Overview

overview

3

Static

static

3

dcdf77169d...18.dll

windows7-x64

3

dcdf77169d...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-09-2024 19:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcdf77169dd0f36c67a13f832f68a518_JaffaCakes118.dll

  • Size

    124KB

  • MD5

    dcdf77169dd0f36c67a13f832f68a518

  • SHA1

    d231b260f3ec24e9e1da6c71650d4a51f64c9631

  • SHA256

    21f17cb5cbc866c385d2b554aaeaaa9ab99c93a1c79cd0ad8c983f3d2f426db9

  • SHA512

    4e323fcd36e45754c08c3fc750b8e2882eadd1727f3960eae32c6eabdc5854ee19542c520adc1bafff30ff7de082ea263d27fde7cf950ac78abc410108c797b0

  • SSDEEP

    1536:BA/JTjuwpcxRaMrx5PNYrKqq5CwwozhOtftHpdwbHaIxQukFlfdVjouVMo:BA/JTjuheMrFQwieb6IxXYlfdVfu

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcdf77169dd0f36c67a13f832f68a518_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcdf77169dd0f36c67a13f832f68a518_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://gordon.d4rc.net/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2724
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eaeaa13a13218ebaa08ce175e1ef6d86

    SHA1

    40966e37c3032352b6c8de7a5e5d58feee4cc520

    SHA256

    a47a9631a41b64d24274283428460c8dab210b5ffd38a7b1d6f6b7bb6ab1308d

    SHA512

    031a6de5f594792e611601d215eb6071f912192cf56edce06cc4c917b899a63918748a837457d9e8a79669cf065f387421a790e47aac83fbd0eace458b66a7cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a22d7d3a74151c4b1aecc00cde7c9466

    SHA1

    0532e1566609097988aae1e05d6e55303621ba57

    SHA256

    2b7544e0e2e053774611c91facf7ea5e68d05e3b53121dfce05b37fdc6e20af8

    SHA512

    04a2fd62c5bd5bac29727505cd0d626bc311df90b039909530d4e550d6cdde18c047ebac43389a13d769ebf126747cab69870024f664421f729895ba2d5177f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b328f04f87c0495cf92fcdc70be23dd6

    SHA1

    926129bc918049f156970626787d1f99a30ba6a3

    SHA256

    8946ea160025e27ad76efe4e0bae16142387e0aa5c5986db71ba75cca28fffaa

    SHA512

    5e91c3da56a8fa2dc514b2482dd079cdbb4e8dad155c0d9ae69996124bb630c55ad0adfeac327ac09de53ede3320d07b284a30e78782788241fcb1826741906c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    551aca5cf9bbc1e1fe3a8c44cbcf8b4e

    SHA1

    50c7924c9225807aeb217102239beac620ad3a92

    SHA256

    5f7b5a33d012b2955b561162407a1d5716d2115d22d147dcf6d7912addd9291a

    SHA512

    73808ed77ecbdf53165a9bbe6f9dbec3c4fc361fa1c3548a72587f536ea11c77cf22a302a519a1a934f17bbf2ebbb470daf5112a3d2c9b70c1f77423c75c1204

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84a40faf34a1fdddcb8a87b3ff18ee81

    SHA1

    af1769f86d2e2d442602c58a2d9b64a1f7fbdf96

    SHA256

    d0fb1c0562ee8fd2b4502351818b9bb00bac11c83517466feba1099a2e5b4857

    SHA512

    c180afbef19b08db96b3777bd4ca34db2022ce756049d8eb05171a0d30c61e061d8c72c8c8f8410816f6e1fbe0807ef047b2e658e34bb17133c81495b72bd743

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78653132c22696f790b013fa1c6b456b

    SHA1

    a814dc9be2bc12fb094648d15380a544d776f485

    SHA256

    2c4110bba0e5dfb34ce3899c5f68892d684cfef361f45f8024c0806cbb93e88f

    SHA512

    aeaa2a719d3433494192436b40b7ee619acfe10e45057ebfab7895cd2b3c6321c2c4bd523126cf9f33a3659239f83b457a39ba84559f8796131f5539af7a0ec8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d6730fb0c13b57270b26d9195572cf6

    SHA1

    d917ccd46b7bc402b516fe754e60177c6793435b

    SHA256

    c9321891097afab5cd4e5da0d327c65eddcdbc29415acee6512db12b10645dc6

    SHA512

    a253eb3d8f00e0ba20c8d6bd046a0d5467f10e0cdf367daef5b152e17722f2b6294dff33d626b35cbe33cb4676587f66cdc46e358a7eb4614e7ae05a9757f529

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0e354f98ca9ff61116f27cc601a7108

    SHA1

    1f040f2bdf2a37b528cb57b55198bd6345eb1eab

    SHA256

    411cc414c98b6f65beddbcf417049771c54eca555785462228261dc82bdcadfe

    SHA512

    d526b1a10d062ca3856f7c494b03a9ab8525f8afc296a2d6d30ffae4f2c7815d471ecac7c17cc78d8fdab4b63ca044a02fbb05fde836e8debaac5964f3758993

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2feeb7cdd219f3526e7236d541de0b51

