Overview

overview

6

Static

static

3

b5440d96e5...18.dll

windows7-x64

6

b5440d96e5...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    117s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21-08-2024 22:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5440d96e50cd090ae663df8ce92f251_JaffaCakes118.dll

  • Size

    186KB

  • MD5

    b5440d96e50cd090ae663df8ce92f251

  • SHA1

    9a04a6402557584717c926af1c53b6f9079506ae

  • SHA256

    2e8e2f97d10ff6a7ca6402a991888650d6ccee154589a4cdd6deb58bb7306819

  • SHA512

    e40e20ef485d23e072a226e8fea317db649399d8af352dbb21173452f1e7a0fee2c639373a4bae691ab4a94939c0d3707d71b32a4ad8ceee4839b4e2240dc0b6

  • SSDEEP

    3072:hopewd15yw/vm6G/nneHNLuxLbpXj9STgltVC8ySak5xTf:ho8Y5/UnetLuFSatVZaITf

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b5440d96e50cd090ae663df8ce92f251_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\b5440d96e50cd090ae663df8ce92f251_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2308
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e99b1c93004f00e8be1dccef5625975

    SHA1

    9af78bae7d09d1eda81feb13a7edc2525dc96ef3

    SHA256

    e0e2173e625e26dc2017dd1b5ee778d9f539baa95bda9c47557d7a98d5824f1f

    SHA512

    22e9b437785c55d1b599684ba5469a9954852f1e171c502f791551400f46b559984ced3cd317464657be95ec7de6297fdc638d874d8a82150f095d3a3f49a72d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b804ed10ce8775f322d6973cc45e306

    SHA1

    22c42ebf74e43e745810e72256eaa0133e6afe34

    SHA256

    621f3641d5015339226810887b3a6a645b7ae82bbce71b088efb244d00bfef10

    SHA512

    2ab34c3c1beb0eaa183c4789703168533a0028d9b3d7ea7247a447667a21e4996ee4ff29d9d2703cb4f8d42089b8fd6716cbdcc9919b0cf356de435a50857ed3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2cf265d87536d7511614106b5a6aa59

    SHA1

    55c914cb5cbf48f1f45433b5c781f6fe015afe9a

    SHA256

    68a6b159e1c4679b021e5fb28ad0e6fcfeff7d118b31ff838db65564d30909c1

    SHA512

    c3cb46a7bb1b2e1b4604ed0c5bc2a3440c60bac254e1b84f026aadeca7459afab55b1b1b5386e8457fad1ad4bb5120f862ddaa1a215076de236497e91d5187e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d0c83c8e6cd6526cdbd57518b6350c2

    SHA1

    072e7f81d859c7225b9c92d82685f8edf8ce472d

    SHA256

    018b3488df9787107cf34862ebafede1fd638885deebaba3ad7be763a9f1060f

    SHA512

    8849de568f93912b2d15d2fde7946a090ba0d95e04cbe825b2517e541d14cde1306c0ca98002683315c997831e9addccb00e0005b4ca0c086c469fd56dcc8689

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f975fcddd90b495ea9cf716f7065db4c

    SHA1

    b2fc9806393169c776402076a38480dd22d02f90

    SHA256

    5c23bab91bdb699bb4e9bc307fedc0eebcb7e122a2ac94c5e60feee20685c9b4

    SHA512

    fd76245ef808d50627827b957040f5beea97109e689679abd9f4afe67c2c21a67c37417db3564470f6d880ae92b59f1e5eecd1bd588830f6d375a64ad3c4020c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9dcedb2b290ce15dc4fea089e8cdcbf0

    SHA1

    989f9a54921cd4919d09f2f5f7a6e7189561bac2

    SHA256

    c33d0b7d7815d1d91fca71f3e9cee2f63ee131770b5637e813035b50e2007b66

    SHA512

    3b4814e507c4ac9abfe1f8275e3df60dbba95a20ddab98e7f8d52dfe6392ccd889964b7f099b4f50be29124fcfa5f4d9c4f46f9749bc1d4164ab09ef63dac335

