Overview

overview

8

Static

static

7

b3616f34bb...18.dll

windows7-x64

8

b3616f34bb...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 12:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3616f34bb0acd0543c0ed31c9bc5812_JaffaCakes118.dll

  • Size

    203KB

  • MD5

    b3616f34bb0acd0543c0ed31c9bc5812

  • SHA1

    f8e206cd83dd879e6b9fd99957fb3f3ba59e60de

  • SHA256

    d6144364ea601a5f6048d21f47ea7591f4aa2640a965369c69d55e4433257161

  • SHA512

    5595bf404e0e31e2e5d3810df971256e1f431a60a1fd7ef6e5ef0180621edda5ec83e4c9a094ce0f8ef55c0701f9df72180bdc474d9130e6f2f56af7af16a4c1

  • SSDEEP

    6144:rDDj15kQqz4+2G783A6r1fcX2F+BXfm9psXUoS:3l52zn2C8ZB+BMsEoS

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3616f34bb0acd0543c0ed31c9bc5812_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3616f34bb0acd0543c0ed31c9bc5812_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1488
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1732
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2304
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1072
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2272
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    863ae38a8f9d6810ccff12de1e9ccbe0

    SHA1

    c3687a4fbd6bf6a820ab8ba83871298d178e96b1

    SHA256

    29fd062dce368a9fa43dd9cc8e80b050b98360f56150ed1a11162e4599f88428

    SHA512

    3d7b30af3be8d319bf2063e1ff4c198f40be664dde210ac4c0eb2a85c9cb022ac6975eccd4997f3d082d69f4545de04e22ef0a70c5a56b454d00b104fdbadda9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbfd16b05336bb1c71867b29fc953d36

    SHA1

    d32dc68511d7f10a12a5ffd2e9fc82862206836f

    SHA256

    dc572356acb0ef3fd69c665138bcec0778b55eeb7d8aa9e88d3e866d9546eeb5

    SHA512

    c37436c06a12a7ebec939bba169d8f7362c703c3309c04095645c083ab8dba5eac7e785aa216622c6e3c13c2248ceed8fcab090bf17e7d98a56da6a393fcee5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    683b5ff879611171d59c574fa6c8386c

    SHA1

    52a0d1bdd01ede3de97856cd7d080d6c7429d1ec

    SHA256

    5de405dce8a55ff5be4c0ad39e3fdfe9b136db6f23e6fc6d3a28802f41f1b0bb

    SHA512

    5ba4d01bd8432b5f6aacc1f231c566ffba0afba276979e2195b7a8524217cd2aa2cda307d6fbeca54c3232074b8ff461c9807154f592b53f75c50cea89424ad7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8825dc3213bd2b349637b96fef087a89

    SHA1

    4e3b6fa59d7d537eea5e5ba24bc71bda7698fcc5

    SHA256

    2fff0b4cc3d5f15e607b45b7fa5efb9a9ddfde45b1446b93d57369618040cd1a

    SHA512

    e51380817e7edda6301f3712bbcbe3a1451ce18ca658213917a3d24c704f76c313b64f599d1447eb8c00ed58c8c88058e50bcfbb968848274b0ceea17b6478d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2649923062e44521053f459b121c71e3

    SHA1

    b6f3a0102b338e4ce45577e912e5d99385de804a

    SHA256

    0fc6b83bb4a467e34afbb8df8eb6b376688cc9e66550806023beb4bff1afd474

    SHA512

    f018303e20ef76d2ffb9e53b296ae52ceda464ae5a3bce41bb637c13939174c8a9902095de6cbaa457cc9317eb7bb80c86033152aa86c81bacd4074fbfd20668

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3cd0ba27cb4d4fb202c9777534caa01

    SHA1

    748d2611c5271b8e445b302b2c4899c29665b351

    SHA256

    38a74ede694a3977445fd29c9a0049d6871e5c2aff80a6c82fc1e0f635540ffa

    SHA512

    838b7f8ab78f996e4633f9a5699cbfae6174e045f512f30aa1cf1957ad8e5a4ee7cd44b8b96b03e5ac47a394ff753d535ebcd84a1b13ad7caa45221c323a9ced

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b791e06711e8f1bbb4e707f590194c7e

    SHA1

    bda47c91f8119fbfce12806939c4703c752181ca

    SHA256

    f5f1f991b6e79e4986d0814a19a643b847332641a4804422fb2e817f278b6e11

    SHA512

    fb997992fc198332acadd0c8c89621c15fccab5400870b84db3fdc425906cba9b24098995137a694d2c2f35959a5a58c7a35803ebe05e8ba285f7de1c144bab8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c916961b39f257b9e625119d955bb37f

