Overview

overview

8

Static

static

7

c4210a26cc...18.dll

windows7-x64

8

c4210a26cc...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2024 01:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4210a26cc355b64ed5734df960b2b78_JaffaCakes118.dll

  • Size

    209KB

  • MD5

    c4210a26cc355b64ed5734df960b2b78

  • SHA1

    d0716e4ee39e2caefc5844b35143a4d7e38ae4ec

  • SHA256

    838d2f9aa24bb10a81b1d750e116c443100f2be1093fc138e31621fd5911c460

  • SHA512

    f000f29368d3c77c14c901573995b05b3b252134af1a16c01e32e1bfb3d35195f1d220f380f7bf887851495c001d3b56dd86895ef608dac9e43f32f0da777f43

  • SSDEEP

    6144:T/q32rRjPhKuDkkLjp+ScgBKozpJ1XVSGuRq9M:myR9rIMHZBKI/XV2M

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4210a26cc355b64ed5734df960b2b78_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4210a26cc355b64ed5734df960b2b78_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1396
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2436
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2692
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:1636
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03c9c0a053e1638323b9ff06e25234b0

    SHA1

    83dd9ad8a72e828d0c4ceaada98f3ec26bd267e4

    SHA256

    ed444849cf6eb9c714098f8230f55d0f93d9100d413d38f3ee020c8278d1a449

    SHA512

    647acc372c9d3124ba293e57e8fbd990caf67a1188de6c1e266edb9b6fce4225cf0108426f354b9c3392de174e3c429912532498043ec4051f4cf5c44e658cd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67a33f596e703cef7057afec54f7e305

    SHA1

    e5f5eea0bff5d46ca38b7a25f520467c6388c732

    SHA256

    5da6204c3554259c30e70737704bc7d11d068d9bf33d9e742c6f74c3ccd030b0

    SHA512

    554b46d42aaade7e79a1924beef782cfe6f7ba8ba8706e0167eb0b60dbd9448b0613fdacc0d8d0cc998338c2a1a2342b3b7682824a8314cb2a5a3c23db9a67e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de8d88154b2755fbbf588c73611e118f

    SHA1

    9e8345493db9e7062edb94128d93270b1166d130

    SHA256

    e915e6268f20ca96ed300dae608d46996229685f79738b1478d5ee8f16be30ff

    SHA512

    df7d9f77576dd5d2ebbed7a68da68eedc0a63b52135b13f1e1b16c225981fa971c0034478089e6c959d53bb8023b847fa7b816b8fc1533f5d315a2a32d490c30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c17b470c8263ac47129851a72b450eb

    SHA1

    5edea41819dc06f883f178de8cbfaeecaa0bdb0c

    SHA256

    09c98faeea382713ef609faf29f6745ec4519ad6baeaca3aba2905a80d29964c

    SHA512

    e7a11315fab7b2e1e7f18b725a7c654f93742d344a5e5932f357b0c5d8c593d5a5275d5801dcb31e84a52ffd9cd761d2512e4725a9a60ea6f4be66ddd7639388

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a49a0595d99d790d655709cf9305d18a

    SHA1

    59a968e318cd38ef199892454ebbbd0a8aa3cf10

    SHA256

    1a7ea958d0e50ee85e5ac84d3f06f4a473e1fe523ef4c7a661b21a3e7831b58e

    SHA512

    08d89d0a4db043d18cf47f070fa93a2557e0786074f3f754bc5400335daf858c3a697da6387163a4d5cfca94709fc9c445354731c4a421c36349dcc8bca755eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    355bbab199af290a2b0114ba884fd474

    SHA1

    5d47992d800c78900598afa6b02e2b7a01ab17df

    SHA256

    d69d68356bc30dcc9545e05c7ab5c5c64e7cfece1dabff2d414e220ac1cd4036

    SHA512

    f690aca36509b06633952902a3c597744f2c0855284d0fabd21275b64397c6747d5b681c30ad0a0059f4c8ac3488925b562b9dcb043406944c253bbdbc46d1f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    553707406266ab85b204208083aaa5aa

    SHA1

    b97a72e531c1c3f11547e8593c711e84ea38ff2a

    SHA256

    21425ee7be14d392322c82cd1ae3589c7d4fbc8380028866bda7cd7fbc911039

    SHA512

    24a7ba18203f9ceafdc80cdd3021b35a2ddb9a5db2dfd9abafc654bd170863a4d88ee0ab489342211ce1325241ddf6862ba0bf90f60bda0dddcd958566ff88b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4330f3c451735d4d0a92eca3fa00424e

    SHA1

    bc88a9c0a4c8cdba2bb75a85b9ec4f932764ec8d

    SHA256

    c966cfca5143d4649723ef6a921363110f988e5d5c60c8e7909d898639cefb8d

    SHA512

    29492e343c1e06b7e9c8ab3a4710f542dbf3a0f69bf7bd075caf05a6623a7277dae7271293d165516537937a977fe0dfb0464a29569f2e54de991cb704fc11fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91e4e714cd42afba786a5ddd995397db

