Overview

overview

8

Static

static

1

2f8f1d1866...18.dll

windows7-x64

8

2f8f1d1866...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2024 10:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f8f1d18662f41295f3fac3ad5d2007e_JaffaCakes118.dll

  • Size

    214KB

  • MD5

    2f8f1d18662f41295f3fac3ad5d2007e

  • SHA1

    c6cff86104c17bc0463d89b8289db50094cabe1e

  • SHA256

    55fd5b356885497c3279144ae7acaa5d848ac22bf7f52873ce95b06fcaded6c5

  • SHA512

    6ac35f0199fd263ced7a310d6c6b902943901dad6366c8e3e8fb0ff2ddbcc8b04639d99cf61d575bb2b8034f4431c43c34a92da516f01420442b571ba99885e2

  • SSDEEP

    3072:jvuEmk7qHEjxdCs6LQoKiHElD3EQbwWYhK+8GgrKekAf9tfmBo5X:jvupk7IEjx6t8Gg2e3v

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f8f1d18662f41295f3fac3ad5d2007e_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f8f1d18662f41295f3fac3ad5d2007e_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2708
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2752
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1776
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2644
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    526d36eddd89f3a1576ec4695219c6cc

    SHA1

    ddef9c598544aeedce83c06e81e0703635e2bbc2

    SHA256

    6b950b5a9234f02c6c28d5b78313196f2c5d63c380775b5f8b1caa7a64efdfc3

    SHA512

    a9a57488476b6e9462f635af9ed02bafa34c005167cd9291922308b4743863da0885f5b9289a05586265915f470a6128fd604dc17b3c749afcacd8f307884753

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b68cbb1fa6298d7d1ec2367c930f09af

    SHA1

    9496b97562e443be11b395f825a1bd6d3bea1e1f

    SHA256

    63f6b87c96a5f1199430e3df8fcf27304bc57fdcc94a2b5eb380c88a1a4658c2

    SHA512

    3ce313e8cf006c5dfb3d08f151c7e701e8ca168a6d6d771c3279a0557468400da55377dff4afbd7df520450769f6712e4599014599eda3b7497d2dc720b239e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bfd5825a3d40674d7f40b504af10ec6

    SHA1

    c73990853ba64f48904a9f755c0490338786c33d

    SHA256

    d694a7fb6c1428a29b7296da27b17eb1d77d0d030be95d6d060366596bb890dd

    SHA512

    af6d6f2b47668a30e0a4ba4d0457b11b0248b5d92f93e17eda4dd847970c1afd1e5083f5b7601e3b2386cf09974c5d923546337b48d53579634b0ba55dc92701

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    181526d583feef7c206e83a2cc7e1f9f

    SHA1

    f1b933014aeb28ea95846b3a0803f0e9f3f3d889

    SHA256

    6701475f37e8578530db72876efcff09444726404a8197bc26321ea2262bd092

    SHA512

    1e18c6e2c06f92c92f127c79bafabe2abda5de0c829cce680ec80441355977327f8a5828002865fa81e2b3c429a607c695cb210680165301f2ac0f7264f7c757

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97b87db2e1ac3d65b455c126078a144a

    SHA1

    9d839dd842e3cde92fdde0a8e55d1159038cebc7

    SHA256

    af9e788a5fe84d50bcd3256c125f7c8ae4ae7f90f12080433946f3c34deee2ee

    SHA512

    397b2c43e6d63f0ee775155bc2880dadc345995cfafbfc54d1214ab11a0847b1aa1644cadc5c7c1342a380d9c149fd27dcff591d77b42f83571c2d4d3d26eef0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eeb02f716252b61633405156d7049c7c

    SHA1

    76895816bdd5ff432378ac9eb6d47751ade0a244

    SHA256

    1e7d30895c8ed801b41d1bb6561c0bda8b6754081512bc3a1210e588f44c0253

    SHA512

    1d3753ce5c7295eb1d969c4c2dfbe86a0d1cc5aace146fd69c66ce3ea60409851f4f41f98a242b82b1b63537139768b242e4bd9bae31598798a77b5bacb2ebe9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b30b6707d36049eeb2301f7a568cd7d

    SHA1

    41aa67cbe67d7e8b8c45cfa7e28fec6a2183c32e

    SHA256

    26bcb5ce82ac3de98e9d550aea4b03577a921b5cfe8854fb9a017f7751865969

    SHA512

    9229df7837917bfe75382a8338be40e3d07a45461033f89bead57e290c946e9fec5094123afe7d1e74b9a3bbe8b7833ec563218c24c89d633022d89a6913fb11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66596635c44095ba107daca68e6834a3

    SHA1

    e4de59919f48c9261b637329a4eabd5fae5ec038

    SHA256

    31d87b75f898223336cc4da41796a395a0c8daf644e43f91543ba1f0e4baddee

    SHA512

    7023819ba373e4dcb0c03109bc3c6bb9637d4f954cc36755abf8e7e61af4ea1a27d9c1945dc4b4305ca8f6041686d983f9a91bedcbfcdce5ad14d244ce034c39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fea2831cdc44db9e164fc7ac6c1f4f70

    SHA1

    ca7690aa2b7a0b6a093a578508a71eacda4c69fb

    SHA256

    af838b0e713e66ec88129b33b025936f4bdf125b16ac6f1b8fb552938f6f603c

    SHA512

    e37aed34f6e9a164d709e813878c0fc021f2cf50d1f6e64f9786669752bda1cd11bbb64e4a7c1bc38fd408c1a057c49d93e62cba00634813b3c0aada23c03501

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a1ecd53b5c3121231acd98c0e678f9a

