Overview

overview

8

Static

static

1

eff6e34dc5...18.dll

windows7-x64

8

eff6e34dc5...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21-09-2024 14:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eff6e34dc515e22b188e2ae96ba0965e_JaffaCakes118.dll

  • Size

    207KB

  • MD5

    eff6e34dc515e22b188e2ae96ba0965e

  • SHA1

    0abe8c42de9f66d1ab806779867a8ac6e701a520

  • SHA256

    2735d4a34d561f33ddc85ac1e522703c6a793b99a59eecf0fe840b7f462c6795

  • SHA512

    20058a51b3a5c9fffafd430cd5993f21915f98cc4ce1d224f9818c5bca8eac34eee98cd73f44ffaf84fb02698d8e3aa6e50c9f842b7355b8c02e2e401eeca86c

  • SSDEEP

    3072:wFrhfIQeWZp7As+/PZuWDxb7w1+9VNsQNIV2cuLDulKXc6XQO7rCkwe4RRh9XxnQ:wvIQ1ZCsqxb7FhBqV2c6TX3CeonQ

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\eff6e34dc515e22b188e2ae96ba0965e_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\eff6e34dc515e22b188e2ae96ba0965e_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2376
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2040
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2600
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1012
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2696
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7ecd38663b4baffa1e010fc023a8ffd

    SHA1

    5445fb821d2b6e5c60afdf253c3b102cec0356c2

    SHA256

    111fea4329ea4ab729c77b5cff2e835533480f7d97af2431a647f15da6cc1055

    SHA512

    b74d09f6d1c31a67ff7b4f9751eee5e29ab39478ea1113405db99de6d1f6e433c187408e0cf187182d12d0e5e2d251e5d6ed8c6ee341970fe54b62525bed0fb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    228a23544f3f85c0403e858a7687c2d9

    SHA1

    f713f4b18ab482e2cb1d6a4999716084653ad9ec

    SHA256

    647acc059c02baba97f05f1da2c9c1408738edd070221d274c3f0d7dee818c64

    SHA512

    f82b6a176b1bef7d8b24791873e648c14e08c617c81ca8ef8d890a7c1da77e57601761a1b2b259648736e41898a4dd56d5080fa217995d28c13859cf1e818eb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ecddae4af053c3046202f6f5228da2c

    SHA1

    6287512799f442fc5127b07d915ad1512b8b76ef

    SHA256

    7576fe3e6c94637e8d02faf48dc901920e32f008030546709886838beaf63cd5

    SHA512

    97e26e5461db130e3d19a173c0d562b188949ce411459af9c187dddf19e83c534bef0490ef039686105ad82e697404e3f62dfeab3cd16bfaa4646c45975bd873

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    045806cd1fb1669b8b6ff4ae1a433d81

    SHA1

    610ef1361c6ae7d252652f9adc7dfd854ff504ce

    SHA256

    19ebc170e00dd47f34411b2efc304f620e1f7f76af2589f95cd2b974e362a5a3

    SHA512

    458a3834eab53243b8868ddf952c1e8bb038eb2f4d23e7cc8c25cc630625f9508c41ef8a0f44393949767cbfdeb46d3075a8305a1277f380266f2b6d31bb9407

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d31c613e0d1836bfd3d8d37527a13f5

    SHA1

    1932c2db55fbed4ba8fd2e877899879b2855ab75

    SHA256

    3bcb2194c01f002df5087c5206179cecc7a6c190a20ce24b72ee6abb8bd2a53f

    SHA512

    aabec0ae62f4aeaf318d3f422ae9973ea94696fe4fbec1c8f4a917d085084318a47011506dfe771bb18c7727fb7a9717c6888a4b9bafa68c6efc99898e2f377e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0279586c3c2b33ef6f12e24a0c7fe92

    SHA1

    da61a52a15de6a532db1586aa9d130f895b5948c

    SHA256

    f94b8c0d3db2f39ca0e9fac38363c04221f158d65f8edb556519d015e13557c0

    SHA512

    fc1bd8bfdaf7c5057651353c829d0f221c04b81c1de22154e4b401393ec43d6f0d8bfa82754d7ef964102f8137468f974eb07c61a6c8662997ce739efd2ed163

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff66f0eafc0ea0022143bac34035eabf

    SHA1

    8a083fb1667f71da291721c2c012ae64cc68b2e1

    SHA256

    c728663b255ef971f81f9c62501e83ae0a73940eee7f54f498d1f307244070db

    SHA512

    78b56285a92ea00e133ea177660ba683648fa95bc9add9a2c1c3b470215331f6c574c86366b0b9ffc53dce767a08beb4698cefd96549f40e2df92b0e0b8361c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbbc0b03ef4abdfe26dc55f6b6548cba

    SHA1

    a69fceb53a264dbd0e2fbc7a7364b83eea02f956

    SHA256

    7f7c8aa56a9f6371512185dd659f6cd6daf86b5a04d542c792b8e5be1d1c4f71

    SHA512

    34693650d865ea4900c8f460def8deaac82232b84272893f284fcc8b9311ca0ed19e63c3c52a51058c3763b920fd98a15568680b24c1304d894a510af7a7320e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea8ae5e4e0087d7b28a4c9bd1430525a

