Overview

overview

7

Static

static

7

f4da6d25bc...18.dll

windows7-x64

6

f4da6d25bc...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 01:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4da6d25bc08697db50c08044afe3721_JaffaCakes118.dll

  • Size

    168KB

  • MD5

    f4da6d25bc08697db50c08044afe3721

  • SHA1

    7b33aee93b2075247716e36569f245409245dab9

  • SHA256

    741bc7288c5a66be6d6ffd9f2e66317099326b346073b8287735d2fac6aba85c

  • SHA512

    4961efe55d686be6f6741d125701e7612d0c4eebe9a036083d0b5dc9fc242ab9ca71fca3cb73e27bbcea6056a422e3caecac7ed77b0a8c929c3cb527697ab828

  • SSDEEP

    3072:pXTwrjsXj6WsUflJ/pZWcYv3k1z+wIzN9siNPKP119D43LcrO/L:RTUoXSUfJZWL+znIzNGWiL9iLWO

Score
6/10
adwarediscoverypersistencestealerupx

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f4da6d25bc08697db50c08044afe3721_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\f4da6d25bc08697db50c08044afe3721_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:1372
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    782ab608930455d9ccbb50db5fabf546

    SHA1

    396f8d392d859119f7f6f247af14b3517d325203

    SHA256

    215fc9d6a71a8d82129e7b39370b25cab24d469a10e9c4ae9dabee124ee0472f

    SHA512

    f6bd6a48fd9b99053176d8fca03a12faabf5e702490852d331a3ca6e5f502d313f589f2497c616bd8e4af5c61ad911fed7ddfcb510a1c5459385fad7a726abfb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    291ba12c02d6addef9699e641d1a6092

    SHA1

    7b032a7d77fe8a9193391b4d3a8a13cf610eda8c

    SHA256

    9f5f46f23baeceb326883a85b421c043fbd8d2936f67e3ef355d0c16d8c43b98

    SHA512

    d56b9739a8067de9b877752d4ac6af5616e57c5b2a70602f079a43569b57dd1d0f9e06b0f9209ffd5d5e89f269e44743f1b91d401ba5d3316218e0c5c77908b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f63eb905b154fff26ad778c9274e840e

    SHA1

    92446f95472ff9933ff0f48272dc63d619893db0

    SHA256

    781ca558c75d04dfddaab37e60ab4318761672e2db542b4bb5831d3340707254

    SHA512

    90fdd01411da07a827808982b5ba619b4ada4f3655f954d8b0f0195e8ddd377bc8461fc7caf18e869f1ebbe983e1da92c511421d728a7cd75cbe3ec6324598cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36dfa797cf7e63a3f505389d4c2234a7

    SHA1

    2d9f8961a1746f177964825a489363e46f05f215

    SHA256

    8aeebdfd89acf21a4842715ba40a0bad3af4b22e3110c70463db0f9f98e9a4a2

    SHA512

    6617936f15c5ca808e6cb6e90fbaddf75a94f952bc1cb58bb0d89ea39523fc6be5efc09c56fa73db95f2adec959b6d0549684daab2641f9ff6af1c9775387863

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31c702f191e6eb311e3f99843a8919a7

    SHA1

    f58a940923c191e1791b915aea659fb885791fbc

    SHA256

    dfbc85686aa3890f9831683d0047df46e202c806156a47b06aad532f8196fbde

    SHA512

    a57587645eff1cae9f526ca9ca072afabfd9b4ebad068b63f5e8d77c41d02594517dbd91a65005ef7a733d9a097f1b16f425b322387053820684467f1464bd3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1282c5508c2cd40d66d39fd80b302649

    SHA1

    6641365ba9e07f36bb19eabb00da4f619e86682f

    SHA256

    92d00a04c49ddd3dc4faa6d0f4a59d9291379da695687bb4f1c8aec4baf0e1f3

    SHA512

    ece5aa17e4aa6a4c55c302f73768b0f7fc66d95e303ba3585d68e6d9c02fc2b6462f81a18e06c52a68628a5b8d54edcef1124692a731818ff8abaccafc2ca7a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1840143b68426535b63a5a6f3a3220f7

    SHA1

    6caa5bc4e175fedd070a6aeb755421c548528e5c

    SHA256

    84c93a611bb4f0403e53afcd5927df7da789a0b4d71a33174d2af1ad438d6c8b

    SHA512

    d55854285f8ff469b1c328fa6d0b726808b2bbce69ca247e7b82635042c61a987791985105a4c27bdef6ec70bd5186ec24ec7c9de0d5985a7c085ca52990d3d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c130d85968a00636f315e0d19169b62

    SHA1

    3d12a5df7baab5e4702c9891c0a55c107412ea4e

    SHA256

    1352123ae76a31146be0ef77b5127995ea81d40581704aa40f7479296f51d8fa

    SHA512

    ed0b7bfaa94d1156453b628031547b6ea99f2c15623c48128359a14071824606bde95e5b4d45ee25590f0d63e6804b5b3d3b6a52cca458dc7c6946b4333897db

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDF0B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDF5C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1372-4-0x0000000039AA0000-0x0000000039B1D000-memory.dmp

    Filesize

    500KB

    Download

  • memory/1372-3-0x0000000039AA0000-0x0000000039B1D000-memory.dmp

    Filesize

    500KB

    Download

  • memory/1372-1-0x0000000000380000-0x0000000000382000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1372-0-0x0000000039AA0000-0x0000000039B1D000-memory.dmp

    Filesize

    500KB

    Download

  • memory/1372-438-0x0000000039AA0000-0x0000000039B1D000-memory.dmp

    Filesize

    500KB

    Download

  • memory/1372-439-0x0000000039AA0000-0x0000000039B1D000-memory.dmp

    Filesize

    500KB

    Download