Overview

overview

6

Static

static

3

eacea82ee8...18.dll

windows7-x64

6

eacea82ee8...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eacea82ee8a5c4381f23e6fb65dcb31c_JaffaCakes118.dll

  • Size

    429KB

  • MD5

    eacea82ee8a5c4381f23e6fb65dcb31c

  • SHA1

    bd58e0a9df06b5bd1dd111f3eb6be684db91252f

  • SHA256

    c42ab0c71305a420cdeb203e6c49669d2071d6ebd9c896bf4f74172687c2140b

  • SHA512

    3998058fd518ee90491724a7e807e0ac8ab3c9b99b4b10a7172d37da7a371f15eca7ae95c80e5b725d5ef57c2e8dc5fdc74150d399fadc9075a8afb5321b4176

  • SSDEEP

    12288:1/H+yPeU2C9n1NkpvEfPhtqp7Px2+FcU4uy:1/sU2WkpvEfJko2cU4h

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\eacea82ee8a5c4381f23e6fb65dcb31c_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\eacea82ee8a5c4381f23e6fb65dcb31c_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:1700
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1cef6f10236e2b060682641f4de68f3

    SHA1

    1ee3935f96a4c446a52e04bf13ab150e59903fd5

    SHA256

    6296305119f0290093df80bd7768e8c139f36713767ddb6000d8ca922ea16338

    SHA512

    3ba6610748a9764d8ba132e23c25d7e260dbb6174db5f60017e5a5c8b27d972e132490d07a6709edd394db1a215cbdd77d1135b204148b42fd64012c52455d80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1eb1c86e4f722dcaafcf1dd9a57eb296

    SHA1

    38f88291a27bbca43ba49af97a58f347058be217

    SHA256

    62fce87af80ae3c66e14b0c7615a5e3e33620aa61c7cb8daccdc7262e6a166b7

    SHA512

    7e58603247d353d55c4ee3799cfd64e05bbd809b60d56249ada5b20b40c62a22547f68155da6b07556e2951e4f57f05c6ec7152ec9edc00dd6503183af3bb17d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90e884134834d240488b11df93aef028

    SHA1

    658f12310ee093afb3a6132a794aed46b9b302d7

    SHA256

    270fb61bd37e18d097851fedc221e9f94170851a7ad9de95c1c1d439a9da53af

    SHA512

    2d9f0a82d57ae6dd323d78bf1b73f4a40e44ecb7f2af0f51636c1950f4abf9f36a885d21bef4014a047a14774876aa58e971d18736ca1d761f6f6f75570ff180

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffec51ed2a8b3892aa47b77606444ad0

    SHA1

    8febac3ef4a364ed4c1724496d29f8b4320dd944

    SHA256

    24f4b9d485723395201c577ca90b9a4c92dc4a5cdd8cc80490006df3bd6811ba

    SHA512

    d59ce839718f31a20ca6a5e6902d2f4559f68e2c1c9c2d4c85d02fed8e8f6ebe703a763174734e8f50be336139be688846fe11e293818115650d6a1fddc6f380

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7484c950f512ff2cbc04dce805a64137

    SHA1

    c3201248ee9a3e5dd3a03ad1fb21aceee79ea01b

    SHA256

    868fde3164456da02de53aeaab02b20d7d59d7ce0a73ef31248554a6895d7c11

    SHA512

    9c4e5d7260cb817a219346869df9d6232a7cdf16bbca4cfed986cc092da953af8cd2a15ee2814c113cbd0387b0fd013a5205d92b55a3455d23e29b169ff0100e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    873288cf426f5a8512443207be69048c

    SHA1

    d7bbb95f8e0b6552e8fe5509715604a8418520e2

    SHA256

    94fb03d6fcecc58507ed6bcb6ce407203c823ff5c8226b8c139205bd756ecef6

    SHA512

    7600c1908a4302dd0a84a8398bb11eea74e90a80bd8fed2014f38e99b497f11cd5b714222a68a2aaddd22b89f8ea6f2bd22b64d71ef740ec9a21dd371ab86d8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab244ee31d6420f746669e2f65b0706e

    SHA1

    c7d3376040c8b312f3f0ba25c5d4851217ffccac

    SHA256

    c3e9ae34e119f675d991e1b1266e25a6e5c4768395832feb1f7475497fd419f9

    SHA512

    1b47e4991926246ec913c178f8fec414ac8f3911b4488ff42716200053ace370d9b1b54bac6fbf7b54be1afcdcb7dfc9656eb8c195821743b7d7c46873c630a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    270682c6199527bdbfb06f3d48eefa4b

    SHA1

    e34082e4d259e33c580f85011d30b2816136a34a

    SHA256

    d19b3f505434c5bb35575f330266562671e71022426aa823c8af61ea34dbbe0a

    SHA512

    5235fe9bb3db9401f13602642fd458d587d2d9c8742dd1832544302e5a48451ade0cef04e6d7b5a35825df4472bd4e30270a1ca0dbf84a5e506a85d5c9f37a0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fa53fc1f4fde88daaf201f1a5905adc

    SHA1

    a80d0d7e3f830726811a5ce50fd780e39afb5219

    SHA256

    bb6fbf4491676f0d03d04ed88bd7514e867499597d20736937e2ae18dd0c0dc1

    SHA512

    132df72b21bb83681c8b985c9fec21c832788de6800a6ac92bdaaa06fae33a033abdc0b42b836801080f61825c54e95c51e8f3cffa387aa88ca6f754a5d3333d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab99FF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9AAF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1700-1-0x0000000000240000-0x0000000000242000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1700-0-0x0000000039AA0000-0x0000000039B15000-memory.dmp

    Filesize

    468KB

    Download