Overview

overview

6

Static

static

3

c02117ba26...18.dll

windows7-x64

6

c02117ba26...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 06:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c02117ba26a5a6939e8d52277cba03a0_JaffaCakes118.dll

  • Size

    655KB

  • MD5

    c02117ba26a5a6939e8d52277cba03a0

  • SHA1

    6d18f05992c5ede3f7b28c70f7a5b182f4346f0d

  • SHA256

    bf31563b962c8d66d4ca8a8740ac13c9a42016434f4f4de10b54cac7d1aeae52

  • SHA512

    d8ea2185af8a039644f7e080aa58993ea39060bc63052781f932739abd3a0428cb8d9c4b66a2b06606a34037ea2d5eea5705d670e959fc4ea804b8467e38d7a5

  • SSDEEP

    12288:eGi3UjPsczGwh+dHN6qSr5xxSIb5zxlNPP3zyp5Zb3e5nfQXZfX8zyY5TDZ+Wk:eGxzzFsdyhSozLZD45pOGXZP8WYFZy

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Maps connected drives based on registry 3 TTPs 3 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c02117ba26a5a6939e8d52277cba03a0_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\c02117ba26a5a6939e8d52277cba03a0_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2316
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2160

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2fbbba8312733b7e6b9bf5fc7265f5c9

          SHA1

          902fdd2911d9086c6682d49fbf302789b50015d5

          SHA256

          a62cd141ec05cd5614c155d1ba57ad2f79a65742fcb7a0662074a0ee34905892

          SHA512

          d29d2318fb754ba9b8822c4fe6e95b665fbf1e66ceed7181b71517fbead436b7ffa6603b75a288dc7aff558b9265bda4f7f013af11cc7100b17d6d30a55c6de5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4746784bfcd2b165ed857ef4dd59ffe9

          SHA1

          2af8d78e1f7fd13cf64f066f225b5cb12fa27aaf

          SHA256

          d139a68fa0fd2628bc8442a20dd9f4f282544cbf4f1c26b68cd7fdced9e1839a

          SHA512

          5df2c85c7dcfaaf3a6780c942b7be025e593cd97479e7a7539801450267420a6ceae364835c925a9c234f0330aff2001c6a69a108ae26ca2393b5f7e650871c6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7e5780eabb3b234f21f158786935d926

          SHA1

          8e1e153eafd376b9eb28123852ff52422273a5b7

          SHA256

          dec924d81296aac963cb0dcf7fa7a0e1393a42d7eee7a8d7650af8ccbb722f37

          SHA512

          36dbb7ade730cfa57ac9cad71c5c333c3a44fd8a436ce0c1b45c8def1a16b3806e05c0c6938da7517b30b47d8c4282b29cb64408bc064ea6b7c98def0ec13a37

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3c08304d91693f0d20f5efcf50d2d960

          SHA1

          506a1fa5e3f6b74e36495bd0773b0d8bd0eb0e63

          SHA256

          8614407366527ad540c906a96d33f94a7ef6f54f77f111e8f035268d7f415312

          SHA512

          a34ccb764e3f9c15f014a99f268e37a1e9c68d3144af8e6fa7762c5b4de4ad4c4902f4581ac44e62fb965ab6258ef0c76a58e3cd2d814c9cb138ccaa6f449649

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f0479dde7f5fa9fa6ec8f52ec02cd70d

          SHA1

          16a906d0b0fdd9f67f62dfa7c9d0dff59109fe7c

          SHA256

          f8e9a080d0231fb28ef686f0c205bc80779de09049d11662fe9dc2bfff1efa42

          SHA512

          2209b218b5873f73eacfa36e18f3698facae2970048ab1353d96808bd95617cec5c5708bb1ee183b1dcf79f4b2f70411d5e52a6067abd583a3d689cc737a97f2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          49abdc2436a11bbc014ffd3322a732fe

          SHA1

          1565eebac638ab5d5b5ee76cfc130fec79aee791

          SHA256

          cae31e1ab695c5b0b6a35a7ff6bf12274bf0e5eeac22409b83020db1365cff78

          SHA512

          4f0356b5dc03f4fcb127db455f4540662650e21a2f2d34431db5773b14264d49719dce9c7561c9954fac7cbc7fa64bbaa2120f9f6a2543ad9cae3e0114a4d886

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0bd6a7d8f4849c4e3db0e76084d87cdc

          SHA1

          0e337afc17887760d21c83c7c7ccf69f89ac7f12

          SHA256

          8a6e0b40e6aebf1286cfc55e587d50b9fedf880667df0fb5d1d7e3bbb073a8a6

          SHA512

          23aadc7af4af36d5725681710bfc8db430b29ca78d2afcfbfe63e461516c5adda2e28c1542976b93c1bf119bef3ac8b770beef641442e62e7d760f9707422335

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          06b68447d3b93d312d1f68fa29642611

          SHA1

          e7f5db15bb01b01186264a8a90a8c19fb4752ac5

          SHA256

          839d1328309cc73646a2d35c507429ca89264e7f6faffa7ef606e345baebd36d

          SHA512

          06ad589fc5832c25ec23dfd35bc62692ebe09d985188cf8dd39363e21f7110e3bb91459b168b84c6a6c8172fe428b29f7004e8e815d0e1c143f828839f188ef9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          10234fac494d74a4fb15fd02cf734949

          SHA1

          69c6241b004353978ee159eafe22c4801945a88b

          SHA256

          b07168a16f897eed7ae27b44b0177c5da18c77c2f10897d3632aeb78ea0448d4

          SHA512

          55c924901545e4b59d2dff78e61ece145764b5788ee495d426776f8262bb38c4b3adf037ca8f51432c98894a5c63cdcc6a211258668de4dea7400e00f201fc82

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab21B4.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar2285.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2316-0-0x00000000001E0000-0x00000000001E2000-memory.dmp

          Filesize

          8KB

          Download