Overview

overview

3

Static

static

3

f65549dcde...18.dll

windows7-x64

3

f65549dcde...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 15:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f65549dcde84ac9bc1d496e6bfed2cf3_JaffaCakes118.dll

  • Size

    28KB

  • MD5

    f65549dcde84ac9bc1d496e6bfed2cf3

  • SHA1

    bdceccf605241902767bebc794f9a50d95f71f20

  • SHA256

    aa5e2b1c0cebfa0642ab569190b9b3f944d356839b0fb2a56fcdffc37d4e8a1a

  • SHA512

    10663144ed3192a1918954d33de44c5d4eff0f5978c3638cb75b42930e8f44109e9c3b04f71a687a33bfab091be07aec5ed0664d9dbdb3a17b09f6432a9bda21

  • SSDEEP

    384:dyhm4AjNeb2sh1UniV5wKuK1Hj1Ab55Caq1By6xkz3mhlpfxQ:0m4AjNeb2sh1UnirUKtc5CV1BZFD

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f65549dcde84ac9bc1d496e6bfed2cf3_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\f65549dcde84ac9bc1d496e6bfed2cf3_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2436
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2948

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5b38f4d240c86ef217bcc20a8a280507

          SHA1

          f0536914cbe195bccf47c3c84c84708502cd814a

          SHA256

          b8662ffc423c10c2be735523478b20d5cd505d36701a0bb6e4fabd3a76c61f95

          SHA512

          cbdeee2b24abd0e4965245313bb5cced75f62837f2f5132091c2a0e929fec67986dc1f74ef25213a1b616e1d40f1af6d4c714dbbfc7cccbfc7674a8a2b9d7d6e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fe218e581ae9c5cb5be3802e8e670a22

          SHA1

          4580f0402887de386b22062a97d696ffbd9aa622

          SHA256

          24a14a802d595f12899e3475b7aa0c2570d09640f8c3b0cdd3bc03a122d0d665

          SHA512

          e0f9da5d07f953d625ea2a4d55dc62dea54d732d5b05bc1a55333e8b1edcd5ceb6c2fbd2bc5152eed47d953431c0c03c8ff6ddea5f01fc25782c55a41d07d298

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e0ef8f3f1b6fc2497c89cbe53fe2563d

          SHA1

          5bf6a4c717c2622d653812dd1b815de750664048

          SHA256

          7b43a5adc1cb5f17eb01a0a1488beceb4aa9e51efc6f38ac65e001f5ba86185d

          SHA512

          28cd2e4d6b00cd8fbd9acd846bb36fd94aa53e70e5892c9d70835af1bcb9018e51bffd28e1c586caada7c4256ef795d019f0e6567f5d6c6b09c9aecfae512ddf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          04ff41ff6d30e2ea1eb3f8334401587f

          SHA1

          997956785932f6252d94c789357e7b4f78173a26

          SHA256

          d05a98254091730040ffdc906074d43dfe4011c5503ebc1b29dd852bfb0f0dc5

          SHA512

          30808563f55470afbed4d7881bd0ba0beb6bc1db65cfcc48dc54eaa70887bc3b2cc49cb1d6a4942cc91f0bf18af2826981a1a122c9437a34bcdcc58eab3fa72c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dcc62f35a403ab28be3bbc3279ae4433

          SHA1

          b98f3fe9727113a43e736846a22a14509a3962ce

          SHA256

          457428904ec9cfd8b4d66be55264a2d14870a7e6b6e8696e8ffa6901b0308a44

          SHA512

          bb5e2144d57069c0c235b3e2c0f77da18841e4a9c364b5297edd32e5acecfd7e1078580242c9c3146d0ca716bf40615f7f4221b5341a507640084891c4ceca6f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          310d3f20be747e31757cfe65a113c2e5

          SHA1

          264924a1c9c8e2ea374f6fdfb11ef31be8240e21

          SHA256

          2c67c13b176a61ed1d0078148c62ebb468b836074e766db94d6d0d9e6b33793a

          SHA512

          0497074ef1ee1a6eddacdccc6df551003c42af864be1ca9a60f872a48cdeef39216d210adee4a8b4b919bba7d9bbbaa8099c594610c904c7f09d45fc79bcdbd1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3d0931c38781954bb3767064ca3bb738

          SHA1

          805cc35b227f869b211215e2754a514c930b8984

          SHA256

          59b2eb847358ee9a121dd71d6d85d8e2346bba29e4f49d9c1a4c6c8cf411fa3b

          SHA512

          2101b8a56ce0769e2a717b57c043114525f741ea093c1426c563738c04bc2c39a24f4e9b81b8b1a3add540b15fa0534073333341247da994849612a0f744ecd0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b3ed439d7cdee52d72a4790fb3e8d4a8

          SHA1

          4e6dd639c0440828a8735ec28daf0ca2f83eebae

          SHA256

          5088a77cd9e3d54a9c9c8316808999bcac141b3ec23cff29d215a93adb83755d

          SHA512

          7beac5799bb9cc849af95874c64dfa8f027013089d131da4ad8125083140d7fe48209a51d7fefb9f3ca96a778389ac38fea48f7ec0f974fa5f7b00a3db3dbc36

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7a2732900d7e5edd48aea75aa616a1b9

          SHA1

          accbc99b963a0cf9121d25a434dfb265dbd21836

          SHA256

          384961d04ab741e3101b865b7dbc950f48ce67f89d240e141af19bf990fa2af2

          SHA512

          c046ffa693afd2b9ddeef59aacd94f52bfcad6ff25128907bbd612f6153f2e25fb498adec85b62fef7113943152be641b0cc759e9fa1fbbde3aacf7fc1271cb6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab7E35.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar7ED6.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2436-0-0x0000000000270000-0x0000000000272000-memory.dmp

          Filesize

          8KB

          Download