Overview

overview

8

Static

static

1

175a1288a6...18.dll

windows7-x64

8

175a1288a6...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2024 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    175a1288a66477b0a5dad98108d54fb6_JaffaCakes118.dll

  • Size

    200KB

  • MD5

    175a1288a66477b0a5dad98108d54fb6

  • SHA1

    24e192a1892fb7662c30507651212c8705491226

  • SHA256

    2db9b037c4fa6e502315dd99ad38265336835121e4b6948a0799c4da40d80bb4

  • SHA512

    587149567e6c34c25c83eb740cb88945aa3bd199a1bb87194ee59163d4814a7e3763efcd9e164c93f64aabd3ad4040d4444305d678eaf4216f8cffb0452bb0b1

  • SSDEEP

    3072:19XST5kKN/S3BJXKgRpRDPSQEGBNt/9AIXNMujCTWMAIWXuINA/xl/I3U:Di9V1QkaLHtquGBW+yYxNR

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\175a1288a66477b0a5dad98108d54fb6_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\175a1288a66477b0a5dad98108d54fb6_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2672
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2796
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:748
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2832
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2cddb551cdcf70d034a6fae90c08a2c8

    SHA1

    242ef992fbd9f10342fd37acd278bef193fae6f1

    SHA256

    c76cb0943d01f0476a3ceafe4d37c91306fac757638a916b36760160e79309a0

    SHA512

    e0dc118932e31a761eae5a1f76dd3e1980e527467d43995114ad51f91ffef2f3d84e5b6c75294d054cf47d20e101fb1e56aa0f4b14c80887cce41f5d98ca3dad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    444418344366e2a465b3c705562abd8e

    SHA1

    5e2f76de8398aab9a0295a0e208c8710dca12109

    SHA256

    f63b768166801c172ecbc62a315583d6d6374e888dd0d09e5fda8f7f799ca360

    SHA512

    9d83bb14bd39f3ae3b403c9eb3f3029d22ef784d4bb4048390e3a8dcbdcf54d6fbc85437f0c2bea38a0f64a0416cdcc9b4f1689e7eac554f7075e2d9f3b869af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd84ad28eabc389abd77ff6a047d1797

    SHA1

    01651f621e0afbc93e5e78e6a57f699bf0605c54

    SHA256

    5f7ba7a3aefdee6da19df74293686e938f7adfe6083bc2f8997b9a703ec11ca8

    SHA512

    8365bac7c1718870eabcd2254d05b2355acb55ee2fbf3a5e44d8dd333400456d8fa57c3169e08b82ad4af3bf1d954c2bb9d37250f895f0491412c0f8e1eaf949

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfa175e06e7ba95bcd4445925e50d177

    SHA1

    adf1f8fdd19ed935ecdbfb70c942f0e1b0e036d4

    SHA256

    4104bd591d7f64314e572e9d47f6f0b67febdf8e7350334484c4a9ccd07c98d9

    SHA512

    87078c0cbe5150a0e3860dfcbdcb350fd58c314d2e605045b062d849211ec22867ff91731f48dead542f3b65e1d51b2ff7c4ee9b7edf4a96be53c27c04781dc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29c9c093589a4c6be1b274a6d88bcad6

    SHA1

    212af3477bdd97af62a2f672f48e5a591e5b4988

    SHA256

    822ce0858b54a45b7d8c22b9aa0319370041e9959a13565a826255a952fffecb

    SHA512

    156343d71432d12c609b0e0ad9673b4608a1af3172c1abb930523116c1f1eb0f3132accb64b0352ea3ba20cb614a1d4ebff34b239b53210b7ae7f9ee677d1a6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a76909c50c34d1cf34e48671ee5e9c34

