Overview

overview

8

Static

static

7

3e996765a2...18.dll

windows7-x64

8

3e996765a2...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 07:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3e996765a2d858d7004b1312498d5222_JaffaCakes118.dll

  • Size

    180KB

  • MD5

    3e996765a2d858d7004b1312498d5222

  • SHA1

    c51a518f26666f7811ee86b0874e7915b220ffe4

  • SHA256

    ac44e261195830598d6a6414ab88814f24753af15ae094e78125768991f607fa

  • SHA512

    c89086c7da2d471bf9fb59a6974907cb22146f22efe57a67b9e74b60b399b8101e3a8acf948cf9e5651da9624ab3c03fb8622ab74b07857c9a5a40fd4600deea

  • SSDEEP

    3072:sPAoH+XyNC8RnasOW8OeTiO8vVl+zx9+2zQfIBGw9nJN4Sv8EpzHkWZxhwBF:xOlNC8UNdXZ8Nl+zt0fc9Jrvx7hq

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e996765a2d858d7004b1312498d5222_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e996765a2d858d7004b1312498d5222_JaffaCakes118.dll,#1
      2⤵
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2556
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1928
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1860
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2724
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2616

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\NOTEPAD.EXE-x.txt
          Filesize

          581B

          MD5

          93477a81a7c7861696754b2a64411356

          SHA1

          ff41e1e7ceefd7eb9320ad48c48238fefa5e2543

          SHA256

          ca9f857f62aafbee2f793fe27c15a40bdd33d7d26664e0bdfa1011abb7d98358

          SHA512

          ff84fbfa7f9fc17f7444d413917eff5d4c9bff424198550f1d014fc7ec1b098fce90d072fce5c9ce02b7f359e68a8b3c335372089f7a58f61a3a9899c1e375bb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2efa3a012dddb882b7872e070c6b28c7

          SHA1

          e837d2aeb6cd12b2d88be20d146020acc7d3a795

          SHA256

          aba9621dfa304106ef71db2059dda6c0c9c725ef1df470a4867dd4a6a6d04160

          SHA512

          f82d5a75daee05a0cd0624f07ec0027fb7c9317b09aaf05f807fbfc45a1dec9918e2cd3d59f3d8ec68f609886d2d3770ee2c7824b35105651eb34649e2549765

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7b75d453cb5ebe373b248d9939bd6c1f

          SHA1

          3b3d8cdd7ee2bd6ae66388224b95a3f7df81852e

          SHA256

          920962f7eaf5ca116da52888932a8743c591c5712abab2a1b9b0a4f22d49a3b7

          SHA512

          70150c9728306e696fba76c5fec87e7abe144002911bd9725379ba80bb885af26ec0165961260bf98974326362ee612cb8cad3dceee5af7e08000f667c119bb6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4fd233a0d16e6949e3ddf4b5f53a80e2

          SHA1

          df096da8193f9cdaf05b34c91d418e96e300e162

          SHA256

          41e1362043ea74a1ccf95dbe8902b07100a65fd6bbb518e70ee34206a29bbc86

          SHA512

          6416a8e0ee8c2559b3e17d69fc5151ea496e753a2dcf0fea386f29262443e4e92aef8fc9c4eaee5e08018dc7639fded86b48f63366f4278ee3def69abd5ec22c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d38dc4887d7f7952bfc510c3015e05e4

          SHA1

          7333e9a6ad91295b655e15710a63a3125f4322fb

          SHA256

          f09daa72cbab4b571ce9de0b56b40d084f297e33724022eb4b3b29a3eff4867c

          SHA512

          12c304fd7644a33fb54e59616911c52fa0517b591cbb69fb1001a5f8744a33fe3096125987b6dfee4acf14b427e31c88bc0c228ef0dec384e8797f873c303a81

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9dd6c15182ba430868a5e83825ffc5d2

          SHA1

          6ba66169dd8d9b68b24351dda02190028ea9d361

          SHA256

          14559de1b162015d23a26fe90a3233e9e907638e82692dc4fd4804c200d7daf7

          SHA512

          3b06a1b3863575ceb2f9abe4797eb06384e2baa2f6e45dd8c404cd1f6a9266c1c2449ac03b73733de7fbe86c36a645806c920e623c499dc266c7b451df9a45cd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          da0c7e8576a7d12266ec22dc6d17a209

