Overview

overview

8

Static

static

7

cd98c33b8c...18.dll

windows7-x64

8

cd98c33b8c...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    31-08-2024 21:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd98c33b8c684c19e1571187a8ff3234_JaffaCakes118.dll

  • Size

    188KB

  • MD5

    cd98c33b8c684c19e1571187a8ff3234

  • SHA1

    35714eaeb855124cfbf9607132db4d2bcbde3288

  • SHA256

    43d7182f818869d94e4bd1e16bd157f1981aa9002bdc689ce2736b29354ec178

  • SHA512

    4079f15f6b4c297d2b5ecb935570909eabcd3e6f08e613b55e8e645f2d5cd858b15edcea1fbbb1cac7db1cb82521abf7e7bf497d2fd130ec0e2b75ce0b66ce6c

  • SSDEEP

    3072:CYQNHPn7TboFfVqQlXt4veso+nfXNyMDKieHeLvMr9y8ZoIyseKwXlc38/:C1lPn7XoOYyvxo+nfXNJD3U8D3KElcs

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd98c33b8c684c19e1571187a8ff3234_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd98c33b8c684c19e1571187a8ff3234_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1344
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:996
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1856
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2324
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2624
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d69ecdde14ba01ea0775755063482748

    SHA1

    87e7eb9af3d6bdb2d5b9729371547e0914716814

    SHA256

    b9827fa778a7f1d4d74ebb04e131083c27f6add88ba03e97a959697f4df2d154

    SHA512

    1f83275641ff10fc9c8fb78a06da6e0c271989bfd815b4111c28534a21c75c96f1e7f70b89e2883eab0d25572ee304f76d39e55831359668b809a35d60a300a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    403c3ee49dd31e8643341e1f6d938b45

    SHA1

    e07a7dcc7ac4f4939d98db90cbad90502b7ced43

    SHA256

    15f805121c834c8213024675f9f96b66c372017ea1b3decd9cdb9ee33e6d74ce

    SHA512

    e196b7238390afa4b23b88181fa538740d625a44dd6e86689d3b5892f91199818bbe39be5cc1d0fb8238a33980e5200a11a388f9c3244b9ceb7b1ed13128c2a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45583482883263969611523b7bc18020

    SHA1

    a341cef8e68996f2805fe5963b50dd52d5f226cc

    SHA256

    c56691e3b0899eb5453afbd1f41d0c0db526fa3391c2627fd6361ecfefba63f7

    SHA512

    435214a566e2d4bd6f5048405312c32c2ec51e20e8871f6bcd6a057004270a496c2fcc837eb61744bd4537824b573a135e9263468aa324120a55409d1fabab03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f60b26196126e65b115eb0fee08203e

    SHA1

    4006db663fc2f521f3135711cc9b5c7288a83c8c

    SHA256

    159a5270a62313ca40529e42c3a6183945b4ee562c27d06794cb67260fab3441

    SHA512

    9dc1f3810ba177477fe990b4b94d63e4fb97a034294d24ed22c317ef86639e73bf00e75d13fb3e5d5338064d8005ade7e58b105f9c895f71bdec3b8856c5b138

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6c6942e7119d662b2c77e66ede2d2f9

    SHA1

    12f7e1b1192964a0e4b779f2451afaf094a6c94d

    SHA256

    9fc8da1db5a194bbeb7351ae3281278866a8032fa131c488dc1585dd15ed5ef0

    SHA512

    f3797d6ac24301b2a6ab438e6c0b4c9b5fea3d3db918a4a13764632917c2a74d84e7b3c651cf346a2de337297ca56e1bb4bc70b2a63d7dd3454d42ceb49e3642

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c92797e00c46b68228ecdf9536f8286

    SHA1

    eea5fceee382b5e2d63de0c394d2de4a55bcdf63

    SHA256

    959739bc4d9020b404f7972f3f7f5ab07657eba2f3c95793aef28bcc2c04140c

    SHA512

    7286c6568c177bef8767dd4362759ba77494c489930ffc425d155c147a92060bd7016059d98bd2092b7e8e0b73a11b58c586cefb4e3bb1f456d7536cbff33aec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c274b5f8a4f886a3ee8b039f515abb63

    SHA1

    fcfa22c1b2735155e8639be6cbd0173f52433945

    SHA256

    4476669eb709d508e4a976edf0eac0695c15155b6baac2777bea9ec57bb8f8ac

    SHA512

    f63b994be037fdfb47098dc2e2eabe0efd45d77e113c319182b3b613a707149c1debfcb9bf9bfd3b05655daf7da76dca62b4dceef5757a5c1ea3ec400b0702b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e27c2127fcbba29ee169b1fef5e7974e

    SHA1

    b7bccb811824ecc101f3e3e3ae4fc6253e5aa7aa

    SHA256

    f4f6ed6b91c76fe2f547c6046186dce388b8b6c4a403284df7777ed021e4c2ef

    SHA512

    7fdb4a3dacf83cc78840e9098b6dec5fbfb8cbfab132d92b3da9d5e77011a4948883b148c2330ca7f16615ee52b9923f6188c9f436b20331e70d5bc1105ccac6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1a210484bcb4190c32783212d67c6ef

    SHA1

    c7598be8b35eab7d1a7c4ab9f30209464b2797bc

    SHA256

    ac1809d89a1a19e9de3acd338ee786ebcfe968a22cbacb6f6a1503e107b1dea9

    SHA512

    3b2908a39b5dfa76733b4b108dc74d85a87243ff96269ae7cb24f59d5a9cbb710401b1d5344d50cd808aed2c8fd68fcf0f0a44ef982bb2583e75a0a8043a09ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd9ad617ac4fa97e197849b41ff272c9

