Overview

overview

8

Static

static

1

549108522b...18.dll

windows7-x64

8

549108522b...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    549108522b64d96e48b21bcb01a98e67_JaffaCakes118.dll

  • Size

    242KB

  • MD5

    549108522b64d96e48b21bcb01a98e67

  • SHA1

    f4c369c6607cd07f7becc8087115e6d62c68ee78

  • SHA256

    505c8eb16c8eeddd9d59e9ec2c9c6423b0205cbccb786957527b80f1526c0e06

  • SHA512

    053f5b49d3c5b8e5a9b1e9daf87a3e6fd891c3f64f2a147d655f037c3e5520b3a90843ad4e48e6a1526087d74bd7d6627d6fa623f34bc3f08a6b44a39f6bcaa3

  • SSDEEP

    3072:ofkT2TeBXY1Au9EMS4dH5Yx0b/pZRM73kE/cxAdby09YvKd4xbn5pAhMArcu4LVW:SyM2KH5007BMAi1ZYvm4ZaQAp/BP

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\549108522b64d96e48b21bcb01a98e67_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\549108522b64d96e48b21bcb01a98e67_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2504
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2684
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2920
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2656
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2464
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:3004
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e820ff0324071e08a1a2102dbc75796

    SHA1

    61e648a167fdc1eb24fc42e8239e3f7648a93265

    SHA256

    566875266e7b94ff94742853776ecbfcc6985e870e216292bbfcc8aa29ac2226

    SHA512

    825e76170446f48a1f2bd507ed2f33fbadafa6a5dd5a72f17bf34731a32088c1f99809e3c88bfdfbaa28a1efeab543df6b1d71a2be05edb6020c944c9c12c4a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2e4645b176879c7017f0ab30e5d2d22

    SHA1

    41398bd345e5eb32e253b37f1c83d750dea0da9d

    SHA256

    32f1ccad91e284d4da8185abdf295e2a0b64dabf5c948ec6d5363d7f69ea5cad

    SHA512

    3f171c31be60718505c0faa919f75a33c44d064ae66570142869f2a4ff5d9273af4727f6f61d09f277b41dc4c880fcd434035780081b7bf1ccbae39f8fa46dbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5696613429e589e0e101aa2919b4adf

    SHA1

    fea79d32ebfc73305e6c9a8997f1a5556d9e1183

    SHA256

    6229f53b60f7719b8cb05e6ff663c624381f6ea9365fb83fd9e2924147027640

    SHA512

    28093dcab9242cf0d6221fccb60526f7f34003fd730552e48dcd2b75308afe1bc8006e83164c504947d68cc5184d29f845a7e0129297ff4234306b77672be160

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75462390bfbaba3c152090e893751696

    SHA1

    cbd346237d3fd0021bbdb9cf38a296c1823e2d0b

    SHA256

    688980903277d021207f064456964f7211efdf766e759add8e4ef782a41b395d

    SHA512

    c2aede2f693c7b0812e447c37a0a4ab0cc9d6fa62ea680bbd1376e9a270240afe764a3babfc300f048749e633a042c61f7feeeb2c38d3b5e9fb8593115c9eabc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6418cd070bf70b859188a9a90bdc8fda

    SHA1

    fdc09134804544134fce5b7a44798cac430f8157

    SHA256

    b4f8238b8bd8a046cc90b04a5834db6450159291b27f60e1220d1494bec38f63

    SHA512

    c170a0e290c5fcea33c677bd85c5b76a4b2b65f68f5762ee2ec0849987ad02f0901e5f304f478841d9a6248785537b156ce3b70d60f5b409bf4193decad9cc83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0fe4dcefbfa556b7ca7f20e7ed821f1

    SHA1

    dc37a396402d93dadfb4afa6576d7d449596b5d9

    SHA256

    69fcd8fd62a6165406ad761972ef506fef70ee0b93dd19446bdcbc668ecbdeae

    SHA512

    92585955748eaf6ffad7cb9adf2a576d0c648f90ed2a98d2d284222cee58e99b5759701e54211ccb2bd79da66f5355aceaf1b71f972f5ba1e15bb72199959f4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be4323d8de60feb84ff20d51d17e460a

    SHA1

    9e047e549b6137e9c277339126a2cecd0529bd50

    SHA256

    c23bb3df2a4fe0cdc3009971fcd96ac5a468573ae8b747d5da1fc4178740b077

    SHA512

    1d64c3ea1027137f57895dfa9517f99461d21fa9fa256615f9421290b5f061988b87b6d72a33986dc2ff1f0273b025c84aafc90f50473a336cd622f3165936ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85c4da9aa25d61ffcc904bdf24dacc06

    SHA1

    2a2b83665835cc5bcd0d09725bdc9aac6d3a0bdb

    SHA256

    fe94d53599edc13123dd3b3e6678f2010052d74c5038264b798ae1886a07f3a1

    SHA512

    e76acfdca19a863f5bca2fc20c2372bb1be7b2e343ee630ffc7f5104dcbc8ce714b2ae20d8c7075492bc1e5dc35ea32917cedc6054f030a30d58ea895f9355a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbbc615c7be4ac2ccb86334298924cf0

    SHA1

    d36770dee2424e3e2310d88090cbafa6bc2267d5

    SHA256

    156b98e08e08387f61700f16ef51dd6d34c852c2990c595cc9d095aa33eca687

    SHA512

    065a328cd2e95cd3bd9bc047c943b532a1ab1afef64386a3325706cd4e2ceffd33948e990091e464ad75fed150694f3501cca4870a7df7cb985a34cd42368226

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8d0f6452fd68d85d150583d21a6efbd

