Overview

overview

8

Static

static

1

0353871dae...18.dll

windows7-x64

8

0353871dae...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0353871daee0ec99643055837b8d48fe_JaffaCakes118.dll

  • Size

    204KB

  • MD5

    0353871daee0ec99643055837b8d48fe

  • SHA1

    592925ded3a302c833628055fba0b9265a5c693e

  • SHA256

    d492b2e481db1161344dc61215ba9078d041caf2e36d6b130d4decfcacd984de

  • SHA512

    af541a0a6825ab42993fd0d3eb7ce7cc9f14ff055569802a2c894c4c34378562ecd4f6d11f6346ee4d2ea05e2caa49419a3101cdb4abad47fb067bb8aefeed0c

  • SSDEEP

    3072:5EHoq7ox0HVMaJzvskxu2QnDqnZAn7jniSmj33iML0vPfBOj2hE0ScLXUh0nCpr4:iDDpxanDqZAn7KHFYvBOihEeLX/nJ/r

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0353871daee0ec99643055837b8d48fe_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0353871daee0ec99643055837b8d48fe_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1956
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2240
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2636
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2476
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48a7a9dfb1d347e9537340feebc62320

    SHA1

    a03a8ecbd88171009a95797a197a102e7fcf4385

    SHA256

    2d43733feab130f457b286399c7155cf09fd389f1b29338241f717e79e8f75f4

    SHA512

    1f418e7b3650e967f79518c169bd5b42abb80d240b658655c37af04716af6c6b5e3d676b8bf30cb36729f40c4613b4701d342ff8e78e28a457bbf201d6efda38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bfc7c5040691904ff293e5c739293aa

    SHA1

    f73668dcd81e1016842212e8f10858b9caef74ab

    SHA256

    e758ee02aba987226d90f49e039481b33322d51771c0806b2c77b744a778f4e2

    SHA512

    cd6c892c6753ee2114c68f1b16929cc824235432bda46348af5413211ecfdf31ef7ad1ab76017011299c72bdb3cb4b3b00a7ce283db64f0e022decf9a49131ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61c76e5e423646aa64248cbd1eb9163c

    SHA1

    59418a03fa2698b0e155c632c16942405d7390ed

    SHA256

    96ed024cb7aaf103c54e0be04ce95ea0a4263e491bd512710ecda761b1b14035

    SHA512

    07c3c22772679873ec92049a03ffade9a7778c9c58ad7545b175dac32e0482a0825bbee00f0550a000d6c51960e1b3d3dc89d5c87cf472b78fc7fea01808087a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b006b4e530c35ddb6d97d23ea5b7b73

    SHA1

    684581bac3d2a2f7bfe4e6060116e81ccb49d246

    SHA256

    a1df6959b70274772723302a29633a2deaab9573422437a510a8a3031eb3fa2d

    SHA512

    b34281d9a86493cb3a95abfa9385f38b319ef1d52073932f2cf3e4c2e37d8a44c68d0480954553d372f6e58631de8ce5fa65e4e81e7ab45dcc243ed93eb4a27c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47c284585eaa66b22a1fb2cdc93df814

    SHA1

    6174e370de897be7cccddf00f9efe3b72602bbe8

    SHA256

    7b5789a810261514cc2ba9ec1e9456522e59bf7eff9753243be953afa75932e7

    SHA512

    a8ddd6368f4f25d9cf5b0f82b8711a5e34fd31d3f7722e7f8e4cf306fc593b19cf50df7dffba7d85580f4b2ebe4dc8be2fd9b28c25e36449b5d010ba46e56363

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0f5c257681e5e3e7bf82f99b1875301

    SHA1

    079f12446a723004ca7564a2a9f38cc46d9042ad

    SHA256

    d7759113b954d0ab5b3b71e784e1887cbdb38a03284266c55125679a7f64376c

    SHA512

    11945e61aaa4fe94d2052262d2d19e7a137c627f6409e5a64ab217fe84d1e3d1a6912a13cbe72b1d4464179dc4398ee72c5de2114287a871a9a31b97aff67b2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd039a75b686ba4453f24db760c6623e

    SHA1

    a478addab7bec43d3975a7656e83a0e84d066ea9

    SHA256

    4b09a8e3d8976535b94d418fdd828e246e285d8aaa0a9a7c8547f73aea1fc818

    SHA512

    9d82fca5c3ba2b03c73298d08cac99db471d6ad37b916d421d32946bbcb55e3c6781fd87c2d0f6aa2364014aae96bf0b44fe00d323d4ce862d16a684e27a48ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc9f5fa3febae031f863074d862813be

    SHA1

    38728a12e0d16c55dec9dd49059284cf4943930c

    SHA256

    dc27b15507b70dc1f39d7d36cf774d6f6837d2df3068d96663c4c82fe634334f

    SHA512

    5fe20753e5d14a8cc43f61b01c5012812b3776fafa74892b898f355c9ea3a226f4794d16f89b7d2fa6f30d5bf85100186254bff2a37241e4b76768758cf8d61d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecb4e510a07f0260f253285d27e5384c

    SHA1

    fbb5647f02cf60020bd81648b907e3b78c473d25

    SHA256

    f00aefe272313b6c9f1f2e05c69468a2cff23c2289be89e7edcee725ef88ffd5

    SHA512

    c26b22db233c15db4c5fe9ccfa7bcace74559f132d448a4dbd99cd6f061cfe160f5ad4f9a3a6284689f8a0d83532a06011268f06b7e857f10acf826d3795ebb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1d1b2e045e3b3fda203aaa69a76689a

    SHA1

    f2c93e696daf93dd3c45d9cc0f82619d66b3c216

    SHA256

    f9bf1facb6e7b6a8ada9ac544a34de4c08ac4f883a1cfac5beca8606d473aab9

    SHA512

    a010a738b29118b58ccc0103ad5f32463bc6f38659806c44b37b9ad260191d8565a2fe7cd3fee3ecd5fef0733f9938b3d286126d1a874b321e718a0d8187f898

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bce9d91a9fae7b8aa122f53baba563eb

    SHA1

    531dada29a30de47d66d464633855107235ac727

    SHA256

    c4a8e65e594134782c2418108fbc35ac23c9075e3d4be8a5fa1d561683798953

    SHA512

    94a941debcfaaea7a7a6645a1b9e934f5ba7ef2d4f83bc59f8e17f38d0297571c09891d7d28b48c64e281130fa771436409f1ddbe7e4d7a71a2ab11e55135449

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dc080037020ca42b98e517e1bb4ed80

    SHA1

    932e40dadc710344d4ce80a7ce8bd86573d3a648

    SHA256

    c2fda58fcfabee1966a411b3a853e0af97e5c457698b0ce7a9b38693e8d0ac40

    SHA512

    1fbaae6f6eb1db5213ca0caedbadf64c55ca68f6be34e9f7ad3e1d0dc5df391ea0329a886312eeaab2e9c7a58f3ce63ca79dba1fdc0e0cce08e7b9e3a742ccf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba0aee3abf3ca5320fcaa4526f4efc58

    SHA1

    3f6a61298eb765ae128e2376d8a25f3d9212ffce

    SHA256

    39f95ca8efdea85c493a7c1801df31f690fa18c4be4e377f14eaf0345bad6f44

    SHA512

    a0064770584c6268aa2cd23d84e135b5ab6c2ea9c6731331f620acd3a78bae54393be80257676fbe92c0baa2b0dcbbc315f5bd36dbc444d3a0412be9e05f3813

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8549e356890c88f0639a5ca5c598e77

    SHA1

    aa184b74f5adfa6c3ddc3316c3b4a201af9d099f

    SHA256

    bcee13acb390470c329fb78e8fca0eb409bd070fbc225b4bdf55700140f9f1b2

    SHA512

    1523102291f2e2a2c6c392e852ccdd0d7e96983947b81d08dbc0a2489be3d61f15d0ecd3457c0b6e5e5ad62da323a66ed9ca5b75ce1832001ffe798e34340b1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed56327982f0044a0fd3a496652dc37f

    SHA1

    38fe6f49b2742809c70bc3c9a6b1ccb17a3edb24

    SHA256

    61f99b6a709ffb92d7547e62551b00a0ebdebe035559efd25e957ff8647310d3

    SHA512

    f75f13531f6afc90458adeedc2742a6a03b14df51f9ef5d17a5bb83c90215b19ae83472aeff690e084139a228aa5eb135bae2db270b2a54bc44cb637a1711830

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    305903a702f6373b8de815c9f7da78a7

    SHA1

    5b635e134e82d105461fcb4c733b49969e1edcd2

    SHA256

    1fbf0961578fa671f6eed5041abf621226bdd23d51fe0629a1f861cb97ae7c42

    SHA512

    a5e8d9c31cdbb1a5b7d0c9b65d76d3b3f66f0f12cb40e9b443ac0f59ed06e631f3c6df3827d28c350e894ecc6f8a757097ebd6c7fe52c49d49281aec8604581c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    562dfa161d12401efa8416a4fde43805

    SHA1

    d45e20295ab968183fd3bfcb17f5d50e961866a8

    SHA256

    eb6161397bd49a535e21e6805a48fb06fcc75cf4b01f063990d856d78f9ef5e7

    SHA512

    e8a8cb47b3cf5139a29cdcce17cb4f8cbc5ae578a3e3ee6eb524055f94a3c13a6ceab2c8756d1c36b91cb5f60899e32f2aad9d3b3c511ae14bac9d537003a920

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3cd72f421a71b422c7c6d48fb131f60

    SHA1

    d782bc8a501473f90e62deef327ed1c988ec0288

    SHA256

    4ac0ac83a6180ef454c7107db0b48a292ecb4a91d43071abfc7de5cd1ecef028

    SHA512

    2e8a29f9e6b57616c299158f388fcf5af6a151ad39e39caae4230d7fc441665efc7a2f6b00ca9b8ce19191c9fa241916f0d078a357f5d82108eb9f08b5d1e418

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4af2bc3a2165ab3232ebcd5850ecd338

    SHA1

    efb435e7c1526e8b1cd93498c53ed2ace79dcd14

    SHA256

    92ef1545899e958b6d41f5833bf457e44c2b3d7443db740a308a8cc7744506a1

    SHA512

    a973d9711b07751a992858bcb149d60b1e23ff3c33da47d259410545abc32551d13e3337d8adadab877c2d8c6a62d3ccb629c6602de4257ba416cc78417edfe0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6F88.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7027.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1952-11-0x0000000003D90000-0x0000000003DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2240-13-0x0000000001F00000-0x0000000001F31000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2240-14-0x0000000001F00000-0x0000000001F31000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2240-12-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-17-0x0000000001F00000-0x0000000001F31000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2240-16-0x0000000001F00000-0x0000000001F31000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2240-15-0x00000000002F0000-0x00000000002F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2520-21-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2520-20-0x0000000000270000-0x00000000002A6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2520-19-0x00000000001F0000-0x0000000000221000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2520-0-0x00000000001F0000-0x0000000000221000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2520-5-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2520-7-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2520-9-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2520-4-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2520-2-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2520-1-0x0000000000270000-0x00000000002A6000-memory.dmp

    Filesize

    216KB

    Download