Overview

overview

8

Static

static

1

d7283aa219...18.dll

windows7-x64

8

d7283aa219...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 21:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d7283aa2190760328e0c8328ce82138b_JaffaCakes118.dll

  • Size

    245KB

  • MD5

    d7283aa2190760328e0c8328ce82138b

  • SHA1

    a4d32514314b891ef6ce258c2ff8a4963e9ec8d7

  • SHA256

    8094c95426b3b8a96d2c2a2814b4a275f18a2e19dba143ea7d4e7fc54ef78414

  • SHA512

    062856b44b31d70c3120f59cc4391092ba229ec56f0295d203b23a9af4a1ba48b5d86548bc39c50d0705961b36766ca97e93b488ac0deb7f0505450c296681a1

  • SSDEEP

    3072:TbE7bGoSW+JCG6KW2TkTF5uhCIV4gjFpFgA9FhyTcVE3ITIaGN37fyV2xzTS:TbE7bHSWkW2GF5u4YT9vyABxQdX

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7283aa2190760328e0c8328ce82138b_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7283aa2190760328e0c8328ce82138b_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2312
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1528
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2672
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2700
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2892

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          67523b825ffad5382906da979c1a0548

          SHA1

          571ce25c098d1086b2bac19a79c4595d472ccb82

          SHA256

          a2ddbce6ef9e3b1b970c0cf1c3e00361d5d71987a61fb69f9e0d87353827cf04

          SHA512

          2580f6ec29b9cfdf94c4a48366b87114bf23c3d71102401b79486b47c13055133a44b1a765d2274a26e0d36c13fc0609d985299aeb3fd818cd5de0ee42f99e76

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d89d2934a48f9249a11067ffadacc4a6

          SHA1

          e84c99cdd79cb9e216acd14317e633c5b6833049

          SHA256

          16e8fe1c31c4f6c76dd191b2221b55a97ff42ddc2caf6789e76235cbfd7e014e

          SHA512

          e2a5a74ea84bea039cf28b973af77cb297cf49f747d094abd448fc20960e8ac65d296c2a11d4844ce518c43f50d3a2a613fa9feafb1e86c92b88f259694518b6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          416a49eeddf27b2f99b878a09715c57f

          SHA1

          0b42dbd66a37487e69fe3a7f88991ef105778a91

          SHA256

          31176937e038dd0d1aa197e92bc320b76ffde8931e0ba7c57a67271a0ab3bc72

          SHA512

          9d73cb6b6521481302fde5a89f45002eb7a0895405fb21d55bf35ea14e1d226897162bf25a04ce9057a3351302e06d9b0d82617e1b466f7b0941154a04d80763

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ed819c87e086d1515634d07bef1f61b5

          SHA1

          d95779144ad65eb2e41b028bd7350244b33fde1d

          SHA256

          89f5dd5c711b4cdf7e5ccb2c8aa6d15ac2f85586f2fa2d75a3be8b94b9d254e6

          SHA512

          65a04d4f41841bd609af714868f6b7a5a43163a0b221d66a3c08e735f821af20b23ee3f7333973a5c6bfe884ba9dbe11f222390d2c7a066fee4a1c0d5c26132e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1eff1aa780d4583f1034896a5b603265

          SHA1

          9398778f539fc51005adf27f670b4f27e3829c49

          SHA256

          9e9abfe7b0d23b59723c77cd4433bc60496fad30ec629b89cf4048bdea06d6bb

          SHA512

          5267f66acea8a24d485dfbc42b3d80531ab6a927fa4ae30192177e32d90c5df889e5cb30a5fe0e378198c64fe32449e7d75de86d50700378b70d296cac3db0ab

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          21cb7f6b948af15b4edf0a4d89837be9

          SHA1

          7703033e3d6ea0ad6d26e9d51723982e450491d8

          SHA256

          7893cf55bf6184710811e2976c0e9754e2fec2752ce76218d4d9521fbc67674e

          SHA512

          4eb4d1de53a682c9b1f983df04a37986dcfef34a6a164bbd349c1b5cd06b42e0ecbccec803e847aca9c9a6c153aa812f14e54b88f220a395b382233c378db497

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7a9c4bc5ef89b68413baac1cfc9a7dd0

          SHA1

          b2f3ec7795470416e51918ee360a41f3b5617028

          SHA256

          389e48a3ce9a067b74a14efa354b8531eff96674a822ec12fc37166d43172960

          SHA512

          aff380fe1f57f288573ca2aef3d619a0b69361579b223e8f8cff0d88b610489de79ac7a6051be2ea3319408003b735ac6928753a47216ab5d4920ff291f8e85f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5546348314aa18f3bced3024fddd8633

          SHA1

          191f66878403826582fa0bdbdc0efccfbf8fbdcf

          SHA256

          5f1c0ef182420a2f22d9f3a806e3e612556699aae121a0172c03bc420e8414fc

          SHA512

          9092b430ce7e8f323f6fe4488f58f79b60522fbc657caea00a61819a458ecfbe1648984528f39892c69b44dfb53d0aedde3145607c0335c165a907c9fb3315dd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1c894dd4ae5aa36e455fd146a430c0ce

          SHA1

          ad0bc40fdb64e4369f4e6528349f90604f1fce5f

          SHA256

          10614a39174628ef78e65f6da6cb71342729e0d1d85e09086f1e7f1521bf8a16

          SHA512

          902710e86a6711b4024a65c4c5aef5529bef6ed458bac4ea1cf93224783ba163e653a00fb23c04d3bb099b2c840fdbbcbbbdb52012058f4f4a7cc2962fc5af4e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1d2ef7206b2aa43fec546239f7f32397

