Overview

overview

3

Static

static

1

b87c357b79...18.dll

windows7-x64

3

b87c357b79...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2024 17:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b87c357b79ccb78ba7391249c18cb628_JaffaCakes118.dll

  • Size

    230KB

  • MD5

    b87c357b79ccb78ba7391249c18cb628

  • SHA1

    4ba77936c9f55de2aa78abc66d1e9da22e5abf3d

  • SHA256

    691d16fa24e4349d58617c6501748192faadeb299fb7d02488b2aa0f347ad05a

  • SHA512

    f3ea0fec4d3c48230e6b54d60c1cf37a6398ce0dd00434ed13fdef610d295ebc84cee475b14c3a17b9b5b6ffa76ad2a93262b18aa2c472127595410f46f932b8

  • SSDEEP

    6144:YRcBE59qCfOIhJYGm9hnp5Q5AnCzutxhcq6REmTLH:YGE59qrMWGmvnAYXDhcq6REm3H

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b87c357b79ccb78ba7391249c18cb628_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b87c357b79ccb78ba7391249c18cb628_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2232
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2528
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2040
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2628
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2444
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bddd2b1e5ee63922bc29157ab9dd9bbc

    SHA1

    757f55b137fc71da00aa82d34b412a7a27d3db78

    SHA256

    89b508b7b49ee1437394a13b10c96771f404f9620c03bc7cf02d0f53c991c82d

    SHA512

    1bfcef1c281bb3a7c60b352f477173b0ca7b756a30c244c4e152a9ac9c0fb7e45201e9244020218904b3bebcd0b7dffbdde9def0bfecf1929c79b36a0b78448e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7786fa0a67bc889056100ef4c7c525bb

    SHA1

    6218c5e9660443fdb943125389d3b46229bdedd0

    SHA256

    ea7c4d590db6227393ad4d1da4fa98362f02b72b54276e5a246ee80d2fb9f5fa

    SHA512

    520e75fdb6945f06d5133846c203251fb1e2f0ff7e17510a51235b5d3e9ed9111143894a54b83be20e4049b80cfc7effb21d60478d7b253380343888d5e3b9fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ec635d6fa8a05eb4e6bcdb36169b2c4

    SHA1

    e49fedc849e99b217ce6c697225320579d01ee86

    SHA256

    f1b4263cbe53862f1d49f267ec5c4e448c5d302de67daf581ef3ef6d5f43647b

    SHA512

    add90187f5c4caa53ecf0e88584dd4710e635a62c4ca96966991953375f1bd69fa4f71273445db8b2100e28e2dbbf353ff4640d176c84153bb4b32219e7c9c49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fa99bc15f3db202c3ff201ca1a01d2b

    SHA1

    25b0b0959bf2157e813dc672af77bc9738d440ae

    SHA256

    560a48480d2e6dc6f4c00054bb1f9443388e296264a7efe8c3f1c6c69e66cc62

    SHA512

    1f06163952361ef82f01add8f7950781029dcb5c38543ec6efb1763e409787f49a3a52c920a5be225afdd6eec2704527a6a41dcc4e909e1c95fa88676e2af3ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddc6a1e2f5b965059d85447e4cb23833

    SHA1

    ce5cb38338431ddb4d437a951607982382be1fa5

    SHA256

    2300a4f50f14fd211c366330d354f16cbae49ef098f88cb007525cb52feb0b58

    SHA512

    29ad87aec891460ffb9e5c11e2c4e5fc5f4963bc94b65412423e324605d4c16877e8a8a9e66d306919d0fa4603946325d08777b349e123c3cc6f7d763d12d17c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a944fd052547fbfea2a0dea57662f09

    SHA1

    ea580a4919b4222a85aacd0c5674804c6ae3c787

    SHA256

    852f7bddd18bb6827c229ae08c8105ba10c8e63442649495f881e655131f7d3f

    SHA512

    0c8a988222ae6b65c0f1023d307ba26720892066e883baae417bb62160b6e65a9a27beff61b6ab4fa5c5def3f8ceab4a175d4e9ce78460586ba4ae8d4d9e50aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50a49b68d2a9a96e7bbdc5cd2e7aa56c

    SHA1

    47ac7210299f352ec7714238aa80a7ff04f53458

    SHA256

    37fba1a9ae8fc3521f5787b90abfa49d47b3073fe8854b9b291f6d943608ea5e

    SHA512

    45dcf08267d9953f9dd5f7e2fa5d70ab15467789b06921cf047243bcd490ec6cdc6f00274840fb5c91f9340a0144f399e6e6ec7265df94eff1b547d2278d18a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6979e80c7570d639de2f46e5c915b4f1

    SHA1

    eb09b714a615e5e2dca7d12ebfd18ef6a8674d3b

    SHA256

    261bff82d4b247799bc55ae0b7d9a33c5610edad0bbc9aa72278db84437c67ed

    SHA512

    b9c01c2d7048e77174419f32568aeaa16928f3a548f22bbd970dba6556d820502d75e9340c9a3fd031b49ef8200e86a99fc5c6b68d6ec050c8bde54f45b679d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af1324eb5fd588d9de599358883047ff

    SHA1

    d7a72008d61cb6105bd01ccd6800037da04640b8

    SHA256

    cce85292ebcef06af306bcc5cb6e372c0c8285889a3ca4ecf16993ffbf147711

    SHA512

    5528741dd94abfc8b07a8312104392e0696c1fbf98054cb76da996b96f6b64bcc018b6741b66b6db23022d663a099279563640ecf0737e1f56dc4e4a2cf4f5e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b9c16ebb2e80c707e52b1ece14ab74e