          SHA1

          7959f65d4a21f018ae77e3ed544306605f034dfc

          SHA256

          7b7819fbac30aaabe3a3837fba50e0b04257d857cfdaaf5070e8318c242036ee

          SHA512

          ab329efc1300037e9ee14f092869ad53ac2884c2a09c0a7e41d5204fc1dd7441689494790451b66a2dafae25cc39c65c4f235817f2ab05c9ada9bbffba6a141b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f7b7263e325e5f275700ebe6a34f62c2

          SHA1

          ca02585e29d010ac95f0b3cb96e81b7e1f1392a6

          SHA256

          342f861393841369f0d29fddf1a7d319ae6e0ed4e9536f015a423cf002c2d2e6

          SHA512

          a01ffa61f4562e09572f61984d8afd9d431066f6af7bfb28352777b20d8e14f9a8ab52bfe14dfc685861c330fcf38830e73e24af15c48eadb1687a2a87c6c00a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          824773216ff096d071d5b850ba67fb8b

          SHA1

          1a5f8fbb24aeb74779be7be96688ea029e6b7036

          SHA256

          e8cc8ce8743f8a7c725d4e1cea1b45bae0a16af57226a93ac222b36708dd297a

          SHA512

          2b58d79cfc4e424557703a9f40516810c04a38388d63e42e64fd19d18e37ef9ee8061f26764a8602e531d50f1abafdc101194895b8e8da3c01451437d600108d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bcdbea903ed0781406a8ffbb4c5104bb

          SHA1

          161ffa38660dac12405716feb2a42a88b466b3d8

          SHA256

          c6f84135d45136225bcdfd4bf1f92d7567bb685d523462823df278b0c34ac4e4

          SHA512

          eafb7ac889bedb5891caf7ab692827060935f1e873bcca78b33387e8b100b07d5d403ad4bbe36d86d584ba587c7e63765934c5df6b7556d41b7ab3fcf8caeea8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b248e59fd7bae5e1a79e8ffe54a299c8

          SHA1

          219b6ceeef12e11552128994d304a6cdda4378ad

          SHA256

          805bfc29bc5978e99a04f589573ee47f5a0182566d4de136c4b1d39166a19226

          SHA512

          b796ce8cd83a7d6af1c838a67916735e5431759321908fcc523108f568edefec3aaa63c7131082184388d350f6c615c513182d81540d300bbaab3c9239812662

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          16e073b34cf7b796cdc4765edc2efec2

          SHA1

          6fc2e1b3fd0f585a92d1d75026efa8c7ccb872e7

          SHA256

          bee90e5a00997514b6d7354b67995293fc7b239093445aec293756ecdf8fb545

          SHA512

          c418c8ea4b59d43a7d7c4dc83885ac0f0af372d8f69f8c3968531e6ba65a940877cd11bd36b67c66f80e513d980820eddd0d793bc84b71d3054acafe622bdd15

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7eb00986189227b28d2ec505153a0e59

          SHA1

          2184cbc5a040a07ac8f21b6c41cd3b3b4b6dcaad

          SHA256

          24fbde7bc5c58f1f9539b82c2ba47cd0907d11f7f4de4f06f8c7969cdf19e9d9

          SHA512

          3f8cd053ad5c26b32e392601ae2dcf84ef00e93392ac3d81b5124f5ff1099e1964359fa2f7510c75a0dc9d028b83efe3b6041d39acbbbf408ad1c888a836488e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          10675dbe5ba0df6deb7a49d8589a2072

          SHA1

          adef8c9089bfa0c421d85eb99d3ecbe1b8e72add

          SHA256

          f6e9c0e64caace3468411bef8f76a3a62827a7fe65c503827b23c01473e1da74

          SHA512

          c1e38036f91be117c569605ea1efe01a042847f899d986e68887d019b91f5d52235a779caeefdf0eeffce553c225e6832e43ed354e208d025b9a05f9a8221165

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          28781305f1a5fec5743003a0662ef0d3

