Overview

overview

3

Static

static

3

fdc1425cf1...18.dll

windows7-x64

3

fdc1425cf1...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 03:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fdc1425cf1c7ef50f4df55b8bfb8624c_JaffaCakes118.dll

  • Size

    246KB

  • MD5

    fdc1425cf1c7ef50f4df55b8bfb8624c

  • SHA1

    7ef617e574ef4040473350540f32f9c4d16af447

  • SHA256

    105ff9eb7da64de4ff55224af14325ea061f369eb703d8001886062e37e046e9

  • SHA512

    01f7f4465c1930a519794f7389b94fccd6064c250782568b035819f1a16a14a1db210c115201361805a9c15887a623ccb72d4640a051854b1b9d714deef5f245

  • SSDEEP

    6144:o61UYo+ucD/XQAL0wQeeaQeeseQeesQeerBQeehQee9s3UVZl5iksYMHs:/1UYoXYzs3Y5MY

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fdc1425cf1c7ef50f4df55b8bfb8624c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fdc1425cf1c7ef50f4df55b8bfb8624c_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://ghesys.gamerzfun.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2828
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2684
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 432
        3⤵
        • Program crash
        PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff7a2ac0071a61c2a93eb86fa55c9cad

    SHA1

    8b57b49b3e5f8ad1089b1b70e38345552be41c07

    SHA256

    cced9066bac0aaad977b0db89de4dd3c63f3bd41310fc7a212952a137911e7d9

    SHA512

    80c423ae37440d41fb1edabf607c2f84fccc30675db5ac359776f2d5366ef1fba8b775e3659d588132cc3fbf412de7cba68690b3716e403d06abe323b6245820

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2655c2891beae92b34d2ed06b3ce2295

    SHA1

    c6609c6475b372282cfc8a46b327b2866b1614e3

    SHA256

    95718d7e68ca71fde66c1eef3587adadd4370750a79daac46c6bdd9e6b60f35b

    SHA512

    c6c6709d5f2b6ab4430522cdfb08b28a4dadaf6baa78129adb0dacd40db69374ea235320046e9f89edcc38fba7f941e0a9171365d6c0214447747020b3a6ed46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f47b2188e86d10e325a49aa6ade3156

    SHA1

    b3d5853fad4d288fd57f25d86952e104d5b46280

    SHA256

    4cf4d5dd4819023e76319351e27e4d93a6f9d5f51bbf18d653041e7b166f542b

    SHA512

    85a6f16c91eded62b5dc0e65dc510d726d96f13caaeb08bfeb077130e25fa492b7d53edb7fa948dacbb877cbce7df9a3b2ff7f6cfadb7a564c0d0156af9ee8f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79155502cee3d8e6507dd18983dcbf3a

    SHA1

    a2003aadfc7aa2a5234118757d61c4562aad752b

    SHA256

    7b9daad3a8379df48863fdf4ae4e24106899e7c8e61830f3198b9e98651aa0e0

    SHA512

    255e4787cefbae6e2aefbd3e19794ec1d934393fe2f0a101382d7511061d3010a722a2bda73ea265213ba64b9d99fd9189634e1354f039f0170e2dcd2bec86d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62860ef7ec9dd720b191134c3e912750

    SHA1

    cd16549399bac2c803a1c8e294cdcb9109ee5808

    SHA256

    7ee9299b986d8fcb3366a32e04b9044dc0db42acadde94b833eef735a7509585

    SHA512

    4d9ff57fa9dea6cdfae6053ec8aa753543df49a94bc30089bf7ba437ddfd5467ee5290e69d506aa79d485876083704c38385c06ed7646520b5b5a3f4e8f8e7d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5aa78105fc7e75227117b28b1355086a