    SHA1

    70391b18b2b04ea979ae7ea54e5d5514d2c54b99

    SHA256

    11d054682d25050bce1b53cedec8e6b316c703b8d10cc1a5205f492fad0a4088

    SHA512

    d6be91c7a076181db5af579960e8c87260370e19d0ac000c1b645020b3147f4ed9a83fb069065e9901ae15f41bb13408306bd33499dcc8d4f003772f19a115ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    001a1fe6c2a7360708a21ff6fba229f2

    SHA1

    ae09555efeecda89af1fabf2f395448c0ceeb640

    SHA256

    5728c9cb8bf8263d3df0c4c9121c8e21963491b049c86532b73e7ff882561607

    SHA512

    95368eb34d40096b6f98a330c3665040351d498731fbba83e6338018d86eea719980ad07f0e4ad0a65fc9005af593b3b1737e1115901a58d5dcc84ac725d7be1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81780820658710b9573321f59f545862

    SHA1

    38cb8b692c0c2c31018097475641ca66b7939623

    SHA256

    2595357a6e3e366ffdb22b775cf80d45b3e781fb95608139916d8fd9ee6ec823

    SHA512

    25609d3352eff62b7127d7e6f7f513be4831402673da458f60a130d39db8a2223f3ff73a97496a20ddf84cec5f5d8b074adccf622d14a9bdae5f714703bb7ef0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7f0f8a879be6d2ad3484ae5f7a499dc

    SHA1

    c5f1f0020a5dd03a990f67fb19069c39e7ab656e

    SHA256

    881b68a1c879b0329962d2e95fa084a30e93f9e3983d8750ce17bcae92e5a389

    SHA512

    8896ecaf06f4dcc7ef88d0c83e2f1f759f27b3b4c09e0dfb715a7fd1b76b25ede0874b6e05d55f0c0551adabc9f31c32b9910e50ecfff5f652f913c7dd36c97e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbb8252fcccf56047796e93c75d50ae2

    SHA1

    becedc776c8a675e03b0951fa944f281a77dec4e

    SHA256

    5bc49b468709d2a0ca9dcd34a88a62f259323360f78622ffc45bc6d392b3c66c

    SHA512

    8f3c8d6faf6285748caf2c676a01430d00f8997a0eb1f11e9574e5a9b4153755447e9fb3e6d78a9a2296ddefe1d9a1ab84bae79454c064c3c1a5751b63c6e787

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0dc258623ea193f48f88f778ff6a4867

    SHA1

    e3c969d05e7407c4f44217b04577a30ecc1f4232

    SHA256

    21c41d8799c371d4a17f81c277fa1b56db6fc5532d55ab45d2878858a6851717

    SHA512

    7e0a2cc8bfbfe2ec0cb06c71120c19c2d92dc5872992e850fec88a1d97888d793c4ed70d745d98ecca7173ca90de86965757a0e78de99270f5df3871957aca72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a691a5db5eca2651c6ffe6f5106435b2

    SHA1

    123d9fcaa380dcc2fc227584e491ca00bd4a6131

    SHA256

    e75302902e7f44f763e575aa478671ce80f74db89e5f53da79b91d5879a8504b

    SHA512

    3f98c7f4bd167753b964de68b5dc7db59c5078b98052250d91741dcb26142089fe0293b60afba90d3716c16841b68a1d0728a5fdfe758726454d4209ee2d396c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbbebd119c36e981c6cd69a8c96f53dd

    SHA1

    0917f3364413277287c923bf4ad27f5901fb4c11

    SHA256

    e451d1eacf93f500345506d046ce1152f90f1955941f89a6be6adea66977b246

    SHA512

    9a18175c8534bd3a840f058b55bf5730663784da7c7711d475941d4057e8de0096882372258cd30282b642cbc48a503c11726740d3d192911e0f9e9bf13af90f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    964fee32ee0ff2d9d8949f64a25993f6

    SHA1

    9e84cb6a5c3581b4056515c7a9bf440f3229bff8

    SHA256

    fa55e69e326039a9c6fd86ec68767f62b1b56a8944c430565e715206713932c1

    SHA512

    620fea2681ca3cef8bf9651e4757fa6c99a9c30f5a33a3d298e182b9eb288ccf4aca21f37aa26a8d6e39017b1580101ce17150e657ffb13bbd148dc43c6c55ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddab39a059baf10aa9919b81f71c22d9

    SHA1

    46e8b8d443291c8b31b76b154c74c43a92d0b033

    SHA256

    61373344d39438f57f5bf91791de5b9378070e0c17149eb8cd696e3fac61bf93

    SHA512

    43a0dd97aa72dda57c9582ac7237ad7d04b12ba70afd1c91cf9181daa68f59a321b1389b6a3605ff572208b513bff467bf8b43ff513e0e83a9917ba5be4dc160

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7496.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar74F7.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2464-11-0x0000000003B00000-0x0000000003B10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2504-0-0x00000000001A0000-0x00000000001D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2504-1-0x0000000000230000-0x000000000026E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2504-19-0x00000000001A0000-0x00000000001D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2504-5-0x0000000000300000-0x0000000000331000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2504-7-0x0000000000300000-0x0000000000331000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2504-9-0x0000000000300000-0x0000000000331000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2504-3-0x0000000000300000-0x0000000000331000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2504-20-0x0000000000300000-0x0000000000331000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2504-2-0x0000000000300000-0x0000000000331000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2920-14-0x00000000022B0000-0x00000000022E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2920-15-0x00000000005A0000-0x00000000005A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2920-17-0x00000000022B0000-0x00000000022E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2920-12-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2920-13-0x00000000022B0000-0x00000000022E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2920-16-0x00000000022B0000-0x00000000022E1000-memory.dmp

    Filesize

    196KB

    Download