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7224b880d892627b3163390e5d2d716d

    SHA1

    68abffb4f004a13dd4ed539266f60624a8c89e55

    SHA256

    dcb497518f4d82b498a28410bcbbc9213ef929e96b5116bd821b501cd6e98ef1

    SHA512

    1c709da3451ed000db30ba567e7c4641678f19923418cbf27953b0334e9a0a94e849b7d2ba8514f53f3278671d6eecd1b3776cb9f576a3fbb9c28964b0f2deae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f5948e02052938fe72b4dd4d6200722

    SHA1

    e9d1504aff172bb6d3ba1240d744911af613e7e7

    SHA256

    52a716e0ff7c4ac79e5068e9cc4886daadeec0ef6eab69e6ee255bf034c9ae84

    SHA512

    81e9facea881b91e38b4f67e58314790e5b0a74a22fde90b2542791dbeae0ce7348b6521bca4bd54c24f86e9f2dced8ed8724830279bf5075ca54e5f6df4d9a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    645001db09ac48cde38804b23f1562dc

    SHA1

    e1b2c74476678bae3f03d664a5891c7745ff72ab

    SHA256

    db2947330201f053f8ed7f35c3b588db3644b7e11dc296b15078c662caf3db30

    SHA512

    e4830a1880f6bafc8c9a74d1bdb23db4d806b9e0ef9e15128f5d68aed3f93a55970a0d8b1bfb0898b5dcc5bd6d1a04a302efbecb878ea81cbe6bf7746a5ef4d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd62806933897869f14fe779c01a22e9

    SHA1

    db5c3d698952f17ba1d07976ada6e70ee6cc3684

    SHA256

    c41f9129ac5205c89a36dac73b1516e1f36f822cada25808095e8f038a527596

    SHA512

    b0fbc2c3930034c1eb1277a0045ad88af486e547e2e14410e564dbfeaba1e0d104ada10a9a093a6b33288bbf13010aadc896b093fda37d7406751a670242db51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51691bc8a2e2d8408da5263ce4bd7cf0

    SHA1

    f380f46cd49ba85960f7250bf285f65b749d619f

    SHA256

    72bbfef149980921c8b0c1aaeb3a4ad67691ae678cb610c918a2b1407cabda62

    SHA512

    0f3990b41088a3aa438f94c7f0ada786717c65e62f1c6d05cbe97d62384bf2247e7a94305fe86252563e666e92f0aeef415818a1a782cfd1744c3c7d5d1645c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c45845e039fa5e430a387941c039c6e

    SHA1

    256ebb672d0c11d9e42c536a35833d07f7f3be45

    SHA256

    ad79a1d680da837ca5d33f014bf79e724d5301f856c71d5ae449a64743b914dd

    SHA512

    0278cff66360aaa3ec737d86adebdf6ed568a15258dd20806aa7959fe86547edb9b1c379e0f771fd86561a263a76bb818579885e56b55876af99a5d0760fbf89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b6546780f1021ab74a68e50c834e00d

    SHA1

    4039aad8da4df0624a92f12ae69da578f2568c57

    SHA256

    c12f98dc5b0ecf3fd30ea5ab86e1900e82c4c07c5db00a5de52b9b4bfd8f5265

    SHA512

    5b26186b6352de3b9c7111d84199d37e88e21f005c233dc4fa23f96f9e1ed999591d3dd7ebed31d4cfb705a7524c896078ed9a74c1006e17693a24b4e7131037

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a60d9711c851dc58f3e9e6411b5f92c9

