Overview

overview

8

Static

static

7

b47b4d3544...18.dll

windows7-x64

8

b47b4d3544...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21-08-2024 18:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b47b4d354451de40bd3e1af90e3cea3a_JaffaCakes118.dll

  • Size

    211KB

  • MD5

    b47b4d354451de40bd3e1af90e3cea3a

  • SHA1

    daaefaeb2406097b9c5c8370086a97c786cd263a

  • SHA256

    b233b16da7d28e8b611c00e799c4fe6513c6b9658b492ff334af78fb40604124

  • SHA512

    b3bfc70320f61fe6a878ca0ab441ef7671d0405e021b4e5d16b14514b0403e9a54388b7fc551fefcf91ab183a0ea686481756cfca09dcd07cda1dc5feeba33ce

  • SSDEEP

    6144:5+30fTfVKbk4XzgUUwvbIBcSRZOnniqwCdkEh54:5Tcbk4DxvMqAkS/E

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b47b4d354451de40bd3e1af90e3cea3a_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b47b4d354451de40bd3e1af90e3cea3a_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2732
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2244
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2080
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2888
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3aa9a516a0725868bdc78a5dcd273549

    SHA1

    a6c3c4e80f2caabf6323970054557c1d4f4d6391

    SHA256

    3ce73c2ef2757bacb120443bb8b5b2edf01a0c19d3532b5ce133179dc85a03e3

    SHA512

    c3ea4bc5bb0209a6fdd1fd0df2101e6d5f8660acc634fe227a254f6502a8708ad2be755e482e0772540ef12153a4426d52c9a8d6f0170571e2abd6d3833ef6bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d012313e32673620b2c8bf9947675ac

    SHA1

    2b78141b2c583e898ff36046956a5eb73b76d32c

    SHA256

    853a9cb6a6d5db4efc9c71ad1250a36fd4a7f3383d5f964049f204cd22cc46b7

    SHA512

    174b253587e4f7f157325fba7bb43311116a2e13ae7f3b632eba4483358add11e4a2a831160b65a7d391a34608b5a3336238b678a6eb992673f6364e1d8fac32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    837ec1ef494182e982377d0172adb4be

    SHA1

    cde6a0c4f7e23715c3f6c8e11c6ae2fbe8dc9f44

    SHA256

    ea9483b5474f2ae363c68f60ba4589e7508c60ee78410702c5287a418158623e

    SHA512

    b1ad36308afc1d629db963051a4c29c10622e815f58fcc02599633b45ce3002c661c7ce2eb723748c22fc0589361f35917ae4163378d1bd0d1b7ebcd95fe504e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec37c0e31361ba0e48bb41614bf53901

    SHA1

    59aaa26c8cab9f7610613d1f241f61e269ebfaa5

    SHA256

    dbe06963cd65cf641ed37a9c03138cfbed1020bd616db213749f7561c0ac8ecb

    SHA512

    d7e470a23e2c23f57f9e36387e552b5037926243aaa00151fbdcf624fe0d6849c27e9f4f21e56ea2840377fcd5a9657b21bce84877c07e20cc950d2062c96aef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3dd7b13e0d2532077dd3a928f68fc1c8

    SHA1

    e58cc8a618eaef3361c6fa939285bb4421fb0639

    SHA256

    c0e19f09c07b0cfdd3bd950f4f817f852d87adf26c2fd84ecaeeb70e36da5859

    SHA512

    d4d9837681c8592d14366b389aa5d9b9991c08fb09842cdd1ace74b196079a2db0609988c99aaea8af7cf32849b33377287e9eedbd663218f72fbd299f8370f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dade537208cf2f38482992be42ea41e8

    SHA1

    55435c954de1f08a3abf9ed0af263fe8fe54880a

    SHA256

    30e8a8632355606e6dc5515ad48ed6b01b65ccfda705f0adee3c6762ae1874fa

    SHA512

    10d02034509573431a6b8894c46af86b3c268c3f63b4e2c462748ba222fb3e2df4d352757a85d18b42863df3a9786b3c107f252139576080707af8f2b23f2e44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d78cf73ad8a83d4c068a06a7dc662504

    SHA1

    d7ca90e7d248df91671e1a6ef0b41356140c6672

    SHA256

    74df3c5b50f4ecb7805b646b6cbe4c4180e3a75cb09e701b94e2bbc90bb37ed6

    SHA512

    c0d6bad2e4aa2c74460461dbcf6b52756900646f20335372de7da967184892777c1c2e8d009ad014241bd2ab8f108ba67034922a86af6fab6ca69ca4ff11685c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f747fcf4e35e72ab590cfc347e99123a

    SHA1

    82680cb33cf4b219dbc99eac491aa0d733a059b8

    SHA256

    e92995705d77bae53b5279d7438d4b91407f389a1141322cda004a3b8c5849d0

    SHA512

    87b69f1e9ff70e6d359a282900f5421c4cbac72a7f7086785034002fccecc8436130b9e367b3638d7ee9e46635a7bada0bfb27cb6a726a4d427aa3caf2822d6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c06826713f4bdf0c519305d562727dd5