    SHA1

    214534eb366976900729730bf0c41bd78ef7b3ff

    SHA256

    4582225af1a85204248b4129bb3fd85268c9f6e50a50c91909a33c3e9e29dab2

    SHA512

    f8d68ba033674ff08f95532d9a5b69416445624bc28a1a20dbf6957fe050ee46cba4e9a31d2d3d7c04e010cb9ec4b535f833cb9ab2c915cf611657f1768e96fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57b8a72951f63ace61219a822ad420be

    SHA1

    310b69085b08478979cc65d6ba854052a00b11fd

    SHA256

    23b8ac9200f9c2760e46be866005f7748c1f6384c552a1d5c1716291a7dc09e2

    SHA512

    7fefc181b99c634dcde5fea579bbcc8d81898ed06039f338c34057bd81376a4955ed7e6b608ef24050bb1df9512e8d9e9d2e92bb4b1b2cd471a3421581ea7635

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01e2dd649d7319a79d02f8115b91c225

    SHA1

    d679430ceaf8b06892a4f300d18355a0c1bfcd09

    SHA256

    d953a16efdc41489878fbc1d38e02a082c7eb40d31a86150885f14b1675c8128

    SHA512

    20b8beb35ddf31dd0a92f98ed7262732673279177a66bea1c17f6ef27a4c1ec9b824f433878bc60b2a2844091025b79332920a089b3258c6b726587f58b04160

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b7783491cbf8201d6dec92055e6f768

    SHA1

    2d0964f208c97ebf428ad9c6fbc97056490df1c8

    SHA256

    fe8066b6ed9a9bdf963a642a51acff4803003bd00f4c5acd9dc4ff072fd783c6

    SHA512

    89a807887939227273cbad4e439d1b4c8d70c7b84366cdcc46c027d6715fd1834dd8903f47c330701925bce3aec7268ffccdc4262400be8ecb1c186f01b8fb6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afb1f56ef83394177ac39f26e7ee29c5

    SHA1

    c06df2831a7a65c12e0c448860783b38546afaf4

    SHA256

    e4f33b6d9e61c60d4407ed984ec4f07a41b1ca16b5d9d2291e9362182a4fa1d3

    SHA512

    e27be8c4782c8acfa375f0789618a7a18665114c845d876f57a45c550bc0b23a27d61a8656ac3d38673d28ed18c8d081a53f0fdd51dbc17181f8fadf119af84a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a15ca9645f7c3ad8786bba3e2ed2d02

    SHA1

    18f73d661fee9bad1f5c3c09ffc61c40dc4fe868

    SHA256

    d8f8dc667fd04d43f85401d83496efc9d8d0680ef2edda1091cea7a3691c6fd8

    SHA512

    bd394679205c4aa9ff7001f1302d1507accbdd508cc017cb54f8ef4a7163ce7d5a44589b7e73dab049cae2d79e5a0a7088438f574944d59cc0473ab5a16be6df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfe643b1dd31d595d6d46efe911ca676

    SHA1

    820e4e1c4c5ed42d6f84a97f32d58791270be6db

    SHA256

    ef3fe656470d04c3f947bad5b06d0ef3abe2a642c2770a2995dd0cbb267da471

    SHA512

    edf746843d4ac52667315153efc0c73d97f3ce01898f40538c05af87685508c346197b42eafefcf0bbd97154b57295c9cbb25863ab74c90cb18ba8ce46b64fa2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab937C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar944A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1072-16-0x0000000000390000-0x00000000003F5000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1072-13-0x0000000000390000-0x00000000003F5000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1072-11-0x0000000000390000-0x00000000003F5000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1488-4-0x00000000001C0000-0x0000000000225000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1488-2-0x00000000001C0000-0x0000000000225000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1488-14-0x00000000001C0000-0x0000000000225000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1488-1-0x00000000001C0000-0x0000000000225000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1488-3-0x00000000002C0000-0x00000000002D4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1488-0-0x00000000001C0000-0x0000000000225000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2304-9-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2304-7-0x0000000000200000-0x0000000000201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2304-8-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2304-12-0x0000000000290000-0x0000000000292000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2304-15-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2380-6-0x0000000003B80000-0x0000000003B90000-memory.dmp

    Filesize

    64KB

    Download