Analysis
-
max time kernel
149s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
09-10-2024 05:36
General
-
Target
2bd1db3a5357dcf620bf979eee24d073_JaffaCakes118.dll
-
Size
199KB
-
MD5
2bd1db3a5357dcf620bf979eee24d073
-
SHA1
089424f4975b51b4f549ca7c261f553da3aa0a8d
-
SHA256
435d51cacb6bd9222d3165df22c2306e072403f0765a6f57224ab5a732305ae0
-
SHA512
f009d9feb6cc4e2eb96f410b86cd8fb78b865e25d600172a613c11bdb0f484f0bb549d8daf0656330923f8bca79f7b5aa8bc11692e4e62e1b4c78a746d084a40
-
SSDEEP
6144:Ugg12EnRtb7qmUcR4J7LjCoT4GipKruZeVROZoPgkRuFH:+2EPbOmNR4ldBjuZoTPg4K
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
-
Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 40 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 12 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 29 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2bd1db3a5357dcf620bf979eee24d073_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2bd1db3a5357dcf620bf979eee24d073_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\ctfmon.exectfmon.exe2⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5a470ab7eb9122ea356d2c77f765aff6d
SHA1131980b0393eb05dce50b74fb521e6a345cb4119
SHA2562b8b2a82abbb5c3460a3be1c78fcc95acee7719e2e11bde01352cc2052be04af
SHA512390c3641e3bdfb3e57765febc9f9c585a511b9fbaf1b823e505b3e81baaf53627f858cb888a5474c1c0993f30aec62b557e0e3eda617f3893bcd75043d65442f
-
Filesize
342B
MD51f084de2865ce37739b0906283d01156
SHA132dbb471d3aa74244682c6d90cde5df9f94deca8
SHA256771233e0f2c735aae20d0a42758e359a32d555e84d8da7d7020bb1aad183b465
SHA51288fc9c6ad5954acd6159c0ae6d8012463d8f55ead40607aab4220e228c416fbf7d9be1a9c9196b613858c2916ade948c800fcf2d64124812cfc76e28071c0612
-
Filesize
342B
MD57071d444120974764659a2eceb64cfae
SHA1a516347077cbebe5a25880e2d435b5759019034a
SHA2569dd774a70159a5a68d17a5df0a4b7c0e250f2a3da0e33dce6270ba83fa6ed34b
SHA512ffde4823cf63d392acc8549857c3e96c57d96959cce946331cdd24b3f96275100e2fa5c7fa0f16587fb374e3928f01df26a436a61873bda6754c352f943740fb
-
Filesize
342B
MD54a25c445fe0eacd3ed91602e6374437d
SHA1319cbf18438ed0571f78f586d678473c579d5944
SHA256b10e44ca5d5a88ce93781fc0030c4e3aa93550cd4fb03eebed8db6a947126c3c
SHA51268c33798e05824735c5e6ef6a23d3732d22af17eec9a71c5d25f1c1bb8d241c22a93af12d6a518693f47e4d117f6056221e425847921a83659f0c78d3d3ad170
-
Filesize
342B
MD5c32affd422cb334e2009018ef3d2eafc
SHA15e8f3788ef1e08f2ba60c20cdaa413ceaf6b00ee
SHA2562148533587042150d7c2eb25994012a016101bcbab74d4f63267317b0f656060
SHA51297592309c4ae7e355c3564c52fd888f68e2e76cf3db6d6cf582701df883c02c3ce9419bd9201b37c66ecf4b59c34277da7ac6a74cad2bc4799e970cc8e4f8876
-
Filesize
342B
MD5576ca2fb5550aa7da1390deb1e58e525
SHA1b36893f1a868747dc01189006b56211453843bea
SHA2566197b24fbb2ebee1d01551427cd3824b5dcfaa99728de37da164cbddc53f4bdb
SHA5121895901549b68b27894de831c27faf83dc822c8685ba5c5821c87c17d1b8bd2dad747d767ad1e1f88bf900635f2ad058e455b2f847d796ae3e1111cba88ebaf6
-
Filesize
342B
MD5195548826e51026ceb6177adab18fcde
SHA13cecbba6d2d552366b12cd0803e0b0df54be815b
SHA25696cf34bfaefcc9da8919822644a6ffcaa98012d4750154d4b02745b69be3b95f
SHA5126bf0c57a38310bc7ae800b2d5b34ec1d496674dc00e4085f4d158a54393b95e4e5e5e1a1ce7f8d47e4aaddf921e2ff6ba3fb352a07c6cb561a8506abb23cdf42
-
Filesize
342B
MD53adde59bff13ce962b45819ad1bad357
SHA1ecde9d0cf9d4f68bf2a0f1641870571327642768
SHA256600e0821373b2b93a2871b929b0d751e3378301c64c26863ec3dbf1faff43373
SHA51231ae6c15d9fbd479a573b68f4b19b6dd086f88634771ba5e0b8553428000b40664b86060dca19d8eb786835deb38bcd8f66f3f965a5da92149bf53d1232214f4
-
Filesize
342B
MD56e51c08b7a9cbe76f73e35d3ad0aa99c
SHA19ffb7b20356971cb510ec0a214359150c2b8b63a
SHA2562058e4b33a0d5ead5198f3b4b4d3d85a455003ecd8ff3d4e2ab1ab307d69be7e
SHA5121a8da8eecff32c3597463f82ceb56c64d12bbf0785d0927c4bdaf9d73946c7194913d11d4c59b8465df3c867255f754f9721603be5ce17e7baf1a47c93f2286c
-
Filesize
342B
MD51ccec6c3fa22fc5d6ac3d7845e692c77
SHA1ce75c6335274996ffe276b5faf24ca86771c448f
SHA2562886de718623f0156eaf224f5e0dbf801b187189582b7ac085f545f1895487c0
SHA512fd578cf66530691407e90b4b3a1027f77400f3899f32eeb1ad89ba38b48eba54bf507ac1b00b82ffb565d24e53c5bdaf7c8bba4b845b2cc230c8c3480dea786a
-
Filesize
342B
MD5887860b3644eac16a11e166b77243c9d
SHA1347a87010668482d32ce45c0b931ec380ef8780e
SHA2567345c2856939e9b21c7f7464b2b5dfab7d16bb34c56a75737fc455ed60992106
SHA5125e32da985047e19713d0a32ca61b5ac600c3739fb35b06b9a7f9b775a3b24301253e4711406d43a4c73dea20c7aa7dd5e371015783cc25da53f43469f196ed1f
-
Filesize
342B
MD5b2f57ca177257004ee5894f95a594d1c
SHA1d3c96ff5eef7a1fdf7e89b50ad3e1fb7f7b8cf3b
SHA2568b38a9c96a6733d4748a21da7c9d433ab4506e6c46773ff2385d306aca63e290
SHA512992c6f45014a7e8526897cf98ebdff0365d0d4c79a79c978d7ab43680520606c17e5fb6f5f36c9d7749492be33f74cc22867f9615cbc49e855e1407349d6ad87
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
84KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
8KB
-
Filesize
304KB
-
Filesize
4KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
64KB