Overview

overview

8

Static

static

3

10d46692ed...18.dll

windows7-x64

8

10d46692ed...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 22:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    10d46692edea0615f62bf3df0b33ee1c_JaffaCakes118.dll

  • Size

    173KB

  • MD5

    10d46692edea0615f62bf3df0b33ee1c

  • SHA1

    daf99b6c48d17fe3c6ac5d743a72f98881f411e3

  • SHA256

    65b4b9ad7e2b51c99fc8d17ac3f6be7e991f44527d793acc5890ecee8c63608c

  • SHA512

    3db74d5198181bdf027c325c6a81404825cbbcd3156e51873494d3eb66f8d861b081a85d4f829de355fb3df0ddb491c55d86974e9c00a9f95caf8db2d320aeaa

  • SSDEEP

    3072:6LPd3fzjhqbihE2FcO7Ws8/EhRnaBbjV0s0nMAx9wnlPsDo3N9aSiGej:ePNfkB2o/Ek8ilayN9aG

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\10d46692edea0615f62bf3df0b33ee1c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\10d46692edea0615f62bf3df0b33ee1c_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3068
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2728
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2760
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2432
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2744
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2620

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e002b377bb64f379060f88942b67fc60

          SHA1

          b1d034861f4d9ff8d5e202fdeb98adc6030b6ffe

          SHA256

          248b7d5c301a1603f211a027616fd77c215e3bbfa5645a092f2961fc31956d35

          SHA512

          a3b5267accdf9afc06e89acca773a862491055340db30d724d3155c3036481912bf95e7a2ab05d9ce750bb259bd68a10586a98abec0eb255e890a20a999d9ea3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a338120c18a376af1c8bea6660ce0438

          SHA1

          9b86da0acd3e35f1a23801b38aa48e09a22157b8

          SHA256

          c33583216422336c59fb91419ca46aa2d253d0e5338ac19007266da0f01eb194

          SHA512

          57afe83e60e0554e663e3284dab1d1c2c69defeead2165f6f8d776976d1b8973357ee33c5ff0c1ee3ffdcc2d1aa363cc8d698c4315189b65f7be437595826007

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a2665779d87bc57cfad2e72416d11b1e

          SHA1

          21a464c3e2a8e6df6da97c5aecb919864fb6e026

          SHA256

          29aa8225b4c96d994040e3ee8e3eff63b6d57a3d5832926796767fd6faf81a74

          SHA512

          772e9e1f6df42c51557f0d98355453a7e78cfb53981b1bd6951e491d6a4c5b27b752fab785e0cb1002302eea693023aadaa57953f6f1b653733bdd6e33bf8080

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c168b64e9e0f8228caa8e115b036b6f8

          SHA1

          38dda7ded5775e0c10b2df96eeba27d0a7535a58

          SHA256

          52a33e06fe4ba1a6a02ca8b5feca8845d5060a5c00752cc29f255f8334d4abb0

          SHA512

          d1aa762bee69ad9ced34bdace0ada7358a98dd549c420b407a0cb128285624d935a861ac642892bd24ec36e16c5966f9676bb6d308709969d0c9c0f44941bc1b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a2e3045d6286a72961e025ec473bd5c6

          SHA1

          862b74ad204f1e847b8a76527e63e2609371d2c7

          SHA256

          4b6ce8bf2a9a410ca46b98659526d7837866b6ad21eaa6e4161f13ca73e33791

          SHA512

          fdd9ac86d3a19f72afe67f0e62d3f09bb72106b64e3f9dc4db6043fbed4560f16e49dc29af8569c78a6dcb001f3fb340b5983da979d8a0e1b848e37eb5e71f46

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ea5b68e15577706f6beeba61058e6954

          SHA1

          24638b308d7e6ceb255b562c332cd7d5c3c5671e

          SHA256

          556602feb6e47214bec05455addb73b43079b67851ceb2db0ef522150d183554

          SHA512

          2d1da0ff3070fd25e4e1085262dbd923d02f5e95a28daa3f1f63939fa99c236d0ca408835564c05c64f8f4ab42857e70685d6e34fa06b625fd34a367c48d8c4f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6d948bace98ba9c16d4fc7b9e8b367f4

          SHA1

          91fa87a9bb6366e108a78b6d09293f48e778b004

          SHA256

          26f4fe8a0412e0f72ca2426088844216249450655bc3047060966317771ecd1f

          SHA512

          2ed0bf782bcb5d09316c36ceac938fefb15d724abfa6230ace00d854b819777eac4c73d6f30ff7029e8b3fad2798d8cab4fe75fdee2fa60d0916247df785e2ee

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa77db4233f6f5a4dbcb0b950cbb899f

          SHA1

          04bae3b8a326e083545093fe2401c3319ba3b2f8

          SHA256

          6258839f77a5ed069a2a298fcd9f0455e0d4b5e77ddda622c49004f3a03dac16

          SHA512

          43a19a3617f623a04dff98d5c564622c919dfa60ae1820c2e81c5c0f05c20a59e8886e4e3b786252960699b214a0ec8e634ecda780eb1770b7d99269ef012ac1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e9811d0eb6d87ac40e07348b4619fa08

          SHA1

          d04096d1fa8e0ef09a4c2981a31f22627a43865e

          SHA256

          f7f007d1005dbae8525b0fa01fa986e92850746ce566e798635985fa6e1d9801

          SHA512

          287dd47497f2a09110ff388c5129e31a673b514207a5c2ff1d8de32dba44a9ec92b7bb99ddeee15e1047b2d0205656e8abf856fdaa5bd372f0b6b77bce579573

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          00c41994776c1e55bc8260593d28c725