    SHA1

    00de72cc064c22b1f0e95969198ddc1081892892

    SHA256

    1aff86bdd3b25e4192d3b236987df6c5d6281d56c648720c7da53e46f9610eaf

    SHA512

    9b9dbb299796ed686bfe4b5c53cceb5382fdf8b38aedda4bcbb2fec152eba9a19dfad17fe2351408f6da1a2876db8a6e401562f98ceecef0e4a90e6e0192afee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82038216261a413e663105673df468d9

    SHA1

    cea87c5e47f8d3ee2ab964a19af278b4b1bca8a8

    SHA256

    37c81ae9cc11704a0180dc769106065554243edbaac706ff51d6b1d80ec1ca57

    SHA512

    6f0a2f625fa87cf68f9f13d41c2763307cf2ac578354912031f651e4e710f1821988486fcabe799535d79023e711dee8551e83c25cc14546be9e05bb3ff372f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ec1171c8266dcd292f7de11a4a4f409

    SHA1

    f80bb48bdbc1e2ee411d488f6f6e303fc917091f

    SHA256

    13901eece41534c9454a4efdd1c33c96bd7dcc5f705b179f3b7cab0b2e601822

    SHA512

    068cc47d563161c786322954ee567cbd68eedd2a5a4208c250563e0501ecaa21f56ae13138aad3b096bbb07534f62405a10440d8c2ceca0236c39c89eb325856

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fff4692477f3fc629a341c8b149b9683

    SHA1

    e237c6121b95b8ed961db769fb82ed692437b033

    SHA256

    cd54dab5fe5cd4646943409a172c1b4561d59007fefaa9507ad46ff61839b9a6

    SHA512

    3e5ccb634a83cc44cef38972c7b47315d0afe946cc866ac8e8596762670faa5bed86abbc7cf4a3a706e363bd36d51cbcd4597bf05890ae62b9a1f0e5487f2ebe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a0c2af2405c14fa973797af1d21b496

    SHA1

    0aa4150bc1aa98651d3f98bdc690923e5dabe8dc

    SHA256

    434704074aeff0d7abf989492aaa532c7a0a278a6734ccdf733a0fa731ed44e2

    SHA512

    c7a42f678594155b6c47f34a268b26bdd9069997507d8d4c65dcaddec4faca638c18ad39563d15ed5ef39e1a40c56e727097d98105a62d935730e8addce0af27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5016d21c8f09b16b26f3d4802cf29976

    SHA1

    77e88fd88739f09ca6cf555f3ae51df9609d8890

    SHA256

    5c867dc38479efe8f31bbe9ce195c71e1d8e18124fbfaee1b196d0ae83dd8007

    SHA512

    689a222a1fb4ec313ce7b9e508df72f54c4f257dc1c9e66d7b052b358be3a1741aa300c92eea7b9ef4598b1c87866a0cc78f3f54a056978e3afaa89b85929fca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14c0aee706d2fba229a3565be4164956

    SHA1

    f4d257b00c5dca3cf6cbebce2640e70db21a09ae

    SHA256

    2334ff9bba2a7c4e942085ab23ae98b8d321676f810ca3e9c117b621a5f02f2c

    SHA512

    a48e8cf0f94dce39bbb9573120bf64628b7aab438d4ad379ea9700723032310fefec32f35e97db77f6cccaf87f5a3e21e6a709f0ba4a31362a5d7c0a7859c262

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e43c93c0db9e17fc3543fb3496edc82f

    SHA1

    b102b7b20a89d5213d8ae38462a29263ff57540b

    SHA256

    f217d551aa9f0d874b7279b52484d5f8cab24545fdd32184e90e2b973c4172d1

    SHA512

    cfbedf5cc1acfaf59405d0cc1a526ac7eab4dceb9ed8278f98a8702fd9f2a424ad08ecf8bcb3be9cd3c70ed828388c95b18059bac259f7ffbb840b832e7f61c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f56746cbd98321acea1aba8e132346f7