    SHA1

    deb3557225827381c730fa8bb62464908c1b7c86

    SHA256

    f6067b509d4cddbc6ba6a30704ec0c79d58e5af51aead785ad67832a52c0291d

    SHA512

    b7d080457279281bb9303d7684093d36b1dd82deef8f2367c19879aa2fc634f89bf583ed1789179eda80868339bc570c12ffd375f699db705bb8ef177e1ac299

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b3d4be0ef1218380d6449c513379379

    SHA1

    9640cfc85819afdf37c7dbe0766be75a191bb62d

    SHA256

    e1b54fbb4e077e95bfcd939f8917d23009ea33fbcbe56a45c17c62bb5ca61e60

    SHA512

    d271b96ec8c38d0ad44af1deac8ec2ab3191dfc09f5372f2ecd92300753cd29af2730ddfbe67bab35e414743e7a9cb6549099fc4197d97c42847b0afee0599e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b906dc89dba425485830854a67f5632b

    SHA1

    e73fc730a0ad204a72f95c6c39f65190b494638a

    SHA256

    d22287df5a781d085321bf171430576120b788806460739a4166e56361b48b3e

    SHA512

    14a70a56af89b23c4f26494f03e82d0e554157c161398670d259f6ed3e7d7652fb3560ac0753435680a178ddd5df3cf46407628d28b6c19b098e9ea6f8358ee8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    271b65af1f9476b37c6559cd3b79a5a3

    SHA1

    c874e2cc710b28ba069760b1711ac9fd9dcc9189

    SHA256

    e35ddc3866801b94c35e3bb5b37962af9277ae84b02bd98ff9ae239b890bd2ac

    SHA512

    004d4ed12e1e439a64f3c7c125d1923846daf8b3d2889b1dd9659b1941028cdccd883e3a71aa7007256cb7fec704a3d48606bb45cf973916d1cbc63650f834ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3eb64c83dbe2021582f6d7d83adea8ca

    SHA1

    fbaf90fa281a41df49bb1582534b2db48f8e6e7e

    SHA256

    1384d18ac321855cb6b610fce7d4390df2dd724f9da4e2986785c3706e862bc5

    SHA512

    4f245f58ec5756fc7ebdc7785ba099ef38194e4c952680cd45644ad214e7e4d02796a070942708d0fb9007e17727db1fd24728cb26390eacfde94f988bce2f04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14eae5381d3fb6aba0f9fe1e332c4743

    SHA1

    1cd88323a37d27ac1c9749b028deb3215e5ed99e

    SHA256

    d3745fa14bd844e38435af291cfc53df2df5689d79381ee4fb912b393c81f510

    SHA512

    c2c27482b237c9333a49b9c0287f16d74a65f34ec7c60cb40840ca3f18b5102792c5a342e83f473be9fc656faad54cc4bd9fcc852989cdf763017ae364446bee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75fc878a7be0f1b78ed8defc3508c132

    SHA1

    52d285b7dac413a916687fc29773dacbfd23dcde

    SHA256

    e44eb80eb1f5a5943ecd7c9e5e40230d12c1533f74739a6fb6bb584650cef5d6

    SHA512

    1cc8f7a06bdbe2a86239141bbe8d96f3c4e6905cd62e8055653f028387f781defedce1b2badbbb80028880ff865043481d59262b6596dd68913ca32d7cf30b3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17d007ef2034f38b26289d0d99a14006

    SHA1

    c94ea64f16937697912dd451caccf9d54566e3d2

    SHA256

    3c6df9633c81adb4db4db7ea7df754def1f15d22547a401cc700b2c63bda9e54

    SHA512

    695601d1ccb3142ead3d4c1b839492aa4ae9b41f605f315eb577ffb1a08da9eb1dda9e4701ba3ad8b3d13f88b95be98f6e182344d7ec26ad0c3d0809d82f321f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4f4e0084c7556bf2057d8f86d4ff39a

    SHA1

    a7f98bc01fcb0fec59add74088c47703ee4f8d41

    SHA256

    1df2581e889998629bb3d8e6ec170603995b6f5118e01654316c03579d8fffaa

    SHA512

    d8581d81c11f979800749b822a42f5f1e29a7e7e151acd3c1a8da89c1c5f5494620612b8b14a6493745f6eee83f42e7f09fd5a4f81757536b0132680c4be2385

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b700a6f3785ef1c432ea6d2b9560f33

    SHA1

    2423b98bbcadc54719c76caa93c99713920733ed

    SHA256

    66c37faaf967d634bd0e16a6c31a38c08aaa5c03a039e5b178fe890ae3e1c37a

    SHA512

    c6efd97b009e6e6f4a3ab8c177ae114ac3515ad3c8ebbe4e29c9d05374169a5a6491ad8e94f09c550342c36191a8f57a0b9a5263b3f604a22a17e6f06e1174cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6d17277d6680734a4d0aa50a8c691fe

    SHA1

    3ef3c3b84e1d3a6ef0b1edf72927be08764645e1

    SHA256

    bc6f9b3f7a3cac29e246e76df9e423e45010e933f9e57de4d46e920a0c0697a6

    SHA512

    f300aaab6be833fc0125c4f03448928e7725e43bc662bdf2e9d1c99c0bafa7d7aea99507f77323c57fd1d17d4cd5d5cc9e6f38bb7973e5a011fa9b1d1cfa9d4b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6173.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6174.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2108-0-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download