422cb3f296457

    SHA256

    ac8aa075e77377ba9d09d432f0e98645ccf35de481d55043551818f2a6f8885e

    SHA512

    55d6482134404c3a83a9ff126e6b2b981b664cd164be9770574e30dd27521cc8f4eca0efd9920abf62606c3bca121a179a47c11a8d2b92767a76ce866e7c0cf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eecd253fe45cd46162a5aabfc6dcb6ae

    SHA1

    ec1a5b6a90af65487ed25a08ca1309f63f2374a8

    SHA256

    55f4f94e3a57220049246b7d272869be950d4344d014141b87ce50013bda0d9a

    SHA512

    b830ff7f026e0df8ea60bbefc923c404d02696447b86a4e0610fcbd2716bd9b2e78bb5f28866a075a610ce6af215e247b25d65c0548ff3140128b9fbeeb45509

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1be544989710f89573472ca4e58f247f

    SHA1

    84cd4bc1c340c8d029794091a5bf62e68f02cb08

    SHA256

    b60874e1d2679a73547b0a3d9a00492052b3129cd72013e0861dbc27f7dee496

    SHA512

    aac0c55e482e13b4fc32a394e6503b9dbd119c5558edd8c67945fac5ca0e10cf82d794d29d6f99e8c2582f7a1c02de1c50f4afcf19b3abed463b8026ae627b96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f90aa9b129dfaae19225938460560afc

    SHA1

    426bbe4f622cae1cf88cd5db9ee93b1fd3f8adeb

    SHA256

    95b1cb373a7f2ddb0dd08921f9e1206f47cc2205648ee5385eea4dd342e9f000

    SHA512

    73cb4e92dc08df3f65fd56ff50a77790004cc4f9584f4bcc7535b5106412e9c387cd01c68367bdf83c91ce16cbacbab4fbc3d224c3fd3eea106f2ad3b6d9d5fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    788a82c547aec65415247cece1b61ebd

    SHA1

    397a66aa08cc52be6a08f107618114117de51cce

    SHA256

    30403784367e1539daf3c84c723669f6715e64917d69d3ee9b1849cf69ae0e8e

    SHA512

    d7e09cef3c4fe1c46407b7de0397fb54ca7b47a875d69cf8402c917b8a7a82536e168fd0d5e879f9373c5c4e3933acb810b688ccb422fd20a1fb56a9633a1242

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdfa4ccc1e9adfc6293b25928b0c3a11

    SHA1

    b5e57c8d848b9f18ecb0603c1ce4c51bdb7965f0

    SHA256

    e05b6d000603888580c5334e70e89e497b67d582f18dbb7ecabbbd1d4ae867ae

    SHA512

    2a211db43ff65e3774eeca4cb05b2d47149217983673562ca1856e514e25599ae589ba4298adf66c88dbd6e86a7387f1772e1e755c7bfb65c8b4bbb85a0a1a61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55ce8c5aacce747a63801d7c783ffc0b

    SHA1

    0c78dc108590766a1e5e0d09d0db0b377cdeb94c

    SHA256

    cda845ae8dc6e37a62f6173303953e4bca1161c139273c54645cd1e2ba6d4da6

    SHA512

    52bc3adf5b2bd4e884ec560040ebbda325f6a8ff42611c57f769e784b72eeac9945b49c2fae958b207633471ad9ac07e4d1e2418bf0699bd385aa88820fcb15e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28e96fe3e6e27a7a565cf4a332312956

    SHA1

    1f35bee626f96fef726d4a97c6c940f93393b4e8

    SHA256

    e9e62d5784ffd82a361b3e6bb50bf51310bdc984f73d4b06fd37ba33d923c573

    SHA512

    913b01ef951b39237117f990560842fe7537ca32309ee35c500427da3c3e1972e99f8f9cfff383c34b21bfca98517203b2b62d23c87118f05cd20ca8054801d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2df92b729f695649ffa3658bf9a2cdca