          SHA1

          67312e28f04a1384122f1a007c60f474cb164e26

          SHA256

          ea9397e60d9dd255a35af7ec1199777566d3b80b473bba85d182fce5f7a00736

          SHA512

          e7bfea5cd2b30d0508eb6919ff5cda51b5a6dc09942017ddcb13a7092653d9ee0932d5804b7b95f316eb089ea4d2a3cd905d8150cfed2b4c88bb45f6fcaf4071

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e371568a0d12a71e02f88de7d6490f46

          SHA1

          a1c820997b511ac51c1b24f0c36d432d1eebdeaa

          SHA256

          5f3b1ee0e29341bddd503739ce07a8b3255ee86e8d29364682516a2588482453

          SHA512

          47c5f0e30db633bba9fcc9edd04531bed22fb89774aa2dc0a2643cf77a4b27a14fac85f23eef8be962127d0db79500f13dff57b2f1bce61a81f111b10d43a343

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3465b1fb2f4ed7f9633de195006ead59

          SHA1

          2c3363c5bf1427a803792b199ba7c8271dfe390e

          SHA256

          9d525c563ab23ea5c33d77acd1f31232d79a55f8fea3f166c717cfee434c5d3e

          SHA512

          79f15458e0b358a51e04c852e91386dbeccc0cca5b9929dc70f1cf9e7154656fce72826fe8516d608e4aa1f6cc826fbb211183b11f50709b97f9fdfd4d1909fd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1f4f05199aa267d0e8c3fae3e661cea0

          SHA1

          2579ce26a4f06ebc56519ca1580da9067defe19d

          SHA256

          099ca286101d2a4e0ada51a499b29c6acb8f370a8611907fe025242e55ec7c9d

          SHA512

          cbf3fead31f48a4ac5821a20c0750e5ad23a1b7f65e70d71888710831a6c24cf99548a37eeab27f6d16604ca5c477396085af8d3957ef47562cda1b097f3440d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e5b9ddd57a0d96955d6d593ceeecc21f

          SHA1

          d75118aa4593eab6793bdddc1dbd9c5c778f4b1a

          SHA256

          39bb1c48e5990f19682e3ba4f4cba71acd4b5c3e3e4a5e3e00860d0f414fb1d3

          SHA512

          d0c7db7a15474bb5d3a7a244478d200013534c6e98002562b92c74f9651c58307122465aca0de54756f419a1b1e8d0fafa621bf3e755f82f6def0ca87d2d8b3f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          47c67f9cf2a47326b8a4b726eb8b8f7f

          SHA1

          e9c9c213a849b331c7b5eb92fc30662ccecf6a3c

          SHA256

          275035df88deda6161c1815f840139ecb9c7f43ef74238abbdad8df4c1a88c1c

          SHA512

          17b18ea5521f8422b4fd34af229179a4ca984b8d89f1e70160b3419733e9a5eaa2b676a87d3a182bbe64f2759a452be193dd79b71d7cc3438811adbdab413167

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabB020.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarB090.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/1860-460-0x00000000003A0000-0x00000000003E2000-memory.dmp

          Filesize

          264KB

          Download

        • memory/1860-23-0x00000000003A0000-0x00000000003E2000-memory.dmp

          Filesize

          264KB

          Download

        • memory/1860-25-0x00000000003A0000-0x00000000003E2000-memory.dmp

          Filesize

          264KB

          Download

        • memory/1928-189-0x00000000001C0000-0x0000000000202000-memory.dmp

          Filesize

          264KB

          Download

        • memory/1928-10-0x0000000000100000-0x0000000000101000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1928-13-0x00000000001C0000-0x0000000000202000-memory.dmp

          Filesize

          264KB

          Download

        • memory/1928-24-0x0000000000390000-0x0000000000392000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1928-12-0x00000000001C0000-0x0000000000202000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2532-2-0x00000000001A0000-0x00000000001E2000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2532-4-0x00000000001B0000-0x00000000001F2000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2532-3-0x0000000000200000-0x0000000000214000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2532-1-0x00000000001A0000-0x00000000001E2000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2532-0-0x00000000001A0000-0x00000000001E2000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2532-5-0x00000000001B0000-0x00000000001F2000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2804-9-0x0000000003B10000-0x0000000003B20000-memory.dmp

          Filesize

          64KB

          Download