          SHA1

          d7453788ea370aa4ffcaa9c1cdfa476543faa134

          SHA256

          339ec7ff25bd73553ef34cdff673f58ad2e9f8d263fd3375a03a36ae0ea171e8

          SHA512

          451dc868d1ccd384429d11a9041bc934267d51cf739852708f475b14eb2b9d6904771f06e59e1ea39e33efb236b9030cfe3c98c48258b2082df1565b6449e12e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0a3f5c2d8b89dde5cdb3266f32f29fa1

          SHA1

          b6bce3c0f022ad395cf8e6f9c694af79e6c55478

          SHA256

          6a54054b65fa97dfc81de93f1810a2bb1bb7596401d22bf0f35a1bbecc47426a

          SHA512

          f708569607875bdc7ebd6a880b4a3da620b1e190b4c4e6244a8fb7a538f66de38c5d410dc8849550e06c3c384a45d13539d5610686c8cbdeaa6549a177a9d166

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b9c3a81ae731b26fa87e866d577cf64d

          SHA1

          9bef4f3aa06c92a6337f8b0fd1cbde130fbea2f2

          SHA256

          9cb61297ddf1d71d5264939afb520e04b7b4d8e6aeea8c172df8e59e9b23a3ec

          SHA512

          0126f21cc6367cfec77575f87d7e64eae3b9535745ac374c461f616274da303d565e7d857c7277155883abc8f833593663992efdb7861a8538863e8ddfb694e9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          54c5aebf0f09fbf4aed2eda07ccd83ff

          SHA1

          d1d5eaa0a5f19efe7a937901bbcabc67c2f60384

          SHA256

          d29e830ecbf8bc0946c7d0f88f32093dfd74d3397df3b6978c808f8bf263c106

          SHA512

          c4551e04e7fc0ac24df36335c328d8c46a6454fa994f7d1a7015e24bca19be85f6c4ddf299fb3bf475d2947ac5544c6dcc9dd7c25627b32638ffeab98d5fd168

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7a6e53a78ffa1f0154545d1227f8d301

          SHA1

          a8a7e7bbb94e02bd61c035607d7524b71e628a85

          SHA256

          0e9c6985bdee5b380cf6dd89a40c4aef35435085563edbb5408ac10047639419

          SHA512

          dbfa499b68a772e644b60be36f372d33182f6bf9d81c84384216089b4b6d9cb876208987a9a412fb9137f18a5b4d7f8c6800a9a345dedaa866f429cf9b6c06b3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7191c01b4ab0392add4e472dd21cb958

          SHA1

          b1715fc40a5874a689a2c588dad7061be813df76

          SHA256

          42adeaa597985f413de6bcf1091c662e44d9de60f65472d1844fc9ce2630e193

          SHA512

          d444e69ab5578ecd36bcc4ed08700f77dc900e216229f30ccb06a14d48fdfa3251f474ca8c0f6dc4f0e08434ae5a0a7d689f86b2c35b21ccc771520fa0db9daa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          eca7d57c5b5e380746f5ef1f9ce3cae3

          SHA1

          8d714d6f88bb0ed7ab82c3c253bbeb0d319f89b4

          SHA256

          05141743d33d54b13296a6c5ab49dad87514ffc7db71f8ce0a0c2ba8a7342ac1

          SHA512

          79e9f2ffa99eee2af75d5a7e6b23186552f38ece6c53a1c013cdb0526318c330775dda8d8f0279af0c7fb751f4509d92a9f0bd5841db5c9a3b37e77cc7a03890

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          56f5532ed269c64f5be471d578daf917

          SHA1

          84096dcb494cefb11c1609a5db0ed5e6c8d1007f

          SHA256

          65650af6a90ad958ea681d5a21565019afd5495612c75e0ab00a12b33022d17d

          SHA512

          853233d8e4252c18fb65bdc192de26a3f5280e551dbfdf9cbc2d6168786975eb2e921561a0f8375c6e31aa0b51b69dcb529042c4ad3dbde1c9fc3e773f0d7a36

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f397114581118d893b57a8a4ce1f1bb4

          SHA1

          36888fd55d326046f7f78ac7ac277969f948ecc6

          SHA256

          b2e8b976b63a3a8c426e47a91fe8e70945dd15675a5739e33dcd9e51872cf05c

          SHA512

          a83aac9f0273675d656ab7c461592c10662be4b1806afee02e8ea8fee28a969bd5800286832bc7d74e53a6e8a148854311ba61269415a1572a9fb0228a8af27f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab6896.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar6906.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/1528-13-0x0000000001EB0000-0x0000000001EE0000-memory.dmp

          Filesize

          192KB

          Download

        • memory/1528-12-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1528-18-0x0000000001EB0000-0x0000000001EE0000-memory.dmp

          Filesize

          192KB

          Download

        • memory/1528-17-0x0000000001EB0000-0x0000000001EE0000-memory.dmp

          Filesize

          192KB

          Download

        • memory/1528-15-0x0000000000450000-0x0000000000452000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1528-14-0x0000000001EB0000-0x0000000001EE0000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2532-19-0x0000000000340000-0x0000000000370000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2532-7-0x0000000000340000-0x0000000000370000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2532-2-0x0000000000340000-0x0000000000370000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2532-5-0x0000000000340000-0x0000000000370000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2532-9-0x0000000000340000-0x0000000000370000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2532-4-0x0000000000340000-0x0000000000370000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2532-0-0x0000000000200000-0x0000000000230000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2532-1-0x0000000000230000-0x0000000000271000-memory.dmp

          Filesize

          260KB

          Download

        • memory/2780-11-0x0000000003D90000-0x0000000003DA0000-memory.dmp

          Filesize

          64KB

          Download