Overview

overview

8

Static

static

7

4049002462...18.dll

windows7-x64

8

4049002462...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 14:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4049002462223b726c48925dd81d0f9c_JaffaCakes118.dll

  • Size

    184KB

  • MD5

    4049002462223b726c48925dd81d0f9c

  • SHA1

    99dd43a5918e123ad5303bb085668e2f644d285e

  • SHA256

    cda955d79c6bb6a77b95da1a709ddc3520e13ba362abd9e6049b205df2f20a85

  • SHA512

    baae343ba49d4d0dba1625b2d16c3ba7be7ad91a99720eb98271deba4a9c4a4d36312add610756ed837448de43198fe003bef6ff4d4fcfb871ce3b4350854f15

  • SSDEEP

    3072:rSGyWgdpJsOvzKrUSlOvoSQMY0ewbsmaGg/H0YGYKfiV/iLyVZGeuRMUQI/VPEh:rSljOrUS4vz1eSxLYtKs/iOV7uRMUQIe

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4049002462223b726c48925dd81d0f9c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\4049002462223b726c48925dd81d0f9c_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2244
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2784
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2780
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2924
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2792
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2848

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          711e51aadf4ecb070b3baac14937e0ea

          SHA1

          90c804dd6570538f9e70513aba9f34ad02203257

          SHA256

          b1c4d851168c613b918ae3a17f9883cbcd5909f4cec86ad3d2da6a139bed46f4

          SHA512

          9eb705855beaf334b357fe7e05470263ef5d9dadfd039ba88bebc4d8ce8a1d797f89db5ddcacc343d5a8b4a47d270fa739b0e4dc9df954ff672e82b3064f9660

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fa5e503b88d721d2d4da038f9146abdc

          SHA1

          f514f36ef7d053db69ccc7a522df2112ceaf7041

          SHA256

          85eb25012ded944f1cdb382c2de6b9d7054b6b439ec124bcc1370864ed6522d6

          SHA512

          a847c5d8fd07eee74a52c7319853d076e6151bdfa0b9962e042883df254a71ec5d6a49f3ee82818952475cf3edce1a88ba3157a65d6af531ade5ca7d04b526b3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3ddc1d85692d4d99aa1904c9dc5715ed

          SHA1

          099bcd3af4245ffd27ab11cc51ab9f90ee34ff79

          SHA256

          c38364519dad61301dfac805655500854ca3b58638910ee6ab0b99acde54905c

          SHA512

          5f028bc6e291a1e764f49ffe5e8f74e066da9c3f172b74f346f9139eefa6f9f82d79ce0455b5cba89541079e14335ae918ba1a96d33967632235d0b3f561e6ec

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          03754d9960875e069d8297436bdb2db3

          SHA1

          161c03164b9fcfe9ed0ebaa65e4e92b78443b43d

          SHA256

          ca1503f4f3f38b2ccd1d59d37a5d96151468cecf2307718df443205ee7311ff1

          SHA512

          7715b62423fa609beb725202bea4dcf098cd7bf35a69f732e9751fe98c9c9e3bcd25724923c9c942a6d738bf7a89355aaf7a41f77d07cb00c12be05af2c57ba1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d71732bc369a479354fa522941fc7769

          SHA1

          d705d68c0a4b4f2ca2bbcca9d0270a34a15e06f7

          SHA256

          ba7066dfb59d4c712c338824d5ca917c0adb7bead502deedb93e9d40404486a1

          SHA512

          c742b96026897cd4e2af6f0d99cfd84c265ee250640b5a93aa40eb424adaa6996fbdd81446f2e64d6f1b75c3b5f119d870790b2e888349009da67ce2536761cb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8defe82a6a8a83834ecacfe409b51988

          SHA1

          46792bcd7ce0cd11689cf7f7447d01b0f0a1d5e1

          SHA256

          fcb47064b4ab32bcf8cffef595fc8ef34e3d4b1ee25bf982cdac7d0a632951fc

          SHA512

          cb007dfaa504b73b60cb9f206844d138353c9f07e99473cba77c86229a8657dcb853b92ccde286bb9a8fa9934435f46b1c05df49ab0b1b347e229aedb7e6715c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6021257b6de30e1438a0769bca44536c