    SHA1

    7a6fba985892f76cfb7441246746dd54bd9299e9

    SHA256

    a46c67dd18125ba629a66a5be15eb94415f0c57c939cb0a8570c3a5af361622d

    SHA512

    c81fdc9b3b0263e2db04e1f911aaafdbe4c8bd53725431f042efbb30044a034e23ba563a7d00e3d66d84046636f9d01c4aa6d60a46c2f7ef1bd3353fd635c502

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f712cc6aeebbffb63f202e12d15c3411

    SHA1

    acebb9614ef941055f63bd55908ccb735924e0b2

    SHA256

    ed1e9b3cace87edd1906bc909fe263498768899114901fed79e592b53f32b73a

    SHA512

    21c00da015588d334b970d06cd0f2405f5d577371e0b9d31fb29ee1518c99ddf275f59c15bfc473d9bf3ce0ca7861891bd9617d0965aa269868723dffeb2b2ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1db74504faea5af156f020b7d15c773

    SHA1

    6797b9a401002bd77f614e7b4916982f43aa93c4

    SHA256

    696cf954bb15a081254746031ec1d5420549adb685c38276b836a114f1e53331

    SHA512

    b4afb3cf85973b8fc8dde424fdb12b6d0cebfae1398f18fa87265e3230e447560e3c81ca98145111f80bd6e07ccf3977fafe982ae4f5ab5677630b3519812598

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87aa22a0996422a9a583e0f676618dae

    SHA1

    bbea8d347733e7ee3ffde6f33d5099c542861fb3

    SHA256

    c12d01deefbe35ce44a7f2f35b98684f9dc6acf511b55d3941da1008f210f954

    SHA512

    e748d980dbc6ab5f263425a8657c399b9a811a8be41ab9ab57f6e644fe829d240a0c84f422f5f8bbfa6631ca2c75db390363372191df16d47384ef3c33652712

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f22ab090b061258726a86fa0e5298cf

    SHA1

    7d01f0d80b67ece911eabdb819bc54d131515b22

    SHA256

    c4f092d7813374de367bcf0bb6190593c191f7fd8e2f6000bba807c73e17425a

    SHA512

    4c73e1322282d9981392574e2d4ae51b42c82f86cb18d5f685dd307ae20e77d42ef1f3e7c3a381ae58d2a155ef6c1853cd1c08620f93dc47abdda6b11d732c93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b02c728c111773f128f9ed89d3ba985

    SHA1

    57624c869f224764b7e45f8abb05c800251c3716

    SHA256

    3bc555ac3935bd2ed023e89e04c05ccb8ab23a91494ecc742e4f0fb4c7739e81

    SHA512

    b8eda455c94611cc5241867aa841f190a93081361d8ebf2e650b17a12ca798fb30b8ce73ab96bca2d050a4a68f0ea254f1abd51f759b3a7e7bea100dc5c45f99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d06794d39ce24004eeda8b7eda08feed

    SHA1

    d5732c376b9502a81e033d6cb663780d3246caf9

    SHA256

    a20262ccf448bdcbc4a539cb15d3bd23422941e108ea79c316c87dde61da3966

    SHA512

    5df7485d1561b2f28cbba6942f92941e85b5c8218d0b80623a97ef72654f2c7ad42df7e3c25d93b89cb9d5f46ff12ee593f2845b4359487ba9f62b512adde7fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47ff63417beb7dbabaea79564cf984a3

    SHA1

    f329c38ce98f9e39380d3fd956afd336c150609d

    SHA256

    a9b9c0977da27eca06aa83d7e225c3463d7fbe28cfa540f9c34106fec1c21b7e

    SHA512

    27b8f2dcc26230378aa11f44dced80d8094b7d38b497323c3e38e86f6b4df5538b1feeffa734eb1cabe5e8e66a7af73ea34e1853d70847f3c61647a25d216edf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6B8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar738.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2144-3-0x0000000000290000-0x00000000002E2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2144-13-0x0000000000290000-0x00000000002E2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2144-1-0x0000000000290000-0x00000000002E2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2144-0-0x0000000000290000-0x00000000002E2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2144-2-0x0000000000100000-0x0000000000114000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2436-18-0x0000000000230000-0x0000000000282000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2436-12-0x00000000003C0000-0x00000000003C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2436-8-0x0000000000230000-0x0000000000282000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2436-7-0x0000000000230000-0x0000000000282000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2436-6-0x0000000000140000-0x0000000000141000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-10-0x0000000000540000-0x0000000000592000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2692-11-0x0000000000540000-0x0000000000592000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2692-293-0x0000000000540000-0x0000000000592000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2808-5-0x0000000003D80000-0x0000000003D90000-memory.dmp

    Filesize

    64KB

    Download