    SHA1

    1a0456bc387cc73eed0ba117c398d2a119e9718b

    SHA256

    380b4dca082e4c5d2b3989caa1e1ea22acf9b5385ca87f8cf6710890d64b9a02

    SHA512

    7240a47d197f4546dbfb9d788304d4df018a1f1c50e2d2ce9e7efb99efb4ec584883183e1c933369766f6f575060065f27bf5890e03ebc4d23bd5d9f26ca8e88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    876ad3ede4b7fc4e6161a738ca3d826a

    SHA1

    9ee0562da4bf5ee780ef0aac0949ef3b543ea4f4

    SHA256

    ea190287b8c4f9ad17300d15dae138f4c57ae8bddbd64f4a806de97cc2749f07

    SHA512

    d9e1de0e88a739b4454ce46d66a20938131e59bedf8a97f1131d06f1d98c8335943c8128f91728754990c051db878096bf13c81971acafe5c5dc63ddeef19431

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56f8093577b43875651bf03b95836201

    SHA1

    49a5dd0bc7e961d56bd7f3b37648798f83f17c5c

    SHA256

    1f200d7a32875a7c8fd284ae97504c64885d208c893999fa29e7d8516f6cce35

    SHA512

    46a9c6ca21daf750060ab1c1d189eb3283bf61cc0b116c6235de4663083569490b1b8eccd8c2d407acea3efec7940529e41d660f5ba4ca13136b439a0c20fa0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    987dbc43c6c461698219d3bb15c9c0ca

    SHA1

    4a755dcc0062099cb5b561f41ad91ebbff11316e

    SHA256

    b6c95e5022f7d47a2e16ae9777eab1f0e1ac242a73ed4b529d153ee2ed317b7a

    SHA512

    fec8491c633d50532607f4bd5bed136174f2dd15d3114fa0db614c65dc94920c2c7fd0babd8181b031a6122e8a5c016b5e26c3842641d6086a3d9ddd2da17522

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa870183eb640b3ef58b766ad647a0e6

    SHA1

    b14881efcd2061456ef71c827db117244d3eeda7

    SHA256

    7b2a78e0b7eab5b5af439be799b16aa41264b96abafd00188096127fb6acb85e

    SHA512

    979a5153b210e3b3fddeabdcaf86d7fc0b9e77f587c1e2c7a03ae00a469f8f888373c0e4a50ec938d095cd3a11181883dedd65d202dc02c7a3f37097fc4b1be9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f188d323221ed5172e833293e379a17

    SHA1

    2fabf6cea62a6d2a079028107d6edeaac8ac0a92

    SHA256

    54dd7bab2e84a4886bb5dae89e35d3434131c2d51764ac7dffd08626deb39d0c

    SHA512

    86fcc6892d0420b9e4eca4db3c19f6b6cb3efd4a22dfe38e8eef977283c560dbfd3b3b9906788204c5b494fc21bec6dbc16792bde1e9e12e54cd2991bbd69da8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3c6d972b9c699229e97e45590c6aa86

    SHA1

    80e03f5d1a0a16836db3feceaddb8dd39e41be48

    SHA256

    169a1eb31fefc761455f1b19281c55239ce9f79f1ff0fd88a0d8198a0dd32651

    SHA512

    ec5e81073e245f54c2739b1de7b73c647bb86dcfc4e219f0bcb7c1ae9bf418e80a61450c1e6c78e11fc027b5df6647051fd72dc6657ec6ad498eca89e421cefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56c6cad8c4ddff715848d1c317287a7d

    SHA1

    c9621d2c7b62eea6c607dbe7eb9a17040e286204

    SHA256

    dd579ef9017fe215cce8d8114fb5a185ba72ba7e260ea52098a35ebfbb826780

    SHA512

    5dcf17512dede2271a724b1bd68ded8cca7d28477ad398f71dd9fbaf2ccb993dc8062da5874670f69d1174ecd8f6486e82ed1e41b57e0b3e827de105bfa547c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04915a314a69fcb9e91b55b0542ca8de