          SHA1

          2007fac165a1166dbf8594d069b9ad184f4e9df4

          SHA256

          04479e22fe36f1392de67afe9ace60fb7ac41607505beae14004515fae058051

          SHA512

          10929c9f0b6590920906e58a148a63ad71f1bc59fcb1d4060769ffdac3174309a84cdd899cd58f8f62acee96f229f1ff60ab1b8629db19bc502a65d587fa1661

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          50579f51a7c8c5bdb7262fcfbdff5d8d

          SHA1

          b3ef3617843f54bcb3e77c22e1bf5e68c66348bb

          SHA256

          80f5a682eaf976c31494996063c32414e40078a106f2c4f239d3af048cba2225

          SHA512

          c3539ba26b89c4cf6ccdfc7f91534649c3240da708b0783ed959324b69e8643047274861f663c29a13bacad18d07e3bbb05b09e78d04272b0c99984f3fdb12c5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5b0bce5ce189b3965fb7963b2cf7a447

          SHA1

          fb140056532c26d71c52ba6e3e829b7440cfcc26

          SHA256

          f95b2b1d1f5edc3660d516b7e86b7781a1710755538549c2e01ff75634da3644

          SHA512

          c4ab2f31dbfc431e188aa2cd65bc16fce60d35c539f5f1aa8981a04ba68cb4964c86d6c5b4fc3535cca1c81bc1944440cdcf0c8cd6fa8d1466aff3f28322d667

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4fbde8825dc9fe62a791f530d894212f

          SHA1

          3b8e164053135fffcc64965c940b0f0f4abeb837

          SHA256

          b41beac4c27989add4ac0f22203f5a408ffb499977caa3703d74a8ba822e0259

          SHA512

          241123a9ee40888c43f366b14673a59b64c68566cb7fa0733b219f2b4880d5f2725c7052f24563ec1c790d97d79fc4c5d105cd02e1ee425b6e21bdb9dbc121ac

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1f14287c11e2344f4e7f1e55cf6f5d38

          SHA1

          b24dc66d6c878472ad8999980a2175d439d1dd3f

          SHA256

          a104417341bdb773f3cf613d087abf7894d60cd400254a04e3ff36875fd954d7

          SHA512

          15685ba9f00d2a610f21ed6deda877bf1081b57cd48a4e8a719eb63a834d495b0777d2510691df8bea28767b723fc0961c911c1ed3ec1b524a93c5c523b09120

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4bc7b4be610cf18b9d3eb26e23425c9c

          SHA1

          cbc0b74a3c149b94aec734a6363ff0308ee4e040

          SHA256

          aa5bd9beb0d789c5f8e4575dbc4eb2c7fbedc5a165db8313d053805d040a089d

          SHA512

          27fe6c68c7fc1dcf1262747a7a47ed2c7be178fc10779def6e40c56602b00a4aeac96074993ab59a6791da4c56262f2ed7c1a323af99d38117a4e049a7cc463f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9386a0d12768f1eb97201f888b9e13d3

          SHA1

          72eff6b7d2d4b40e5ed650007ab375530999d5d8

          SHA256

          9328e5dea678e280c3b390c052dc7eee06121ba215b2877cdcbf13a9b038e0fa

          SHA512

          820904921d1d171e6debd236f8a9a319b30e0b5f9698020b41cef2f132336981d1e9ab8c08386fa70c7fc4cb0fdec0c885dfed16a47961b68e98b96e900cb287

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b907a4ee64b05cc0808bc10919daaf1a

          SHA1

          32e93b1586ae88e6b8c23e18b2091d6a704f0acb

          SHA256

          a79faef82ab9aee281bb9253a479fafb8156a2a79ff59fab8e58b263aa4770bd

          SHA512

          0a1fec8cff5e1fc348b4e1b228857c4d7be6de63fa00d65b010c653ffda339f60d6bc29df9a10745005ed38c708b75350f090af9e3f7f99073dc5ffff04f318b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1555be4b6ef67b4994df1da1ad777ad8