    SHA1

    b337bf31f74e5866771e0b039d5384a2ecbcfd5d

    SHA256

    15b754ec4d7afa6a1a4d349961b89ecacbb36becfe6855375021c5c615868180

    SHA512

    634a1725f211dfb3a4e7245ca25be15955c9e45700d410e3ced5f871bd9dab8cd02a61eeddd27c6136c3ef5357e4db0d61fc4b102fbeeb2f2e60e23b972199cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdba962b0a9a813a31bfc4f3dae892a1

    SHA1

    daa45c0aedf764370679d9035e123d0d3812dcf1

    SHA256

    fa231d30f4a4d759a480f034170f76d832d7376513d0c6e622393ba8254f4cbe

    SHA512

    a250836b59041546c406937e5b78dd9708c744ad530f293a6fa916a394fdac4f0022eab5b58d4f7d274c2004fd376f3c13a98e52a5b5dff562b21eb43bcead80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe51153e1a9f5d6b5cf0553da1418003

    SHA1

    fafc2e5d6e7f19488e0027f09e32ce8f9b75f0bd

    SHA256

    ff97d59e58130122b368d205be7679dac29e07d13c88bcf1fe332140f96fbeeb

    SHA512

    bf9fbaff17b8b4d47c58167b1f6c23d8bfa573969ef47afa9a0f97191b1f5aeebb848c4fcb655c1865d8ed6cdc511d226637f434723834d4c130880014e158e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f413043770879e53fb3e5b1d8343a10

    SHA1

    80236434809a86f2faec79219c8e93a74a2a35a4

    SHA256

    35decb0fdef8a3ed8ad9a0085e0ae42c4b1856f7b0713c62242d41da131f63a8

    SHA512

    c9e0ca151d940f7c2e73c2bffc6667fc25c739a8b435cd853cdcfae9d9563bffc72009c2a3624233b6e1bbbf160a6cd93eccb189e9bbbfd03582d15c137c4a2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    675bfdb2b2a18c7dbc2b602d8c062b07

    SHA1

    c29756a21516ac8a60e62a9bebb0c7a02e129b4d

    SHA256

    c4ce89683216ffe481404b3c951f47dcff9c1530f451c36d7253fd81ec145ed0

    SHA512

    e1c94632728a4c032a6baf37cfe305f1c94bbb87ca2c1fa89e13243109b9324d95195254eeacb1576d29049834adddee2e4a55465c27a5152710d9797d72ffe9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    32763264ec0938022b4f6efc1bbe6e8b

    SHA1

    b01fc2c2fabea9538dc44e92bc9fdbbc3962a0c5

    SHA256

    346b3827763fc023a8363a05d15c2c8515b4270af8d06e1cbd5c47be72581575

    SHA512

    7c81fc37d4a729b9589e4d0a946f153c208c05ab08e3fb22f4bf6a6e76e3926fae1f26f4c452d7cf774bdd8f11317c8fc959633aae042c90824552b25f632327

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49c0b972eb6af3d08b59107446b88968

    SHA1

    d0dba676e006ef4181c6aac493dce0ccfcc0fabf

    SHA256

    d368852bf65bb537bd2c1549ce5e48f2124964cf06196d6b056a2bf5f7946f80

    SHA512

    e539746931238f20bb1f1f61154f6c1ecb80b7450468114d19ebcf0ba435a529846e7b2121a900e56ab59d4321a0ad1f5a01df0f9b76280a9f3a8e7aee0de060

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3391408b10f8b6dd993d58fa51b9854c

    SHA1

    d9d0121c803ec0f9654a996de05d029ab71f66bd

    SHA256

    5748a9a4663a72b00f74bcfb1cebae780eb15bec4ce191d236210dc9a417f212

    SHA512

    6217a2f43b39550849229112cd01becec4449f99d1b031611ba54a180d4ae85694c65a73cbcad0dc1c21b9ddd350ac7ae017d9eef9019b75f78b98d07a01b3e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af474ce79c6919e211352cd4639b7c29

    SHA1

    2f212f4f7a0385f6577ddfeeff47fa3e53f1db3d

    SHA256

    2c846b8dff4ebe2a9545cb3318fb38c9998881f29f5a54351aa4a215092497de

    SHA512

    1044c33e79fa8de3a96d979e76218fb6ed562fc3190ed7220d34f403fe704bcf5ac344264085f26a4cc126dc98ff52f2c80395fb2223c25fe60dc17afdc35db5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6633.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6741.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2024-5-0x0000000000230000-0x0000000000283000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2024-4-0x00000000001A0000-0x00000000001B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2024-3-0x0000000000230000-0x0000000000283000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2024-15-0x0000000000230000-0x0000000000283000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2024-2-0x0000000000230000-0x0000000000283000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2024-1-0x0000000000230000-0x0000000000283000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2024-0-0x0000000000230000-0x0000000000283000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2080-13-0x0000000000190000-0x00000000001E3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2080-17-0x0000000000190000-0x00000000001E3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2080-14-0x0000000000190000-0x00000000001E3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2244-11-0x0000000000850000-0x0000000000852000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2244-8-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2244-10-0x00000000008D0000-0x0000000000923000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2244-9-0x00000000008D0000-0x0000000000923000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2244-16-0x00000000008D0000-0x0000000000923000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2864-7-0x0000000003840000-0x0000000003850000-memory.dmp

    Filesize

    64KB

    Download