Overview

overview

8

Static

static

1

b4f079ba07...18.dll

windows7-x64

8

b4f079ba07...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    7s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 05:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4f079ba072df597deab79e4968dcd25_JaffaCakes118.dll

  • Size

    255KB

  • MD5

    b4f079ba072df597deab79e4968dcd25

  • SHA1

    00005cd57b77e3daca98b2f825bfb953ac18514c

  • SHA256

    5d73652e3a8c7f1fd919120301dca7f373bf1aa8e2fbaa650df5658e37ef4649

  • SHA512

    b4c81ca991be02443d985fad4ab58aa26a4ff5da09bbb9df630e200fecf3d91a8ff688e9f4e3e11cf127245a654b54a5fedb39d70eaf2dd7bee85c9b20453f64

  • SSDEEP

    3072:mUUWCjkOfOoRPQO97F/eUq+TrVFPKG+cyTA1ejfLsOA+5LDRnOX0Sn8L:mrjnHP19ZWUqYiNTAQzk63tOx8

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 10 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4f079ba072df597deab79e4968dcd25_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4f079ba072df597deab79e4968dcd25_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2524
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2408
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2756
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
        PID:604
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2808

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a319d28e82493585d9e6072e374fad2

      SHA1

      b82454b0cb0aa683d913f6aad810a58041a79c48

      SHA256

      3738f160d0e6c60d94da90bf3fd8057297a93f045aff041fe173433441be0834

      SHA512

      5fd1219a9f7849ac01b977a628c4a39d7d702fb692b7fc07129bb23105303f7b2b44935246bd72eaecc771bafbb52944222de755deb16bca0997895525ceac23

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8914e3879e058b9491a492c74cee5326

      SHA1

      559fb01779fb45be83e3251168f93d139615bbd2

      SHA256

      76976e5877bf729492a8518a06aa5d84a36e2f5e89de05a59712f5b0189518ba

      SHA512

      a47d430eb1a1bf2abdf1a3ca74ac8a8d7e9d025bbfbde90fe15c1d1fd3eee3bdb0d32c7cf09da64eba3056ff66eeada98789f167ba020a19a420dbc49c170e64

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      24ae1f98061930e33b6a031d0c77c428

      SHA1

      4c6a30d40402ad35e0a886eb522162f5d5f1f890

      SHA256

      4fe7110dd50179fd5c72f75edbbe49ee139b1f7b871fb92fc2d034e14335c6f2

      SHA512

      7d603320b4914c7dc4fcd4e536d477aa0198b45a87ee68844686b3eb2e8698496d61d90b3f8643070ac6e2ba442b14971319a27c90a5db0f08cc0c2bba61033f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a52af4be2a9391b36ec82e9060ee0673

      SHA1

      d756ef67e01e0780be7335d060b8819d70a1c1a1

      SHA256

      8d010131a22f8ae5ef5ff96df9d859165116c4341ebd6a7bf3a6ad79f7ee7019

      SHA512

      b4319a52c7955df752411193e82052020947c94a1c8d822c5e425745cef4defa081560012e34c013f2f61ea7931bd046bf15036b6857bf9984ee9f980d3081fe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2489f371e012b226c789cec50bf70f31

      SHA1

      cc25e5e186ce0c44282fc33bd02df60b1ad25b96

      SHA256

      f8b72901dd2d67e7a2c4a1e9bf58971918426976330e9f306489fead87577d99

      SHA512

      4d324df214fbd6ca432ecbae36393f01193243e35f98acfd18d76f514d322172b2650808e428f3f516c031328724ee7a40736e8a08cb260545c7b66919999afe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e977da0eadfa76fc0fa13f9dc8f70827

      SHA1

      de20758168998c3a7ddecf22112f3f810c624d3e

      SHA256

      116b0be30325b746a5b642b9bc0e06d09bb7b4b9e6506e39db2435f73a28565b

      SHA512

      d7000d5c48e5deedf7cd1053d3ae234941b578c244e1156bf336804aa8c561c2e2df30f2eb96e69d25011845447dcb3166f1b82b64f3310e4c6a819cbe80a1aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      df4631b8e915ce28f3d8b8d5972e7ded

      SHA1

      9e2c55fe84f82b5547f81825f7458ed5a1234fcd

      SHA256

      8b7338760b8bea1a16e9af9fbd3c116b69efa3f4de8ce74acfe0eedcee345fbd

      SHA512

      94694a3d73872fb2c6906e1537b48a4a354f843d696188d9769c4860d4ee81d8a825eddd4880ba2f584b35ef47f030d84637d0366c4ac8220d41468a235419f9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2db4690f81aff5652417d920334f7650

      SHA1

      857b09d3726369a813239382fe7dacb623e019ba

      SHA256

      ae49f826f90d86c5a4e53e778c5915cea02c113bf7fd4fa348f7fe5fc1f026b2

      SHA512

      98552086487d442fea2f0fa1dd6ab824276c33ec3f22015020f1d264f3058cb1a133466337ffe7163c21728fdff6b7c412bd4fbff6519caaad1789475ef1d035

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d47a1ac62faf940d73260c39271d365f

      SHA1

      ad566ae608c8540e238aac2f0477966abb764f53

      SHA256

      861a8c353490e44b830cd9c57ebce926a8dfe9735b505ed8cc45e832c55ffab2

      SHA512

      15ad07110d2801a36a0a52b068f2f08a4a606a049f7cecbfc96722dc11b8ca648a0361869b2e0193b2358d912febb5271bc8936989c3e1aeaf188625b1db3f06

