Overview

overview

8

Static

static

7

d56fb70c22...18.dll

windows7-x64

8

d56fb70c22...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    110s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d56fb70c222d0ab0fca1312d311e52c9_JaffaCakes118.dll

  • Size

    704KB

  • MD5

    d56fb70c222d0ab0fca1312d311e52c9

  • SHA1

    8ab4f96b1f809bd42a54e042c5db65d4b42d3437

  • SHA256

    a8226d056b768c6b007a851f7d102122ac8abf1ef3bce53993c33daa9c7217aa

  • SHA512

    3b2c9dcae50138aa91ae98190f39e819eb47f82d134b8e7359031567a2e06cfc33aeb57cbb5e23a3b04394a5c961722a9b160a2009ff56d935e2df99c8cf74b9

  • SSDEEP

    12288:QMQYe8mAX8k9r1s3rOfwvUKKvbwhG4BDKhcs9LqgSfn/FcE5z4mzY4Fzf/3vjhjE:Q8Lpsu1s3vEkoaDKhcs9LronNVh4m3F+

Score
8/10
discoveryvmprotect

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • VMProtect packed file 6 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d56fb70c222d0ab0fca1312d311e52c9_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d56fb70c222d0ab0fca1312d311e52c9_JaffaCakes118.dll,#1
      2⤵
      • Blocklisted process makes network request
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:660
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pchack.net/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2232
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2d1a9b7bd1127016968cee4555a1ccb

    SHA1

    93a491f87b0682dbe59d261febb6211225e66c2c

    SHA256

    6dbe5a871d6c927fd5f1bfc196e948e4cbce19dbd9982e414e96935c2c28f3fc

    SHA512

    d0f7a5169385178c3bfd87c1e5ac76afd195b2e0e0d84e921ced6f35e12ec001039c9ef9c4a0023aeac3fd83924be71ffe3593bbe8c1ea27c9dced673f80ccfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19b8c6e0dd45b0daba13e276c029362c

    SHA1

    7f963ac4a39b955f80914dd0911a90b8fa1fd8d4

    SHA256

    7ba95a563d7c007a883ecd82654293a8a2f3e8eb014c22d3d18a59fc60064db8

    SHA512

    a71812c8a1b0e0cf667780d8044c4df4c3bde17345a1e86298321c49123f1ab9d6a7d03cc3bbacbdf68c3ceaf37129e6b85ad6c81cfc2c0f0cd3588b636abcb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1265e9b93bd1e46aafdc260d382a8b6

    SHA1

    e4d4ca77d3929d263e1fb0c38c1e28421b9c1ad7

    SHA256

    483470e4f33870d508065ac128a2d5e9084a871fe2aa25fe787eb788acc0e3cf

    SHA512

    2ac1c91017df4f11155675540a02828a74709a3adf2d6de2f89681c61f8b7168c7a8179e011f16da0d30e7d65fb3cc97eba394c94d7bc604e4f66300f91fcd9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9df07f3aee1924cc8b7fb051c788f12e

    SHA1

    3a889c55f23c8ea6aa771818f7558a9e84e50b9d

    SHA256

    172a391fb4b49f1fd4ae9cfb0546bf3ef7bf79736eb9e1454c0c2d8efb7700a5

    SHA512

    3534562276ee0880718b33ae395a6d7889b29bc7b806dc68656afeb122b5c675d45cddb44ba6e8e481b4a99faff6bce59fc704808e37a43355bf2efee857b792

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5920de3f35e5c4b40b79ef383234890c

    SHA1

    6fb9520a2598c816cccf806898acbe1d0b691408

    SHA256

    eb69d1e3552c75ca9e9852660833ff69cb955bcd3a066d1498fa3c2cfacee4fd

    SHA512

    9cf336facba4b157cd982b736f93f7fd49699e7e6884316558912a6fa3fc9057e1d770cf0dedbf70640f627f523fbe931aa86cda38a568d36047ddc6945ae4d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1044bb7f84d918ff09571d6670dd7a0

    SHA1

    2caac88f08d0e5e32ee91703fb916778d204bfb1

    SHA256

    4a36d863fd7e759fd2a8c25c153e8d6e4bad05ffe7bdb42f6c912d29259df82d

    SHA512

    4d67bc1c9ad2dacadf60ed470bb5dbe18d857cf2e5dbf9a02f94fa8b5860983b0776d6251b22bc47deef53bef6336a0c98cb8a91a3f6e6b8cda1944b6580862a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4dab7a61113bb4d0dd56229f64bd1c5f

    SHA1

    1ca297315100eac88f4efb814df41196931adebb

    SHA256

    003901a9fcf8dc45d57fce70d1f85914ad7c5e914bf6176f1c0863f31765515b

    SHA512

    3b8e93f681a68c69a795aa332597d139c49b60d2e6439db82fc9c9d3fa7eaf331feaa9ef216ebf332b4a59f72631151b5fece42b0d12251411cc5cd507755029

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11b0dbcc3943f48074fc03c2917b3b5c

    SHA1

    87330a7444998405d68017990b7084568cd71778

    SHA256

    902db848e0cf86451fab2c2a9ec0f0affa8218c7fb4504cb39573ca3f5661226

    SHA512

    c42d379904060feb57b20d1dad1cfae36d81dd76387fc1d3a1a73069601881ea09d032c9a2ce401d924f6a57a108617e804dca0cf7acbc7106b2ea0a603db005

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eeb866864e7459bb660deb6a8e95cfb2

    SHA1

    fe4a42081f0bbc0dd0adf26e303d24a3f3ed80b2

    SHA256

    5ad08ef4eed4b3546bdb9da305de210dccdea6f7dd9012976e7cd39a56d4d24a

    SHA512

    ee1fba3839003649ecb31425bac44e29b431a2dc43d9288e0716d4199577e7183314ad2cb4387b34d18400dba6b6acc9fe91c6e2a76d996d76de7f4dd0a9f726

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    646324a7ecd35b1f5a272e3dbb4901a4

    SHA1

    3b35a73474a49caee99a288825be3472290ca50a

    SHA256

    8b7c1f43e8156c31343015b9271188b062bcf0e26f32536d74a1964db13d8fe3

    SHA512

    a911ddd68005f569440866536aebb13d15049a1bde2adbb2bff1396cc7f8d2b45fc3e75bf1f72948c9e83d7c73628c7edce12e69036f76b7d29ea8b01c2d05ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lutsxto\imagestore.dat
    Filesize

    155B

    MD5

    88d742d45f2d1dc872607d12241aa8a2

    SHA1

    f48162ae97abdb0900ba41ebbd40f4205d0cf6d5

    SHA256

    2c73b5225dd514b726a80b98537895a52ac838a9f3c7e40a1160002d323a44e7

    SHA512

    119c2c945ad6a2fc50535507d54384e0769916d9ca385fe2d98bc56d3d275d559825ebb779de8c3c966bf409f53b0455b65a843556bc6c6aed340517eb194761

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTZJPBOG\favicon[1].gif
    Filesize

    43B

    MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

    SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

    SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

    SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFEE9.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFFC8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/660-1-0x0000000000AC0000-0x0000000000C6C000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/660-22-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/660-21-0x0000000000AC0000-0x0000000000C6C000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/660-8-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/660-0-0x0000000000AC0000-0x0000000000C6C000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/660-2-0x0000000000AC0000-0x0000000000C6C000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/660-3-0x0000000000AC0000-0x0000000000C6C000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/660-4-0x0000000000AC0000-0x0000000000C6C000-memory.dmp

    Filesize

    1.7MB

    Download