    SHA1

    a0d70b56ed7508d993f086690e3b56270af77367

    SHA256

    8c1b6ff25bb2d30195739e30c07371b5785f6ec7bc67e138644af710705485be

    SHA512

    0df83bb29ee1288e09234cbf5e9590265b37b5e8b7304143e972dfe687f78ff62529d2ac53bc0bbd290e14ecc1f88605e35fefebe7c67cc4b003c209c5b6721e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cd4ac3a78f1f3297acac72538b84752

    SHA1

    5bceed4f9150d56dfd8eda82bfcb074174d8ca6e

    SHA256

    3915d9b23218f778432ad8d768c7285e8dc7c5dbd362456e6a09da47c608ac86

    SHA512

    c20064ab3f8a67d8be6ad6f13a3f46dd3d1aee33c7c440f86aa7d43b06004e89a5f30daef65bc8710b10ae3000b5c3fe34d217b15ed051ba8f99b6584a453972

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    815fe18befde216d1134418248418c4a

    SHA1

    6dd7e7be283ef01c5366a0da4eb2116e95669f1e

    SHA256

    be1a511eb6adf9709931ff00e26235836ba7076f131fedab1445461f86c33ce9

    SHA512

    773c492e0f947367c8b4b9a452d904fb9dd92a59bdaff9fc1921bbc010da34777ed28ff4516f2241ccbd2457c149c7b03eac7c9be78326253fe5700c395555e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ab14f77c9d093115932d057259678ba

    SHA1

    7eca99a5e7edcd575e71d1b8a8884ae918c7652c

    SHA256

    b6f2185a768b900770212d5fe92811a6c43e568179f2d025f00abfcd9e2005e0

    SHA512

    11e14301f77393f4bd6823e6d1696fb3dbc9cd37e54cf66f421ba3ea1c92f2879d0e84b4c474415e532ed743d7704d500211135867f72d1eebd8d3a86a27c369

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e96ffd78deea392a710e786d0503f6e5

    SHA1

    a978238be8f2129dc57a5a33fd29de21d5e9754d

    SHA256

    b87e90b464b61aba8439d4775769bf981726deb9fb0ede71837f414553dbea11

    SHA512

    29dcf1a4e31f860495182b0a9be28addb62c01e8eaf66e6521f88fcabbeb95e34e09db703d6d76e2ba80eac3679377ce749a0443fb16a29f012591a66539d40e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    733b87e7309ffcdc9a22f13a74c2cbc3

    SHA1

    a7aba19b2aa671aef9dfdf2829bd363910118dbc

    SHA256

    6a799895150583d548e72cf12d9f8710f10b44e73e8ee3b22a71887c405ec540

    SHA512

    d82a198e18edbd5150486d1b25cfcb56c51bf86de986a2aca417244eb68be89a83e4a41452ff7bbce1272269768138718f11cf20ead2ad0244312123003c5ff5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    023207307c2830da1d792a493bf82672

    SHA1

    0c6fc967da9ce29fa89e20a9701ab9ce7038f5e7

    SHA256

    b24154554d26a828191b8b3fa180f82e5e81a39dab42c139d63d895f3f43387a

    SHA512

    b67caefa45fd2f8325b45e02fd8ff0c3093fc4012dd978e0cc1bd064179fa64c7e303594cae204269b33e7ffefd736923e6e468f52f7a6a058b636ec2e3d62d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a45ea2e7993a7750fc89da79fbe0f470

    SHA1

    2dc0bc9e313564667da021c3dd4316b9f6a94209

    SHA256

    538a4829eb62f7bc7ae791e225869468a681dd6ee097e5992108cfc9b444fb93

    SHA512

    478c5ae6a418d23df353f8744d78b2e939dacb3daa0b1b0e100da18d549696761addb1c44fdf87ddcb62b9650135c5f6d0a92e1ec689c7362a43552a3e1f323c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e29c89e75629cb73cf26f8c783846f3f

    SHA1

    408d6fa7e36b8d2d4c6e59acaf6ad9931566860d

    SHA256

    29b1870e2eb10865a44e240efa9f4642f54796e30f9e2f8667312058d409ea41

    SHA512

    af3546fa40ec191fe2c6ccf0e1d744dc8bdfc3db51ef973bd1ae243b5e154ecd9dc46186ebb05fe607c941c6e84fc23b234b53d4d9338fa4555d71abde36ee68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f84d5b8b9d85a0d5ca286a25855847d4

    SHA1

    91b0d3ade4de1a553a3b06a0942cac00c1769ea6

    SHA256

    f56e786a3a021c93588b73fe342fe43a643b51924d2cf5d5f65f63292eb7867f

    SHA512

    810c2e4de62c1e657d8b35d6c6bed9e65952c2513b08b2842f7fa103a008dd6d73ea0275046e14a28a938c2fcea1dfd73e25ed0ae7e4a0963193fac0f86a5e3a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8088.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8137.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1012-11-0x0000000003D90000-0x0000000003DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1732-7-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1732-19-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1732-2-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1732-0-0x00000000001E0000-0x0000000000211000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1732-1-0x0000000000270000-0x00000000002A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1732-3-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1732-5-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1732-9-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2040-16-0x0000000002F30000-0x0000000002F61000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2040-12-0x0000000000200000-0x0000000000201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-13-0x0000000002F30000-0x0000000002F61000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2040-14-0x0000000002F30000-0x0000000002F61000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2040-15-0x0000000000730000-0x0000000000732000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2040-17-0x0000000002F30000-0x0000000002F61000-memory.dmp

    Filesize

    196KB

    Download