          SHA1

          866c6e91f74d21195572b98ca06e552dd0da17e1

          SHA256

          cfebb47f1b9215c6b9ec0a0e3dabca8c446e3de14b1d0a8b648cb126e8bab6bf

          SHA512

          1d8469469d355c2fff266ecd39e39c9f9ca3fcad8c588d3963569e37f235859136ec354405caeb421ae84be0b18814b99f02c027e90c1da5d064eed414181a2b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a424c1575af64242f4a29233f17ec84f

          SHA1

          97244fff6ae0e40da4fe6cd0760bb4208c83ba0b

          SHA256

          ac46c661875c80c9dab302352c53aa4fd9ada4c9ccd94bacce1cd663ea062432

          SHA512

          c25afbc729a86e7cac3cc5479567bbe1036f5f6bde0acb74f28aff1d81442a8ded610c1cd6ec35df11275bd2faf74c2d1ab5f74281b278ecc2708d3798ad74a3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          56ed6b41f2db5b178b955bbab0712511

          SHA1

          bca341a9f516e8bd7a65932d05f99a61869cb207

          SHA256

          f72b6998c72324552d362d1984e190b200e4d5a1504bcbd6cfb83a22aac12648

          SHA512

          65260c6d3ec1f6ec1b3cbf8ec1b4e95f996b711442b302fc88845e9b459142f458b37994dfc2b6b57c301ed193985183816a38042c3655924478e2f4ccde41e0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4e16b4dbe0e28eb9747e8706324c6268

          SHA1

          969270a40312b8f1ac41b8e1818b1fbc33872fd6

          SHA256

          be43ac2c5491dfdfe6cb97856d1fc6c23aff919ef45821d286f71b5fa98f520c

          SHA512

          e88c3ecdcc7a18427fd0d96873599060d64855e503a8e882443c1ee094d27fb3f324fe95555a5ca7255a9ea73f149a693079a2d41c4c682234fb816eb02ecdf3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4415b6f53eda006877758191154cce1a

          SHA1

          298366983f3f13c8aca4787941218d949b969f9d

          SHA256

          43cb6e6a663f480df3904d6dfc9e1b3a05df6ab7d54b3e1a32b039a6bd55fa91

          SHA512

          aa61ab8b55eb7c30cf52258f6ec53902e14c3bf859a67a8caf5d1fbca69e29729af92a0916713cfaade38b464ec4493dedfa7e1f2a7d28037f0fe467be547c72

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          05adc245907d097a5d796b7f281bc729

          SHA1

          1e33fdf087076a4fe15d622e7f09fb37bca624a4

          SHA256

          216729db203cc23aecaddad019cd0cd479d47e114f31f56f2a79d2723f5fbbae

          SHA512

          0c4ff8976f765315dcd06ed37379de1c741f745a500f19b8ca2ada63e00b56f200d86f9ff552f5585225bf8e4ba627bbe800a74d1a976b95eff0e4dc00a51746

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          46b25032fc19aa7fc9e7d8ec4fbb6650

          SHA1

          086c29aa767d643078673f08b9bb469988336d95

          SHA256

          98ea965be42e02f5f77cfb56d6f2f158b0c6f93e2fbff57067febf3f0725342a

          SHA512

          654688ebe4d7a0e9bc56659ff00b595ce93793437ce61a11ca3957a40515e31cad140de51bb918c2f96d4477f0cd6d7509a5430080eacbb476ea6bc0f88b1de3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e8029cb17e780d2cda633273ef70e0b3

          SHA1

          557625f053f9440892be19345f0a5dc746ee4dde

          SHA256

          919d8e8167184bf3ef548e72a8aae64a9827500b020aeea870d2f6bac64fbae2

          SHA512

          124bab3450f16591f90139bb964bcdd33600939e2c9e6c68dba87119ccc888cd0e7be262871439664a52e5fbb71aaddbef26bc63e0cd638b6ff97a2e51848dfe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7dccc9de741cea0a671a2791b6ec52bb

          SHA1

          ecfd5f2b086e0023ee571a59ecbb49480c8bb751

          SHA256

          5b983f3b57dd0626f0fd948c3f4bbb68bf908b0ccef5afed07f753e6e3ee08c2

          SHA512

          0bd2738c462fbd7a37a5200d0fad1b2e37189c5573e553ec125a02e860e7c8187a7ad458bb446156910d2fefe95ac7363f198b4f6080a4a03759b4daa83e061d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          72d277d8f06758a5acbee540ec1d61d7

          SHA1

          9570d2501eb8e5da437fbff0c135933fde809791

          SHA256

          372321cec227105687ed1ce0bd0f0c9749065c773b1fd11ca72c696c98d86095

          SHA512

          16804bda720ac7f078a6eef017dbe3392dddcd638a20d979e3352f6c527d513c5bbb85a7c42e314092dcfab0867dd5acf968ec4f45193eb4bd6fe3a954f18592

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabA170.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarA20F.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2432-440-0x0000000000400000-0x0000000000432000-memory.dmp

          Filesize

          200KB

          Download

        • memory/2760-439-0x00000000002C0000-0x00000000002F2000-memory.dmp

          Filesize

          200KB

          Download

        • memory/2760-3-0x0000000000140000-0x0000000000141000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2760-4-0x00000000002C0000-0x00000000002F2000-memory.dmp

          Filesize

          200KB

          Download

        • memory/2760-5-0x0000000000180000-0x0000000000182000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2892-2-0x0000000003B10000-0x0000000003B20000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3068-0-0x0000000000190000-0x00000000001C2000-memory.dmp

          Filesize

          200KB

          Download