          SHA1

          26c0025c8359836e891c1c5d6b81154bc6387cab

          SHA256

          67ba8132d607895d0ff8c6a36c0167c027dc7b5f2be2a3ce233d1ddcc1fecfab

          SHA512

          e50ae2cd52d65771519d0e8c59d719582597bf7f209cd178bbd7cb75ada5bfd1dfde42e017162bb5817345ab146715c52d74529168712925b732544533c13d0a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e0111a2be9454d20b32c4361a6a8d356

          SHA1

          fa34c8e4a32133a1ce2e5127f0cc6069aefc655f

          SHA256

          f09985edd09e7d1da234e6c93d335218063de88303a527c7c83d6bbb52391a85

          SHA512

          40fbaaf0e815725a06f083883eed72aa3cb95bb07ce82c52ab723e80db8eeb25333dc1a0075ba23f9b0923c453634e17bb82323f782cace36f7d36484ae8ec55

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3de140bf813afbc63ec453c16deb0fa8

          SHA1

          e1db4533a50a85215c0f5ae100aa90c1504c778a

          SHA256

          4734b73c7c09ff84d6bf173978abed619e0eaa0116deda847f4c294c8a67ffa1

          SHA512

          0f05cb00dc2318ebfb844b043bd89b5abe1cedf11fa007faa0f4b39b1c68c401d7494b56db7515c6a24ff6be839be73d5d763e0da438d6b18b6538eb58fe3975

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          66bb5df799fd5b9ed3f96052dacf29d3

          SHA1

          eaf28a78b3aac304202cebe0899bd930140c3161

          SHA256

          c56dcafe525e41580870a388f2f5579f55324523dc57d255520c2ee82c870509

          SHA512

          7960333457ddd1be2dc7f40b0c8177949ff9376c3b185af236cc29a9c7e67a4b80031037d00de6e43cd35d4cfed98a8b8d2607dd12006bbd12986135912950b4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5e4947aa018c33e564cce3e96ce45564

          SHA1

          b8a340b019ed3312ed58e0b116a6c0446cd2f7b8

          SHA256

          afd24ca682025d573d5ef9b08642eac7865baba23d668166418d4df39f4a29da

          SHA512

          97dd3325bab50907fd8117d824251d288e5c54ece67810955a43106ab6f69c0b6a3c8681b57967e8e9458b026a376d4eb53c796dfead43823e11e1a32049db21

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dfaf597b57e9dc23688687155b346c2a

          SHA1

          a39715f908ee190f52a07b21f829c9fbd2b0d63b

          SHA256

          318cc7d73331e79824d237b5343663e5eee9b3bdb9c3b7ef5f68a902a063a587

          SHA512

          717b046eca6635de873779f7e6b968bf1e488bf15fe026336e861348ed24da0c0bf469a622395bce3eca55ec552bb8d42dca843181231667d65c7e99ac2f3106

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabB3A7.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarB419.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2244-3-0x0000000000140000-0x0000000000155000-memory.dmp

          Filesize

          84KB

          Download

        • memory/2244-2-0x00000000002C0000-0x0000000000304000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2244-14-0x00000000002C0000-0x0000000000304000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2244-1-0x00000000002C0000-0x0000000000304000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2244-0-0x00000000002C0000-0x0000000000304000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2244-4-0x00000000002C0000-0x0000000000304000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2680-6-0x0000000003D90000-0x0000000003DA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2780-15-0x00000000003C0000-0x0000000000404000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2780-7-0x0000000000200000-0x0000000000201000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2780-8-0x00000000003C0000-0x0000000000404000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2780-9-0x00000000003C0000-0x0000000000404000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2780-10-0x00000000002B0000-0x00000000002B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2924-12-0x0000000000D30000-0x0000000000D74000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2924-13-0x0000000000D30000-0x0000000000D74000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2924-16-0x0000000000D30000-0x0000000000D74000-memory.dmp

          Filesize

          272KB

          Download