    SHA1

    91d57802c1ab0a3811db2646024c62eec671dcf9

    SHA256

    2acc41996b0055bcc678fd1a35e18d16b35e91de0e50b87637dea573fb3b4dd3

    SHA512

    5779bb4e44ec5c618fae96db8eff55707decc1455995ee0ca3b082e37a432ad1a840669d5caca9f74cb4e3d8f577e3710c9c0e46460379b7a653053147ab7611

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9dc63ea4bbe5e7ab4ed2c9869f914038

    SHA1

    32c3ed17f3d2182e54c65dc72b2ea2f0da05d9b6

    SHA256

    b1fa4773269adc2a024981b5377fae1358e894f877e9d9037717b7f8a01851d5

    SHA512

    11ac567abc4989533b6e438fe880313da9ff984b892bb26e66590608bc87e0a60bdc992e92f61ec9a5ebd635890d839e12e8d8bc207ffe3509c852e26fdc0725

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7eefa3bb7658b2e68d9a00c38d4575c3

    SHA1

    50a69e80776936d9f0bc281de02ac35cf5444c69

    SHA256

    ee2c9f13719f09cdd095f9ccd743fde7f4d23cdb219a4af177cb90fe9aa0bdcc

    SHA512

    c396dd901f4de107923795e9fdb980c46bb03aa9ef6eaf644b2f440236b94349e16f20f9ecf8a88c1c9ca0eb9b67c6e9574e61f8b35d4ddab9bbb80eb0178b33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97c1547d24758c0fe21ae21a326c3852

    SHA1

    2169bd07f40ede3dc49ca6d957289dc6814cf2d0

    SHA256

    c577e49b71f78a263570e1b6a92d466ed5f003811cbf12cb8b20f9f1ec1f0b36

    SHA512

    9714a8503af71dc19805579a7f868ea7e7cf1f40627ec70f6218660c5582f1f423dfe0aa7f2781a84dbaa70dcec0ef1e6496da871b014ad68cc9c1c0009363ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b8a2692b93ad6cadd93752f119b9f82

    SHA1

    5704a2b1279a04305ebd462aa9108d9360f62842

    SHA256

    7c0399de4281333a4e7228b3128256e4c2ab450f2ed2402eefe7b98f1641189b

    SHA512

    690e3786ff5e150342f267ed9b2ce8ef2d62b5428d5e0925b20b292e44c75bdcf0f5c131194f6afbad646263e1d20a50eefc0ecdb232d76381e67f773067da11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d94e472d2c27265cccb04fb5c91178bf

    SHA1

    dbb20ac4a53d320452aa5719d87befdcd10b5cbe

    SHA256

    07022adf9412a6b4fcd01f0bfc49ad2691ad418d56eda16386058691a26fb05f

    SHA512

    23f61b4353cdfc8a09586a6d577a41c789ffaa836c9880a85358cd3d1cee226ec9081147a6dedc515f330a99c07bcf8262ade2f51a62e7cf5f53807204b4a024

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26a8f58d01c7e44eda200d7e64fb3bd1

    SHA1

    9b92b1a95dd7378d117a768698cd77c506410c9a

    SHA256

    089987f4ef7f190daaff602a368e313be0a88b374d99246d9314c6c73de5f210

    SHA512

    ad8017d7660af1aeeb6aab662a42f8089a76f800a800dd8eb79376c84f0e5392c665ae0f479a1b81fb7fe1bf45eeb6ff07af8f5ac817766a304fb41f0a66cd2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58be865e6368dee10594220a9342b5a8

    SHA1

    3b8f425cfeffc9eadb541d513e0bea1713867435

    SHA256

    88a032df0d7c875849c0127ded235b1307c5515c6a531e59aa952679a75bf4e5

    SHA512

    918c5aac8b9818176240387ff0ae3617f369fdadfaa4f224503573ab76080c101d0fc3168ed5064314058e14269b139004b3446dd439d27ac8f43957ed52992c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBC7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC18.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit