Overview

overview

8

Static

static

7

00c03e4702...18.dll

windows7-x64

8

00c03e4702...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    30-09-2024 10:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00c03e47023be97861f53b0a05d1c0c8_JaffaCakes118.dll

  • Size

    169KB

  • MD5

    00c03e47023be97861f53b0a05d1c0c8

  • SHA1

    beec15af2efd5a34f67c967bb01fc70189e44c60

  • SHA256

    69abaa24e9ea9a4cae2fd32bbe4a48f5a658d7dbf59836e2b08122a5e3219975

  • SHA512

    a198b3d23c3b57ab9a27c5c027eb0f9c6115c557a6c9e4719bcee0a270c98c0ff31f1b86b03096bdde370a60de9370ef379a85704b91a0ce95017d13a9c35f94

  • SSDEEP

    3072:CPpVP0+JNTqGK56qcZROzUu13O81SgOQC7DapZvMhLAwaEEL6fvehfJiy3:qPFTdqcnSPRdOTWDiLtlehBiy

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\00c03e47023be97861f53b0a05d1c0c8_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\00c03e47023be97861f53b0a05d1c0c8_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1540
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1300
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1216
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:612
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2176
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3cfc6d4f9b8828d31347032e5227649d

    SHA1

    20b1cd8894969b9062068ff1a78d44cd1b9c3e0f

    SHA256

    96a0ad57b2b3bf81452119014e916d8e41596ce289a74d58da5e4ecf79416686

    SHA512

    a6fc255e983d0050481ae8076945baa85a06621e71f90af5aa235cb4c21414e615c944f4e40fb9c5fec2a09942c1e3321c8f860dcedd0dead673aa81ff922b50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f40e77d15fbfbdc9ae5ed898980ab617

    SHA1

    71f4df0040dd32195e539b7fffabc45813a2247b

    SHA256

    8ee32dc494936c54714c71d783ac113052c3e72cabc6e9471cb4c80df0602878

    SHA512

    b5e3aefbff8517a9d9e5eb8cbd5c497de11c36198978c22bc3fb6481153f154d476df2804b42d66c88674394acfa038b8c3e7ec2c02dc790518ed7662bd93e12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47b4736d0360f3ffa01e435390617448

    SHA1

    aa1273a2325572805bfc71ef291d8e3374819160

    SHA256

    39121ed26ceb3f686d0609d83d1a54a37fcc595b0d9de174f2daaf277876914a

    SHA512

    86fc1edd528a76f8c081f5acae97bba41d19b3c783e977955e664fdb2f3e765e5ff941e96dbd8029c7d00a10bd055964098ff085cfcdcd0fa2dfd09f9e1ebcff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74c8ca5415b216568cbf308451227bf6

    SHA1

    0b1193586892eb7cfbade753135c6f3e3bd53988

    SHA256

    660e989392a3e78dccd15d2dfd7325159cc82bdb578803ae4ad3a14f59d7d76f

    SHA512

    da03ec4ee40956758ea31a4334a0e3f392be7eaf796c534c732f2e50efdbc99fa27d13757aef39d55f1aa0f6ff9a454f748cc90c8d82c5fd1d27bc3e5214f7b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5abf408c2061ce7ffafcfb4da3027197

    SHA1

    c525eb0d5767742a711555eb3c0e83233331dea9

    SHA256

    06b0a0411b831060012075fe4d04257009763cfaa59ddd0633b2d24aba26e178

    SHA512

    4e6abe2dc2892fd1d2205a149501d37988e888ad1cd42a50c7f61ab9a8bedf9e2938e17c504ff81d8a6dbe2ce10c7be73d0306958bc1fbe669c3dc3c7dc2c30a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b34011bf2d9ce7fb4666881b60bc2ee

    SHA1

    9f24d6a401bc2921ccdcdc6406ef00103955adc0

    SHA256

    fa69f209c55ceda86f25b93ee00533ed2e24ce8f86f120809894cdbbf0a9b545

    SHA512

    2ebba71eca5cdc3da20580005cb87e7f9795d2200b9ebf8d9e4e21760aca6899f88a35818afb7881322df5da153c035d752be15137a138dee631aef25491fd10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12511d48418293a6094d70cb2de0af84

    SHA1

    633474349e31ce0a15e3180dde1b9f3dc5686ca6

    SHA256

    4d5f7173a30345113c030145d80157d6971811164f59eda7982ea957037f50d7

    SHA512

    5e15634c0e570e3cc3f93092470bf230767c85312c1143025ec17cba5b0158750f40c0bdba998368d75642735f2a036e05994ace252580bdbd17c3161fef6be4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12e689c0c433786f3763eba23efd119f

    SHA1

    eba00a50422b2955bdd53de780cc3778c1bc5369

    SHA256

    64f38f967d4219c5b25aca7e7b991579f3dee3735014172770b316f60c352744

    SHA512

    a88be4bd8695dd8979ecb7ab692b25322a2ecf85b1ebb4c8bb04a1df0c02ce5b824fd1197f57b1e87cada52056c573d8cae4be3bf70bf77869d5279122fdc8f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e8d7486d7ad725d8db1d9645aba8667

    SHA1

    4f203adccc83a9f3485fabad41d54ea07decd74d

    SHA256

    d459b9abaa3f41e01e03f7693fd01cf64392bb88b253b08eb27dd7be2e0c3eab

    SHA512

    5a5d5e53dacffb78acf207eef32c5a077f5c453dd0628cb75ed1487deb84c09199134b6ec970e4cf026de3cce718604b8d55555634465573382f9f515130875d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aca47c76e28a80b52e1df7a3bfd23023

    SHA1

    c7d2f17bc944e2bd6a79addf03f7032417bb8ea4

    SHA256

    997eded7786280acae8109ca27d2c65e1aa9a8b379a353df58f41adaa02f2a97

    SHA512

    619ecf85f552ce22e950e6d2896b74822aabfaf4113b89db71a97ede8effb397b79fa2eedf14792180cbd615167fc3ebfe2f2211183d5c156d2b2f16b5171569

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48f0e95b9a65d1e0650b88a4ac399d57

    SHA1

    be8cc6f22f900107bf74fb1782831a281563d952

    SHA256

    7bad9b221e5730d6cae7a559c68335323751e379606a47f3f9232a802ca0f7f3

    SHA512

    10656aec477084cd8f97dba3bc28afa677b87d3d8bfd75101d371641803156763cf42b4c642896a0468ac156e8b14f42f41faa444271a9527c636707fe52eca2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5d44edafb9d6c1dfadf4f3363e66d57

    SHA1

    1240cb677344628e78e4587687b3e919bf9dbff2

    SHA256

    17838f2f5eddc20c71d6ee6473baba354b7c17f8c33114f9fab5ca96f7dedb49

    SHA512

    0a27dcf21df1a1fc4b764a69749ac7ab58aee642b3e8acdd0c4734e3211b85e896ca612e5a2fe5cc4bcec0da750a1dd3d7a2d4dcb0f13ef0b6c8d038ed9e313c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8b25355cf05b483bd60225de8b590dd

    SHA1

    eaa5bc73ff42af6c0a2b1452af90d89013c2d5d3

    SHA256

    3381c29cd31a697dd7aaee38746c8f6299e94ab273c948ae6841fc77b01dc47c

    SHA512

    516f87812d55504e945a8e457a7d602aa4dcef60a5008d9e889c49e8f922735dd864e16a19e4e6854f8db3f64f8a085eedeed00663b5c263e0a572edb2d095d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48530ee18c7927e1d1d99eac6d4c4a73

    SHA1

    6c8fdd4f450d7dafdbeeb11c5e65e3241328bad5

    SHA256

    b6045c751cc5faf169757b61fbd0f19a48f6aa0b2d4ea7365339079dfe4939b9

    SHA512

    a848d13c4b1fa6e56b6babc93541a978273cd797cafbf4fc090edd293c4e25f688bb169c863a2d3df8d0fe2ebaa13b3fdf1038cea2f871d8a86d0e9b0e4a74f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e748e3173eb2333eb3f2ec77be211c35

    SHA1

    8cccf270ea1af6e68085b936bcb1fa0288c2490a

    SHA256

    23679c9dcdebe556460aa1c251b8d2d3468091a6525afae082534ebe92afb3e6

    SHA512

    1e0a1f3150e03040a0267e01f00a001a9cabc3476522a548cb2e9912984079301a6fc1bb08d973c1f0308e7038c0a2b478bdd0d660d6e3adc2df2b7c3205d129

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c9518481d0530067915e2e31ceaccf3

    SHA1

    1d0a45e42e1a132149b05699ffea7613d122addc

    SHA256

    6a504c6385d776eb82df91d65b253331b7707691af29c525d46dea3404ecb09c

    SHA512

    651ca2a2138fab0639acc36049eb0a0ce5bf970a018cd3524f97b333c2f7146f85f61f631fa8706150b26f260120d4b341a7e24713c5e84db8e4e37b0cad4ee2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a77b2eadb2e6aacd5a0e299fdf4844a

    SHA1

    c3aa384f2355f68e61f2c0f13f9a951ee89751a0

    SHA256

    ccb5dbd13f910d2115a116a146961df7478e55f3ece08d449dbbbd0061b7096a

    SHA512

    a4c0936324386e27444b53421daf0f3e3633d9a8b1ee66699fca243f2786764d335260a1e2c1280333224d11e4ea5a21b2853c9cff595359be75407acfaf268b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71851bc4735199dc304c6c65987b072a

    SHA1

    ccdee6a00f7444a60fc53a8ad872d065717cabd0

    SHA256

    8822406b756feef2884553c378b7e91a36b57dcc7b0e09a1b3be62415af4061a

    SHA512

    4b9b1e2e8efa7b5feb7520686c9570a08db20e5aa9a612280c6a30d6f97eaee6bee4acd8ea027feb6d80f9d2c71d3cec4a393e6db5281741b2ed8cd4c10abb1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b290bacdae026a4462d333b020a257be

    SHA1

    7481660ca1768c4ca97f536ce350110080fd3b5a

    SHA256

    d1183b5b87be569ac5d0568bc5dfd2ac57b625a94559b804fcc581a12e9c2066

    SHA512

    3161228c57ed6eca1be97aec84703ca267c0746fc4e7d00a119792411d7e5853c3632955dfc5cb9b572fb996f43a4ad8e277d0482380e0636e972128d8df4ac6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab77EF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7890.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/612-9-0x00000000002F0000-0x0000000000330000-memory.dmp

    Filesize

    256KB

    Download

  • memory/612-13-0x00000000002F0000-0x0000000000330000-memory.dmp

    Filesize

    256KB

    Download

  • memory/612-10-0x00000000002F0000-0x0000000000330000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1216-7-0x0000000000190000-0x00000000001D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1216-6-0x0000000000190000-0x00000000001D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1216-11-0x0000000000670000-0x0000000000672000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1216-5-0x0000000000140000-0x0000000000141000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1216-12-0x0000000000190000-0x00000000001D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1540-1-0x00000000000C0000-0x00000000000D5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1540-0-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1540-2-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2324-4-0x0000000003E10000-0x0000000003E20000-memory.dmp

    Filesize

    64KB

    Download