    SHA1

    1ce462c8596623c6748c01a6bf6b9c405975d2e3

    SHA256

    d8459b43122e347d9186f54ebd364a10f545c6a00727f3593c7a20a2c0ec2fbf

    SHA512

    336e237c38919744d679d74ecdbb73aa1c4d7bd47fb9b9cb9c3f3a53f2f8c167d8317cd09db728e85031b5b549fd6d43e131af508b281c637cb6a8572bffddb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56f31b5e61f2ca273e48dfad66c227c4

    SHA1

    b374b278e35cfb9bfe438241f708ffef59b22766

    SHA256

    5f2018b4ba4ec9e0ff4f3ad2f63d823896d6733ee21a720bbec44d891150a7e6

    SHA512

    be2a37341986415c81c73e378f3d4b9e3061b4b7b077ddef4195e3dc71e32d749323467ce01c8ae526aaedf93b50df87cdc5c3a7f8ffc5795c020756a68d8256

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    741a95176ee654e23ce74d8d6a9245a6

    SHA1

    4b398fea68eb81ae4370e2bf5933ddef16a6c606

    SHA256

    460303a87cbe0ad7d27ed44c90864e9b6ad0f07120952e6c90e32c35ec8c3a40

    SHA512

    850dbab5ce3dc29119134508bcbee5b71116220b34b1559cc5d02a8f7fca7d0451c0f821d7095062d44a40252669c2f90e5ba53b066e27d35abc653659f819d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d05b1d482b7648b1592820aa8e11738

    SHA1

    cd21ef998c5ac7ef846ae90a3162c585aa39706e

    SHA256

    efa1cfff1538ecb4e3be099dcc34269561565db05eec210dfd66391df279617f

    SHA512

    1f90f4b21a7ada0f8e7207550523ce644cb3e0dad32c2b18b2fe0cdeeafcba835e629081236d1fbb7233ef385d70bcf33d8a3f5faafcb38f128e64e6f9f2256d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5609929886913fed405b3c6fd2455b59

    SHA1

    45d3771fd234e0c12c611ed1682c4d50d85764df

    SHA256

    723675ebab7fd02d86ca09bbc49d37575fe439ac27f882da7b2b77e54cfd71ac

    SHA512

    572ba591d577b5afcaca6ce0b5bccdbcfe2714af69afaff3676a2727d31582e79abcc2b8ca76ae4d4d140287e9f822ef93075bd2ef13a3db4e604ebca406d3af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29788ef2e04acd6f6b8e2e6d3f6f89bc

    SHA1

    0ab7e8bd4514986f20f1143a40e648eb6fba0733

    SHA256

    2712f24753e77b433136dfafcaa0b0ae45d6b7a951596bf55150d6a826dd9272

    SHA512

    a4b48d1c45b5df8cab23cd0d3378d87e5b43dfd0263c1dc5ce11b102e5ca35ccf55873d26f4013be57ba1447a5ea6959d93b29f08020f2aacd7ddc812c391622

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6103dd66353eaee7f6e2aac5ee3945b

    SHA1

    93e6e203a0dd42bed4677ced9c5a251395aece8c

    SHA256

    226e37f0d731e03e8fff9c73a06e6f8da34c325c70a3217a4f12ab21dd1148e6

    SHA512

    21b9a96d227b92710e5e69faaf7b1efdb1a0c8da6886df9a69af1bc9b31571cd91c643a65bcbe811cda8a3697919fd487f94dba634fb83acf1610a8514798ece

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17aae610931a8e21156c4686c16ef8f0

    SHA1

    3bc6824f66d29920fcc0cb2d9f45982e973e9b05

    SHA256

    42bd0f6e412704d8775e04377aac02a7a09d60656427a27f441936637db18bc0

    SHA512

    770896f9c0406db245f3734e7ea769f67f6a9c582523aeee42d666c641b7017aa2ede476cd6d631d9b5b1b2190f9fe014a6c3a2e70ea662d8ec47632b0b1568b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a689998e79797cf410a3cb281c1c7d19

    SHA1

    07ffd3586c165467fb3188a53050fc575dd737b8

    SHA256

    c48cb5de4aa50e20d12f77849b1611570ca9f6e2182f73bfa31c7cba37c8ac28

    SHA512

    e1dfdd1f65da216d09494653c93816ac461472373426d8da7e4108c50eecd0f98a1824e85987bb1c2c66c0f3379ec409d8c79caa81db9fbac550943ef6501251

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE7C3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE881.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1816-11-0x0000000003B10000-0x0000000003B20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2040-14-0x0000000002FE0000-0x0000000003012000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2040-12-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-21-0x0000000002FE0000-0x0000000003012000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2040-15-0x0000000000400000-0x0000000000402000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2040-13-0x0000000002FE0000-0x0000000003012000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2040-22-0x0000000002FE0000-0x0000000003012000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2232-23-0x0000000000320000-0x0000000000352000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2232-2-0x0000000000320000-0x0000000000352000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2232-3-0x0000000000320000-0x0000000000352000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2232-5-0x0000000000320000-0x0000000000352000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2232-7-0x0000000000320000-0x0000000000352000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2232-9-0x0000000000320000-0x0000000000352000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2232-0-0x0000000000220000-0x0000000000252000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2232-1-0x0000000000260000-0x000000000029E000-memory.dmp

    Filesize

    248KB

    Download