Overview

overview

8

Static

static

7

52dc726126...18.dll

windows7-x64

8

52dc726126...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-10-2024 17:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    52dc7261269162e836ac449903828b54_JaffaCakes118.dll

  • Size

    182KB

  • MD5

    52dc7261269162e836ac449903828b54

  • SHA1

    c042708bfbf90da16df2324cce447ea8d84614f7

  • SHA256

    fa4737f3652a3dc794c8a083f3243e7f992539f4883c94f06bb31631dfec9361

  • SHA512

    6fd7465ffdbb5aa31ad5c4e307a60e3b85f2b6fc5ec21fed357b231c1172777b401443236631f110294661e4d87aba8c34793fa9f4f6097624dcceeff358cf18

  • SSDEEP

    3072:em4o6OdmfRDFju/ekwRe8e7lfle0cZ1kRe4VYHGVxyhoutj1:emxJdc1t4ekme29Z+V6exCoS

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\52dc7261269162e836ac449903828b54_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\52dc7261269162e836ac449903828b54_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1584
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2368
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2652
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2108
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce039cc3e201c52a27915c3a3b6a8a2e

    SHA1

    cfc5ff9b469c5729bd45c9c6d447c0f0f3e2fef6

    SHA256

    5ad236290695f295802b1939b60dbef2585cd4597a92d91ee409fb11553b5fb2

    SHA512

    19c1472269364203e5410fabbf001ee66ee365e080efc5b5bacde9833609e8df273ac956174b59eee3b149b3118488145ec19a5a08827a891ff0ba53d801fb19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e75a51370e80e4d739340496867964e

    SHA1

    a086bb4977df24efe4afb12addd5c6d492eb54c3

    SHA256

    9b21ca50a4ae462c0793cd67011d71fc880337797105d020b023224cde11a837

    SHA512

    7d77af26bbc120a57cae6d38f613dcd93be52f67ab01151bf9886c40b8b6a5b73912a23f8d51f948bb29ab70a5931e879faccdd25166f34749f1a97e44301851

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65c864d12e8ba18be149e8bf01d8681a

    SHA1

    d6ace9350253230e002441b820905e1b1f7758e6

    SHA256

    bffbab14b86b24e16a4b239e2cd5f0e6b459da993ac930c28fce99e2a1de4346

    SHA512

    17dd8146cabfb206eea08cff9d34c48fe2483b652960042fe5d49db64bb35ddd79eb346fe1695c22ce287abe4c9953fffb18b7132b8a6fe5797f98009afe02e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccb9506c2965e3640abaf60c6ab8ba65

    SHA1

    7cb51554c553c7a71656a7dc820dc6965fd0bf65

    SHA256

    c8edf98c545e86e81cd2317e8c2a0dc74bdb36173da680abc27c2640c2c36070

    SHA512

    3797e566ca53bea7a93dffdc5b19e2e7e27f6b8af8b3b114b4335ab7b73219ffec60ffc72ab8731c438f841db31be486b934a524245b463620988f02dd2467eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fc008daab9b50e5dfe9f22451c48f6f

    SHA1

    0e16592a9d9f87e5b8b6cdc6eb52ddf161848bb8

    SHA256

    3d4790b33cb46e7a22f5e65fafc46627e65c89f77c3d0197e1dbf9864d2be261

    SHA512

    66ecac18ad8454411bac91f55771fcf4f521caa4e19ed662bd95f14436e68cdfe391a0a48e83a3a18a8417df23591b88357cfe76723221e4149daf5866494dd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fff4f854bdf46ab26298cb0e1cb2ad98

    SHA1

    3a03cfd9037bb067dc61e4cf60c90cc1e3d27de9

    SHA256

    37b06aa40d605b0741f3ff473886c415f00d38ac464eefa52eb80535378a7a10

    SHA512

    be3777d120c3ca91899a937d81591a1560fbe64943b3f26736779aab44e0c0fd6d4259b72b7734d78a655d79deda10e49863a7215e38a16a55ed35996c55c0c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98bce033383f906a3af78b0fc5ffeaed

    SHA1

    d7d2326c4bc03a4d5de2972cb249cc26c0be9e46

    SHA256

    747f7880e1834c6160c88b38875ea39d82fda28c5df9965fc0e140e06e7bb02b

    SHA512

    519b7462086738657296e02579ceaa86cc0aead6c0bfd3b100d615b795c72c58524b22fa1fd5d429dc58ac9498d290ad72c7113e0ea6d1a53bc6a4cd65976ac0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c53cb6a1bd2c2431cd802313fb1148d2

    SHA1

    158be54f68badd82434e82089f1fadd7bbbbd2f8

    SHA256

    acf122c998aa2c9d89257d63982456fc8e7f382fe5e28b3a5cc12c35a27e8a05

    SHA512

    bd49f2fb66be2e82acec4908cc26deb021a0a62041ff25995cd15dba0298fd8844d386531b45bf75efde8673b8b6aafb714f5d2d60a1d760a20b75e67dec6a95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d602ed40dde40434f3392ed0213ab464

    SHA1

    b759f29f6bb9806902d00dd43d3a20be0500f665

    SHA256

    2b658d9759b3c2eab413f1c692fec058276cf0d69696be9c1935579eb2e862b9

    SHA512

    c29538590db2dcd1760a8a6e73384f2a3b0f81912084cccb3c5238e600c62deb68cf5d056b1417903a6c36bd206ac18ebaaec87e0328c34f559e6b8fcefd093d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1621645d11f3a74a46901b5ca091426e

