Overview

overview

8

Static

static

3

1aec1d350e...18.dll

windows7-x64

8

1aec1d350e...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-10-2024 02:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1aec1d350e84138d0cc80be3b3787028_JaffaCakes118.dll

  • Size

    163KB

  • MD5

    1aec1d350e84138d0cc80be3b3787028

  • SHA1

    d72eb7f257aa71ad3d0e85a2738c24dce62def66

  • SHA256

    34bc9735615d1f0aa7d698d22a656ed621717dc8c8882a3286854f40f7e50f97

  • SHA512

    82898793dc9cd90dcab6e7a47875c6eaa87dd8cc2eceebfaa06ba5030e849928ab31c98ccb8ecbe99610d21d1d5513036f8f7796df92ce77cc29f102d2914b02

  • SSDEEP

    3072:/vdCWhm6xlKCp1sUQsCO76vHkJqcmjDIevxzbe9eKzRA1+0EEGaXVON:Xc+ggIvJp8D3EGaX

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1aec1d350e84138d0cc80be3b3787028_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1aec1d350e84138d0cc80be3b3787028_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2796
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2808
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1216
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2828
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b4ddca5e6f03f624651e3890758d978

    SHA1

    da3c954e1660a6740cc637bc2c9617ee80696441

    SHA256

    33eed35ecb572fca2249cab39299a7b9148919c1f8b88ccf53e67154b75c4924

    SHA512

    18dabe5a823d5459331bd5d5125163ab9ec44858ef9b32bad72c072e62e307767c5734b0f0a4365701909700c06f8ba6d47c24c82be48664d67a04e692c3eab5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c098237fe689e1ff2c1879f12140f091

    SHA1

    1eb086417d33950765ad9db53475d50b87a21604

    SHA256

    0689853eef52e072998eaa9d4b256d28ff9173d1f09b20ba60dace88306a7103

    SHA512

    da5a91be7261e119825559bebecd34bbc80cdb6910d9a4905966f60e40fef98352c739c808ad286885d50530df709948f30e416be69f526097386c9c471ff8c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5ecf6c9023ab7e3491fd21c6a48ac6c

    SHA1

    0c4041f5d7c9c1be9d68f5a538d13bd2e36acd20

    SHA256

    8bee258b94c495fb5645832911192547cd4f05e50cb4b303dd2e35dff73e9a61

    SHA512

    4430ee4cd57f0b403c91bca0b4da41eadb728e71bf6bbcc441fafd63023730f0f980a1386ece74767083401b7ac509c5800fe86510167a35e6f6b12e44715a1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75f391fc62de1d31886e7d335c39d731

    SHA1

    45422d331746e930bbe3eb897f02b41bb0d38aa9

    SHA256

    9d5c3862ceef94fb1c9db524b18d9edf31dfece8a7e81372264bb790b37357cd

    SHA512

    2d6cc3d5c26fbda8108923b22d01112a54707e7c1a300430b7e100b60ffc1ab426112f6795ce27441ea28dd2f89d3758ade39ef3f905b16ac019da79b50e864c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9c5062de2604b32c46481cca7396c37

    SHA1

    3ca005015134b6474bfaade95e803b286456cf6c

    SHA256

    4cfd52ff0852cc75678db3563d9b51dd5b8ef2e756f299c68f672da0d5e8470d

    SHA512

    b9a6663f59b75d498752667c459a1f961351307e914d29847e03f55cf6b2a1c815d67e90bfba211c34bdaeea8d5a74731b6b8d2d4779187428099839ea1cd893

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e589d8353fc83cacfe3639dbacb2029

    SHA1

    681b7e35c4c708c371773061614ea2a99c43a5a9

    SHA256

    90610db060838c4783c5ece74cb85c48ae54298ea173560219f6a7f7b3dfa862

    SHA512

    abf961bbc6f5b55575071028b01ce6dd15a3701692a944099982dcd4a6939a7f4bfb5c1a6ff9b9c8a32e28da5f2ff9e87f56029c2b2c8d2dc3c8a3a995268350

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62eb4a4b5fe73536b8212ef65a68dfa5

    SHA1

    9fa374dab821ff7e4c045c6102a2c0f9feb57ead

    SHA256

    32732bb062d501de2a4adbffa0e5fbad37173cb3bb7d06a9c1e00b04675b567b

    SHA512

    b12a0cd21418665d5e30b6df83b2b5db0390f0e7a936682a526fb725f2a8c15d53db9df44164bcc011f48c8facc01dfa4a25e988b64509938b3374257187c7a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a334ecd613ebbe8ec9d0ea582208df42

    SHA1

    8eae575d5b671b167d6835341da1939f7634910a

    SHA256

    4f5c3a76c0a85ba92a2a36c58acbd15dd4e0fadc8ca3aebc974ea6fea2a723f0

    SHA512

    fd20adf278a5a655e72d1b9b2b31c8c694a48551c866b7c4fcd99967cbf5dc5520ab720bbea1b29cf7d40e3f4c8b9111db34c9466174818522adb420525b34ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58eace8f97cec47a6b977bc25e46d0aa

    SHA1

    7a1e4e3e68e1c0bb4df2160fffe738a05b1438f6

    SHA256

    50e01487e53db9626474a9334d54a047daedf38c9bbfdffac439f97c77fd3051

    SHA512

    cef97e4d510eed97ed36835158d862c70dfe99bc55a2d87a76ba503c239a4929226a6d6cd66db9c91bf6a676a54dd2326a89c75ff883a8f255254dfe1a3f77d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    807a97847640d1e8aea5dc8e3971bca2