    SHA1

    077461c2294dc65e48d8e8dd33bde0fb3a7fb4e5

    SHA256

    358b4b1c24530a7950a4ed207e407be386d247646d701e0c63ff0501d22d06f4

    SHA512

    1b6a67b9153a580351722b514e859fb4ef5a54b03e410d3176914372729fd46e3f975cb544d9a393437f745923e2bb712746eace1552a3bc33c1635d3b921e2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a1bc71a0716aebfb75e93260b68162b

    SHA1

    2e1c7645958b7cbe76216e9d0193bf52c2e39243

    SHA256

    1bfadc8fd571f874990d26eb4aa95483cbe1bab8a4b7d9057eca33799d041425

    SHA512

    bfa6b17c2bb3695311c6f1792871ee2c3f80a6bc9e9f92d226c6e08a3cf21fb753f56d06df1cee3d5e5d4359077f8ba495271af2a0c59e49a939285228b2d024

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97d30e6e25f3e38d31591ca45aa768e2

    SHA1

    d29c4549154d77d85ab7d5d5b71cf3e1d9f1d35b

    SHA256

    0bb00ea1648b9ba2352174e09d7b5e3e8624f0739816c60cd772ef51169f3b2f

    SHA512

    a6534938f67b939cd172e4b46d7b1eca622311445fcc09e1563efefbbaabf4cfdc835db2b6baf1b978da345b3efe2e834193c5dce3b95f6433206b4dad5aa7a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e21c30beed5bf09ac1322174e0a71f6

    SHA1

    ad266967d3c69c8e4468292b63dae5857da89bd9

    SHA256

    67fcbc99fc48e93ce2e134b007092ecd7e314438bd2431d008510bc4f73bebfd

    SHA512

    eefc0cf338caba966612ff35dd760b35e1e12413b88e75fd376705dd2e8be889262af0d2ae33e4af9300a1aa8bf06f410ff0f34db26c9ba2c80979b321d123ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8d63448614488e4d9110227616317f4

    SHA1

    5cead9d7a9cc5cc1c537d0be985900a87c1867c3

    SHA256

    575f57942b9446b4c6c43ac0c179438dfe61bd012068e4dc8140c66d0fe4ec22

    SHA512

    554badc7a6acab2aeb3e4d2d85a5233a2c7b2305e0d2a4644acbc76a6ed7d92c6c3cdaf9ab1756b8e3eac056af9acdd66fd3e4a8b55943a12df4ce7366b5df9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b75aba18268fd25406d16f0bb31b8360

    SHA1

    41e9f72be019c26d20ba1ce50092bd309d8738ab

    SHA256

    7b795fcfe8632eca8148724b9d1cbd881c7da161b56ae5b1d002df943f168e10

    SHA512

    a301573993c79c68cb8b60a72a34589b8f041b2a950fed183e0b420cee3e93c5cba343c28f173f5c0aee97ab86abd04800614088e165d2039172879a12034b6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fee51b3bf6df1394ce6eef28400bb342

    SHA1

    9ea96955cc8f1516a8ece409b0a7681faa17d1f9

    SHA256

    c3451fe721864bf724a92fb16394474d3ee40c6baeb1347dd0ba2c047897910d

    SHA512

    bc7d42aa34551e085e5457a94995890d1d919ebe7ccea0fffe637ddf074a835a8835ee5e013a563d073707faae4f511e8b64e76ee4dd5a8ef00aa91e9489fc07

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAA74.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAAF5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1932-11-0x0000000003D90000-0x0000000003DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2052-5-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2052-19-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2052-2-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2052-1-0x0000000000280000-0x00000000002B6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2052-0-0x0000000000240000-0x0000000000271000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2052-3-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2052-9-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2052-7-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2092-17-0x0000000001ED0000-0x0000000001F01000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2092-12-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-13-0x0000000001ED0000-0x0000000001F01000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2092-14-0x0000000001ED0000-0x0000000001F01000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2092-15-0x0000000000470000-0x0000000000472000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2092-16-0x0000000001ED0000-0x0000000001F01000-memory.dmp

    Filesize

    196KB

    Download