    SHA1

    2ddc2e1272cdedace61410b4adba415ee89217a6

    SHA256

    835136ef8e4bea1ebcb96a1aed4fee5a9a01c290d6988f3bd1e4d7216a3b1c03

    SHA512

    af8a5c150123521990e053f6d58356f921531fb82ca19abe2fdd31a7e92e59600b17d179ac499a513a16d70cce523d3a4fd110ffefb9b53e7a2e1e6719e3b86b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a34e30c5131b51db1ec0a3d9d96a9aed

    SHA1

    47b4f3440371a1d261e186f92c2da8c4000a621e

    SHA256

    09bccb3908499ad73e3cc63cf6728abee9c3a8eb99701d5b7a29964de20a08d3

    SHA512

    fe3115f361548f8b92875ca35dabefaf45b947a0aeb13122f0adf8f69ae826824e50b100f3019fb87e4818471f1575456ad56a85d091d92b050853df269e6f3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8aa021f781652aa759b810c37ff7c5af

    SHA1

    40f85d8393fcef7a49622763a02f449d5b6479f2

    SHA256

    ba4a47b88e77e67b9130b994dc8b7082909ebef02cb999beea3350da5d6510e7

    SHA512

    d19e068753da35b8d66a7ed6cf9bb15b1157aeab1f8978ad6ce042bdb203b0d87568a9fb74018fc7f5cb61412d36358c585e72ed9b7f2d1b795d8297127fb1a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85bb0febc7ea77ea5241ad56eabffdb1

    SHA1

    239e6609533e615022f9717b42b23eec5310195a

    SHA256

    c50479a2508723d6250fbf9e946b1e5caf0d774cca7dcb25eb7f1405f99b2d57

    SHA512

    430e192bae949df21028e7aa7586b15fc2f97ba71a04e5fcdb4f65a5eb8d747a9a6a9676a5e1b7de6513b646f395f970bcc02b9174808d8f14474b1aef8f09ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    949bde115cef8794fcd06e8d724ed8c8

    SHA1

    c9ac133c321a3e36986326b499ccb5fb23d1e8e4

    SHA256

    6dcebf4efb70056580eb66273bcc02a9cedfcc75a5ec446820d5b9a12d77ec41

    SHA512

    144fa5f0245dc5b32844b6b864bfecf41858be5526a12ba4363a8e4a025eb8af1c26192a23d6027c49dba9e07f280242e7fda227bc64277157e2dfc0ce93111e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f3f2654aeede14ffd69ccaa39a66793

    SHA1

    e3e7416ddc49cad4e38b081abc5f4a00dc1e0a00

    SHA256

    bea01395593b4102f6bf5bebc8d364bfd6889c7f82ac23a9b1a755b6fbcefc5b

    SHA512

    9f7f88aea142fa7afc5bbbac06443a7e031617bb1db19517c7621abe1d1ea8b59b27046aefefc991629ebd815bf46a260da2893677a7599c062f7fd66afd64e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db4586b6220648cd13960747950dfaa1

    SHA1

    ef7bf72a29da9a4b0a5ab0e776f61359f3db916c

    SHA256

    aa719b7545ae2633b41f2d4a0d68ee570c50f41469adab17d55e80075c5c8aad

    SHA512

    368624af51aa6cd0f2d749b0c5e5eee3d162fe48d81f541eecda49f4d48bb3352ca42839a1f061f493533c357cdf2291cf13bf7bd98b180c452457cf4a083f84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3725b6ac03cd86c13fac6efa61c548f

    SHA1

    082ca54249ce24e4ea336beb1d3757965a9edc30

    SHA256

    d339e879759d5bf697e697b96dfb33a439d498395b52f1e2aacfff2b5bbd2d55

    SHA512

    b87784f3514cadcec3055f0701612816f780af9b58a1d80d8b2946de2432bb0e9a2a8c45202eec509dfcf32e499ef4bb9f6bd955b7ee808d9475fec3c49e7430

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5dadf56698360f6742d6fb7650d0f538

    SHA1

    d70be8c4154a960b2b46fdc90323e3dbc7f53b5b

    SHA256

    fdcc55e8cc3cabe3bd1ed822b50498949c549b278b8e891352f752214566e543

    SHA512

    5fee750ce0fd8a43e3ef07ad7f0ac750492452889ba49ccd22faccb9b2ec8a064518ed7880a8d1152f9520dbbcd7fbe5b5e4b567975adf02fcc488cad31513b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab68B3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6965.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1692-4-0x0000000003B00000-0x0000000003B10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2368-13-0x0000000001D80000-0x0000000001DD3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2368-10-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2368-7-0x0000000001D80000-0x0000000001DD3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2368-6-0x0000000001D80000-0x0000000001DD3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2368-5-0x0000000000110000-0x0000000000111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2436-0-0x0000000001D50000-0x0000000001DA3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2436-12-0x0000000001D50000-0x0000000001DA3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2436-1-0x00000000001C0000-0x00000000001D4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2436-2-0x0000000001D50000-0x0000000001DA3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2652-14-0x0000000000150000-0x00000000001A3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2652-9-0x0000000000150000-0x00000000001A3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2652-11-0x0000000000150000-0x00000000001A3000-memory.dmp

    Filesize

    332KB

    Download