    SHA1

    2f857425517a6bd781a0cd098d84f5c0257a475d

    SHA256

    3de8ee929e74cf4b00d40e9bf811a8e40a04456fc3226f000011716bf1685767

    SHA512

    16803084eef6a30b50b65b1f911e588196baf42f3a37366d07993c00936b5e8c33bd1a0ae54089dd120639cd47b3263921126bff81db6131ab49a9a35b190647

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b6b82bcc13d33259b5a42e095e575a9

    SHA1

    8c2cf00b75b3f9ea1822ee3d3d6b51f68fc5321f

    SHA256

    40fc009866bf19743c46ee5c80f7fbc01a8b7e312fe692e5874eafdecea75091

    SHA512

    d34a7930f055572544006eab2940368404bd39c7a98ef9d31a90d42cf19f05ad04b4b15e89ceace245ac10fd3741e2b9919575a9ef754a291e28c80e55c88ef0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b26d0fbefe3bbd2265be1b1a01b4a57a

    SHA1

    4073b87ba993e38962df84369c2b161c731521bc

    SHA256

    e009754437875fa7429b8e643cc161e4261ff3e73bcc5e0b4acf59c58dee5b6b

    SHA512

    870bd13e52c9e3796a2b1a2b643da4b81946a8152f37c5201848b682c68ad78259f13dfc4c01e44d1a1118d23a6788ffd342c542b8276c88446abd1bd44b2d12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4b00b5ad3dee10e35e3049c3a4986ee

    SHA1

    9ce7fb8c6a5ed7882a3d97313c13e6dbce5037d1

    SHA256

    fef9896440e6726b6aea3b9bb6e96f24e001f12be7f9b58af4c3f9ac9ce6ab21

    SHA512

    5825cc5a316a993322116671ad34667d06b1b69d99cbf5351ae864668cf6b995c47f02f351f4c41ea1f1ae6394d261b9c1ac49f25992d0c807781e246bccb76e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84aab0880189d07488c4e7b4f12f4859

    SHA1

    475f7e2bf18214b0e57a93a756d067653fefd92a

    SHA256

    89e080e5566e3201aa6da5caaf960910499cd7723dfef5ce38dabfda16e89bde

    SHA512

    5eae0fc6e80e421cfbd7e39fb34b10b7d0b0b5150a7c4da54ae4422abf62604c241ed215579fd74157fbf6ddd9806b6b34755c3a4c69db5536bb965a888505a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    632908cf4e9839db424aa98d12a8cfd1

    SHA1

    76240512fc42f2ead21ea2ba5658bbf79ccc68ae

    SHA256

    01f4c331d728f38aa6d6ad76aa7fc4714926cb7bfeed2d1273a51b9e4e98fdd6

    SHA512

    45c5ab3b3065037a786cc172b3cf7b64056e11ae36e48b39f459d95a6e24e044c3e607b6dfaba8bba1cb0a76828f8c2f3852ae947a35351aefeb99ca63918ab2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58c0332031e4cdf60844f493e01f115f

    SHA1

    0af05d4093ea79026c1610f715395c96abec5439

    SHA256

    8f788fefd65d836298401528ad4dea09c576042f2f0a551aaceb12d6d390a52d

    SHA512

    e4a33b34fddee2392962abc461e288b5a29b8f66ab204cc2f60e0ecfa8fa36569882695ae3e5a4f529ef31eeddcd2af037d6e3dc19789b126c97061f8ae9ce97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b06b98e1d4d43bae29b7e5e6122dcd7

    SHA1

    f7093e44039e2261dc2fe14aef3cb1637993656f

    SHA256

    0af2819fe5f88eb962f2d99cd02d12d0e4c4c657fb29dd4b49a92a7882d410b8

    SHA512

    dce09da2c12fb2bdf2a93ad49e241bb589a9fbb97f3623980a4e2c95be6fb0e6b5cc7f9e9caaf6076dac08e9135413a772ced1c0eef4fa53312d93adfdff9013

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d17505895cea5918ece82621ddb23884

    SHA1

    fbf904492eb95f1fba168fb9dd6884924d8e94dc

    SHA256

    23cc77e1858341af3d0f9ea791d8a2934259d9822ef710e3af2dcfb135ebf096

    SHA512

    07dfd9d9eae76209a0de7847c34c2afa6ea08596bae5d4881e049a4de9f969a59b5958ff2e13fa6eee0941175903f52a109981f1e1be25935274b96005c27284

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f9d2e414b615e2b4f0dfb9723b2c902

    SHA1

    7fcd0bfdc3d50a1b9a085477b507a19d0672d85c

    SHA256

    7056d7ef3ae83fd79a7e5fdd738f496620d3f4413d2f0c013cfba5b860290ab5

    SHA512

    d403c0eb01d12c938dbf33aa16d52a487893fca59e140281291138c6e601de7d7f89d6752162f88ac03b4849e5174cb89c0b58b735ea884c668c0c1932fa9cec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3304.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar33B4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2740-9-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2740-19-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2740-2-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2740-1-0x00000000002B0000-0x00000000002EA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2740-0-0x0000000000270000-0x00000000002A1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2740-5-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2740-7-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2740-3-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2752-17-0x0000000002F50000-0x0000000002F81000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2752-12-0x0000000000140000-0x0000000000141000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2752-13-0x0000000002F50000-0x0000000002F81000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2752-14-0x0000000002F50000-0x0000000002F81000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2752-15-0x0000000000200000-0x0000000000202000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2752-16-0x0000000002F50000-0x0000000002F81000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2908-11-0x0000000003B00000-0x0000000003B10000-memory.dmp

    Filesize

    64KB

    Download