    SHA1

    7a00eb32e10c5ca2e54d2494011fc3d10bc872ba

    SHA256

    b0308f14ba9393ebafed3a673a6b5978001e3a3eb9d174af2369aa9215ff1375

    SHA512

    973dc0df82fc9ec96ab6d5807ef1bd297c9a8490b4598d487dba11e53c17e4b74f82196315ee05797b0e9672bb8b0cf0cffa41a5d0e2491d7a2cd5ae7161553f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19b7a09ec9ed2861b1af4d5e6a34b096

    SHA1

    cb2551304a9169a4b6b48e19b0aa96da605fde12

    SHA256

    8582c8b6cc59f33befad2719f0fe9cb4a84eb207a7b4de311ae28c5c00070c63

    SHA512

    08313df4110bb47e6964453c8673e5208ceb59506713b45b0856e6e66bc152ebc4c118db8509ca82e467bfb8d36e276a79d76eb6a16050eee663aa314c83c90b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e892502cb901bd7792e276cd39abc50

    SHA1

    6d62a5eb381e590bd00ed19f72a94009c9386934

    SHA256

    d264a8c7d4a74dfb5a23139fbafa86f4f5408eeccf7f6227e370e05d409e166d

    SHA512

    81ff0716bdc47ebc3849f4edc6b5f89413aa0d1f13ceac53f277d95869a80311b08497704cc8ceb0a6cc40d6c56626baa550878d9c5de1ff92aa86ba62ad55a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9873019e67c2f3d06b508a2eae0aea9d

    SHA1

    fb67e136d80cc194d2235d3b4562eea545c3054f

    SHA256

    2d764a7a3662d76094821266e51c59ccc30d58f38e0f77ff548a98a476df3be2

    SHA512

    7682185924b7d7fc3158c2802c901dbab7686367ab208e976039c02c398e7687dc03fecb370b312613949a22b02cb92cb85838b9f393ee1700ba36efe54e9698

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2321baa585bbc0dbf7bf122828fb5d6

    SHA1

    139545fc6780a4ed4d75377e0fdb40b02401f526

    SHA256

    155f134694a9d53d9a3c3d19848df3e98e56a39cc71921b7a7f7925aeebddafd

    SHA512

    913a1c251472eac39a29cec3654f9dbc962d75b5dd5cd30692ebd1784bc38f650fe080fd7c6a364df709b7dcb2fd1a288f6a287232a7dadfbd249c064fdf3b09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    985fe4c12ee2b2354143c0fc7f0e5188

    SHA1

    42c2bb84892fe5193110b220a606a65b5d70a857

    SHA256

    1a0ebb1bba5301c9510b207ec1aaeda689a181a3aef497ca303ecf310e8a1be0

    SHA512

    64356ea255d619ef76d69dfaa81f5a8c686c2f27b52f4a4efa89e5e052bb1313b7932de23b11d0f25035aa313b610feed38982accf8a900681a9632d665bd403

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3591df976d45428fbb425d2501adca13

    SHA1

    9a646370eba8ac56ad8b9bd5cc5e96a0103db89d

    SHA256

    46bb874d1dad42db8a0956d452ebc7f1ea0b7261ae458d1a43ad8847691e2485

    SHA512

    df2a7b4c56b1624797bb20f2ca04bb981b49971bfad034b47970423725bfd4282ff4af92356cdd027c32e9c06ef48500b73a640b779669bf5608d3296014c7dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b12b476d2c5140202f7f3426f31b41b

    SHA1

    ff8d89e6216f032c732609dceeaceeb4dea7fc11

    SHA256

    e959a88c8054fe20486acd143ee0c7fee0eb4951a59ae92a447fb73f591687a2

    SHA512

    807a68507276d824eeabf2470026a3fae4caab4d3b0cc04b42c461907b530bc7c0a29cddd54f2a44cc1c13a01ff823c27df59b3b016bde31740502f0774ee4f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA9BA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAA1B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2308-0-0x0000000000280000-0x0000000000282000-memory.dmp

    Filesize

    8KB

    Download