    SHA1

    923b7c9542263c499e30280c4f227df61a902cc5

    SHA256

    e3ff4c37bcce80580cb8da5f622386d2fd0b277e06f754e2701687eb4be7a0a6

    SHA512

    2e05822a87e117d40a1dd600354c7b0fb17d97930d235f21ab065b145639382c6255f4d6f92720e1977410358f8f17044d46aec16db4ceb1339b632c1ec58759

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a82124269ca8f6cb04b5707cfb1c55ad

    SHA1

    8032e87d7491148372964e5a7ee56e62ff2b73c9

    SHA256

    323866b56be70105ea42bdcb670f71a58bbc7ea59a6dd4c88e3af73a171d6008

    SHA512

    00f5ec6a08b67e4633c307bc1de39d3ffcec53fd57b8dd441837edd8da0c70307eda5bf8718dd88b7c82926253e33b72f970e129a2e4d3150ccfba5d2e1974ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6685bdfe4e817f190c7b56a4ae7d443

    SHA1

    25a535574b1357aee6db68a1ace3b7fa76000356

    SHA256

    1577f2ab4fcceaac0d930113fd353897a1f66d893caac5ba5326a5d4fd0a70c1

    SHA512

    8a256008a6c173ff676360a7649eeffea6bde83c749a967cdba5add67c22ea981f4ffb8a7a96e8c8d1dbe6e1842f902a01fd68eb7660def48ebf89b7cb2eeb42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c4d11c30454907ac96dd9adc66da55d

    SHA1

    e92a4032d01919c580c26e6c3ef498ce411555cb

    SHA256

    14d6220e26079fe50a9b9ded320a262cac9a6a82d90b396d2563679327d3d581

    SHA512

    6c3074b1f1cd756cc52d6b929e6d2b602fdb4260a3ccc4d0bd2bc2f99d5bfaace3bb8bcbddda9aa149d2eddd1af51da43b15da7d5974fea65fe0bd94078ab5c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b66dc431a739281cf3d458a72e0c40bf

    SHA1

    9777157764ca08d895bdee6729c553ff6306e981

    SHA256

    67da9c85c499d5403ae0f87cbce07038ff5991c808e0dced48003bef8136a6b1

    SHA512

    b2f214be4dec4156c5717c51eb951a4a01f5bda5568e94d3e1e05eea18e2d3bd93112eadde8119b510b5f87ad8d35d0c333c4f27fc6978914a891733fe11486b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee6bbff9031b618dc097f2ddd94391f1

    SHA1

    d9243adc14de655c5e78f3c6ed6498b948453327

    SHA256

    706c8403aca345bff4e827e1127c2498df07032743946d6fbe5278eb6a5b3ac8

    SHA512

    75f42888ab83e213a7e5876dd20d33def6f2c09dbc4ceb8fb0d95b5ee5a47d113bcb0b19f4098ab11daf3fbe91de7a4acbb3cd0bec1e90ebc9231bada66f4be1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDA7A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDADB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2276-11-0x0000000003D90000-0x0000000003DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2676-3-0x0000000000790000-0x00000000007C1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2676-21-0x0000000000710000-0x0000000000744000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2676-20-0x0000000000790000-0x00000000007C1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2676-19-0x00000000002B0000-0x00000000002E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2676-0-0x00000000002B0000-0x00000000002E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2676-2-0x0000000000790000-0x00000000007C1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2676-1-0x0000000000710000-0x0000000000744000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2676-9-0x0000000000790000-0x00000000007C1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2676-7-0x0000000000790000-0x00000000007C1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2676-6-0x0000000000790000-0x00000000007C1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2796-17-0x0000000002FB0000-0x0000000002FE1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2796-12-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2796-14-0x0000000002FB0000-0x0000000002FE1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2796-13-0x0000000002FB0000-0x0000000002FE1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2796-15-0x0000000000460000-0x0000000000462000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2796-16-0x0000000002FB0000-0x0000000002FE1000-memory.dmp

    Filesize

    196KB

    Download