    SHA1

    1c34a42070e610f55262885c8a1f5136e547e191

    SHA256

    adeb3c797dbb41c9bf4cf7091b88fcf9907463848ea9e29f759c8a9212864e8f

    SHA512

    60e312300f3525dabb13c6720ef68a2e210f8a90f350450780630536d950068279bfa3cd5430f4e192cf39fbf34b23753a9ad1d3646392d4a0bde9492a3f8466

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ecf8ec4fc3c3d81c6d5283f95f2c835

    SHA1

    560909c04bc6a082dbd3f7488c95f1bb05f8da9c

    SHA256

    121e10fc0901b1b80c8d1004929abcdc46f98ce3d71120f83f71a8f4f18c5369

    SHA512

    6f1fc15e37c08654a04485d8bb3fe6b3760093e8a967266903114c97f6c54bfda45b8b74ea37ce0741fd4fa3ee752b4a644c2a84d0ff6ce64740f6a8a38dab36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1090ea625481fbe63f37a3fbb75390c0

    SHA1

    ff2aec85ce14b4a3e9eff9c67151a3d0c447c944

    SHA256

    4f58fb69967aba810c7af8eb426c9ac5b37bea1f090ccce6cb2c0712adbf94e4

    SHA512

    3b8fc6a5eea0d798fb18de2f02b09d35e06993ba44e3979edf71dbf3d64bb0f7c16ad0e9e791198bcd684253fe1c2fbc9a6758a0716047792660366d061d5ff1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a616d9aebfd8814d299d090fb38a8a7

    SHA1

    01c8d2f3d96073337c8b88ba4193de1a507d3858

    SHA256

    a0d54fb9e9d35aee2041e7f0523408a15fc5a9fd1d620ac1cd5fa8fb7e9c6db6

    SHA512

    82e9f258922b103be4f33ddf9754424f19e1b35af6866480f0e7f08fcc4d0a827284baeb076084e8ff57512516bfade4ae496f37f6e4d3a62f3e28ca3a71adbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1fc98e53f371b747f399afa0db0a695

    SHA1

    fb710f14d67230bf299016a3041a6b4244a5f6d1

    SHA256

    6a7d1b138aae6d25a547c9434aea99caabe0e276dcc9769b16859084b9d37772

    SHA512

    12e05583b027810228c70c1244037f43ec64e473c2abf4a5630f9c7313ea547e812ca62a79a14ec73df5dd1991486136694c5fb01819dddf76699c6a17ef4259

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d16f64668b6bacae336baf828bf88caa

    SHA1

    44036a661a8a6ef765b529d6a8d2b9b0aad7ad5f

    SHA256

    fc3b5b47e14c04b03f5807c85267a2ff1ee00d14dd4e159fd0698a183a77e43a

    SHA512

    14684e86e7db9ca2b1ac697472d9bc49c27177c769d7425cc0516bb78057884bcf550ff4988bdeea0be53fdad9c967de815b49ba2297be4422dcff45f153c1d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eedf2bcb6e6b8350ac7378409f0cd323

    SHA1

    3def9685a14f94bfc41ca1b2c3e3c692c748b876

    SHA256

    e58f3d7afc858880a34a74d56c1ff58c353ed967a2dfcb062f15585b0072a89b

    SHA512

    6d125d503ce9018c9e3ee91f344e6eca4d7783132ee47fdb78ac10a1b87a406a2d6fd120e49bdf7611b864821ee889e453ee113cdefa9a010deb32897eafac28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe6a8f3a7785f8e775f214db9ccc4bba

    SHA1

    4ae27587212fc46873c6082ec8b63bf94bb44396

    SHA256

    73b954b60bf69580ed58b852ac0af5d4f116125c938204901f4f2076db408c14

    SHA512

    d9cc525058851c447692063fdfea9c263088b67fd82c94a7801b48a3f422eb7fccf62105784d1dbf3f7029d9a4f513d28467c45e2331d8a7732e48d7e97cc111

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    806871357f9207ca9e2492dd8d1706d1

    SHA1

    eec4f43efd58a788b0800767ce138697199a994e

    SHA256

    e98d487ec3a02efda0b4ce226e63e46fe8c24086f79f222487fe45be02c5259b

    SHA512

    d4dd47cdc9cc300e2ee54f8afe0568aeaa4892cee4b109d5734fef77bbd953a48a42bc4345a6901e88c5bcf76cd4346d90b0357f9da5671d59856abe92b5c651

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da9a0aa5d3f3dfae36439060363f9918

    SHA1

    032840b178b0e6b4d850f1ce285cafc91f72de53

    SHA256

    d46caaaa9b2858d4b554a62fe02549d05327600d914361f2d8f5323f1f11bcd4

    SHA512

    322d550b1516ea2f2e41afa0df3c9c95d9b2034426bf0afeeab61c67c1a4ebd0f9960c0837a84f9af600d0cb37788c1641ab978872a74ce91861854545e1a23c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfa1126295b15a969a8a65afdd6cf937

    SHA1

    66c1731e29e8be90e9fde2169234aa7b04974948

    SHA256

    7d197430fdf84672228f030a5f803a8c81046b7d062d9d0d27be2403c5ad9579

    SHA512

    93c1c482714d373e0d06a9a56f4904127b6bf5f2c5d195cafc881aa1878223ca3b0d3570e7482b52c9b0ee875c6a9da1ac52f37f8acd520ee2979f0990087d2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3563.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar35C6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1216-7-0x00000000001A0000-0x00000000001D0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1216-9-0x00000000001A0000-0x00000000001D0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2580-2-0x0000000003D90000-0x0000000003DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2680-0-0x0000000000210000-0x0000000000240000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2808-3-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2808-4-0x0000000000310000-0x0000000000340000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2808-5-0x00000000001B0000-0x00000000001B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2808-8-0x0000000000310000-0x0000000000340000-memory.dmp

    Filesize

    192KB

    Download