    SHA1

    e7f75f5f75eb26eaf8ecbb913cf04414aa26676f

    SHA256

    5765063416fdb2bfdb9ebb6f9f8440ddb944735ef5175cd373126d8e464a2740

    SHA512

    e33024fc5a0abbd2e2513987b686a1662d07b28018e7f33cd47cc9180375ca0f3d65ace3645267dcb384535e0636553a11978063e6bb4b1cf20a930f067c2e7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    048dbae7158356aed2b7ffc9f5dbd3a1

    SHA1

    3e90bf3d890769c1ddaa580dc6f1dee020fd91eb

    SHA256

    fb7e36006beaa0953b88215f26c13c70743b241cbd1c918f7f73f3da217bf39a

    SHA512

    ff019fa414f3861ce08e8b9543da44dc8d01ed8356f34a68e9751664d6a48759f55f5a997daf3111f3b135dda28d1d2cddc3789e0ce593f8e1524a4eec852464

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc629fc02b2fcff4eecc3b4b453cbf72

    SHA1

    3bde0d9ca151370e7bfeed60a954a4a39ff4bc93

    SHA256

    23e5684504038ac0d9dff5ffea730bb1cad39b1d2813c44b679a3b09cf4e001e

    SHA512

    86c7b9fdadabc49b19c3b020f17b230d3e6bcb5f7c5e2baccdf711e56079f037383e428bcd7a870161ac3107c980931afc5249c86aa22df7af65344c22bf2378

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2801d034cd2d3ecc55359d6638255b9

    SHA1

    a42dcbb095308ddb08e076a99eea8c1bd7dcbe5d

    SHA256

    cb94599a61b6551bf548cb1d9e95f59a9e179e01cfc4c765f8d684adbeec2e4c

    SHA512

    d7c611b849ceffd5068162bd038f146c7e50365beb0800ddcd355fd614a29c5dfbaaec4e7d9937220b734205ea4f51cf721ca34ca82c327425fdbdf4146987a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09ee54dd4c761dfc71ad442560392157

    SHA1

    e5073ef4cda204d4e418e9de1901e75dcbbcf0f5

    SHA256

    4fe4e29c82414098d7204f00a49d4f654355b23484904c4e741a65de984dbd97

    SHA512

    996be8ed2272f1889041dd5da6b4e95bf9216d0f7e24f0298ff20c6961f048c12be5d61c0caa12ae4bae8195aee6d17e011ef213ffb7828800fda521814c24d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fca99aed66e0e4e720770383152d1038

    SHA1

    7b19166da8bf9005e5c2d86cbba212cfd7a328f4

    SHA256

    8b42dc386ccccf11b5f7fdc930055f8067de9f729ea50b59647eed700b382d8b

    SHA512

    ef57f2a1eefeafc61426d6f9962193a77846602ab23aec1c10f939fc098b43a42f52255486dcec2f562d14cab68a67cae91b6f3d926c2426ef8913659280462c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4499257845c1e7f6e1a17e7fa91dff0e

    SHA1

    8d3882d280e2899e31cad6e3d24fa7d8d1cf7840

    SHA256

    68ba94fed085eacf3476901a9995a3a111369b617de3ea7246c830060d785572

    SHA512

    86fe4f8ab691acfa4852ac60648b01b55fbd63a0dc7fab59a939ceafe3cc8279af2de58974ce8613a6561db32b16b48b93ddf08bf8e489af1e829b584c597ecd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44fc2872e3f522c2df1754011c149ff2

    SHA1

    cf28301829af5ff45a2c1851c8494e62e52fd54d

    SHA256

    12dce041756c8a8546f2d3e3023e056356988c3503daf8db6e65c79986b40bc6

    SHA512

    70c898735b11eeb42696756f090456861e17eb7d7b2c2b2b0a90452c7aea2d8d040269f6c9e0cde16b7504cbc2d04180e4721ed919f89053bba0a5f02d78d562

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    902d9fe113279c0a1d0e0941fa48584f

    SHA1

    8492d84d55b801e58ef7edcd353dec886ba48e9d

    SHA256

    6098ead03d80e7cd7f362dc1fc6804950b6441b2e6f2c89a826037c5b4ed3148

    SHA512

    3e626cd15747c6ad26a001701ba9a0bedf893be643df7ca063c7bbbd0b1f1f3c8b8e07e447895ba522cc3270455296414a29fd1bb7c6948936b543f2d89672c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9bfe0a7196c247834d5179bb5b9f03ac

    SHA1

    370f9c8aba534d42222d10f868197fa632373232

    SHA256

    b7fe9e7eaf1a8e8a7856cf1ce82accb721a72f9daa2ef1274ebf4f15fa845487

    SHA512

    568b7cb68c6435bfc101ae1d41631b22d7fb92801cd7521340ea33c3dfe406b3e5f88d36ffcb0daf537e50383657d3748acbff02f861028863311a11f6ac9ef4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab651C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar65CB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1344-0-0x0000000000170000-0x00000000001BB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1344-12-0x0000000000170000-0x00000000001BB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1344-1-0x00000000001E0000-0x00000000001F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1344-2-0x0000000000170000-0x00000000001BB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1760-4-0x0000000003D90000-0x0000000003DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1856-13-0x0000000000150000-0x000000000019B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1856-8-0x00000000003C0000-0x00000000003C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1856-7-0x0000000000150000-0x000000000019B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1856-6-0x0000000000150000-0x000000000019B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1856-5-0x0000000000140000-0x0000000000141000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-14-0x0000000000270000-0x00000000002BB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2324-10-0x0000000000270000-0x00000000002BB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2324-11-0x0000000000270000-0x00000000002BB000-memory.dmp

    Filesize

    300KB

    Download