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      383d757d79849db3b40a601ff0655ef5

      SHA1

      e86dc32fc3bf459d4d957c167417e4e12b070474

      SHA256

      cdb346c1af37ee18770d3f9c1a3698340ed323883eaff01cf113938890d31b97

      SHA512

      0c2b1bfaa9e28a676904da8fdd6364db450e1cfee0753177b3f727e5d1e00848b672168eef7a5a1ccc4850c02094349703ffd3f179dbf2c0b5c52127348c3daf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      373091d59a72e85bfcacb3edc5c903a6

      SHA1

      246aedf7fc321584fa48b32a07a7c36967c7d24c

      SHA256

      6353399a8ef3849e426c5a40cabc6ce2a7e5482bc588b18600dd5a365360d8c4

      SHA512

      f6e7d5864703c13ea1970a5ef416865e5f000a84e3ba33370dbbadf48f63db0060991c7c0d5f2c54a2f816396f20bd05ac937a641af0adb90bbe99292d9014f0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a15e2d8df5c324f880e169cdf3f58346

      SHA1

      d9c1d89ec4b1aaf33a759f838672efa187d4fc98

      SHA256

      1ebfe9dfb80d03ca56895d698f8be64fc0673d8bf1d818e88c004a3882ee8817

      SHA512

      2a42f631a0bdfb78b4b2d22b7bc1716fe50002d711176128f1d735700d7d48c8b716764590e0cb1a7d95a416feb90b4c6c14d92c3f2494066d30730be6364d60

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d060530543eb9513574caf4720bc9daf

      SHA1

      6a6242cb6fdecb26b8a60ae993e4b8ebf35422a9

      SHA256

      6bc4a204c6143d66ededdde0ca087f2e61cc444743692b2d17adf76fc406d37c

      SHA512

      b8a76fb8c810c91fef119df25f05ec430d59bbc4e497f9b7796b615e000ac3b62d79c9bcb41cf39d65f8bf0bdd134884cc5d7afeffefd23643545c929f4efac5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      70a2714e083bdf67348632837c8d81fd

      SHA1

      90afeaf87ccb835a6e663980a02be3068dfc4a5f

      SHA256

      b8d22598e2735e340a313c5305253edc36af5d048265d688ddc673cf254e1192

      SHA512

      029f9f65f571ffff7e781b2dab94a07b46c8d8f51d39dd5ac4ffe14fbc2fb3c52972762ad933c3d44693568e68590c4ec77b2be35a62173f6424c17795e36c1c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      104085c25a8e21f74bf7fa2c369cfd11

      SHA1

      21749424452872c41fe3fbd15c4e04693ca67a60

      SHA256

      6852cd12fccdccd1631b4aeb3bc6f1a7270d0bd988a5e7b197620f29849e4d76

      SHA512

      4b87f246b7862dbaf8312530140206f797ec85fbce7153020986a6f9801e82792f34aa48a26ada7fb2af8eccaf8733534ea1103204b255224fd08e469c1e8161

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      beffa1b0ea327b088f78c8183c6c760a

      SHA1

      aadb0c22afa24ed4d747a5ceb1d7ee3365b0f1b5

      SHA256

      22adbdefeaee038e79715b5d2502413dc19ea8b9965af3cc81785d225db08252

      SHA512

      4d3d8b87daa7f77b492a0599a480472c9f22cdc19e9e6f140b16510b9851d19619568e71f32735d25abd9159d57609f1e36e86328909a090e9f4acb8356fc662

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0d93a7538a60ea12c2fe5c6546d465b7

      SHA1

      c9150486de26b884e0585bb23a02e757f7e67b33

      SHA256

      54854c134e1cd862179f7e26ccec002ddab76004105b11ad3fb3067c9d699b3d

      SHA512

      29e9fedf1be43a61edb056cf1c17b997d749ab8f89b9a441a69ab6b67e03c3e0a91fbcbe644490d584527aae954c40e71eab52be1b8aee03cf59a889b0c2dd62

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2fd43a550667927023c99333b9393a5b

      SHA1

      42e28d24ae68fee1d84c712b0560781f031bf25a

      SHA256

      eb8b168b353c2d193fc3832fe4678bbb6a78a38a7587dfaa992f786d869d0bd8

      SHA512

      e05d34320b5919b2da7933b6bb3316b4692cb38e39682f667791aae2a32167d5facd8f6bb09acdf5f5384911fc1fec5b3bae47409da8c631d9b6edce843b8de8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      88d245a5f7cf0e20a315495146b91639

      SHA1

      155821f1b139e38d2d59a90699576c683500c4c5

      SHA256

      0fb62cf2cceb499a9768fd40add35784334b5410a2488b3e05b1f711ba8ebc15

      SHA512

      340fd34b5da33333c1e2c8156a04d02debfdbf63f0b0887b3f257f8688feb156fec984dc467b0c0834097408b9bd84ce2f6992ac16d46cc7b00677af8a018f76

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA8FF.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA96F.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2060-11-0x0000000003B10000-0x0000000003B20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2408-13-0x0000000002F10000-0x0000000002F41000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2408-12-0x00000000001C0000-0x00000000001C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2408-17-0x0000000002F10000-0x0000000002F41000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2408-16-0x0000000000300000-0x0000000000302000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2408-14-0x0000000002F10000-0x0000000002F41000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2408-18-0x0000000002F10000-0x0000000002F41000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2540-19-0x00000000007D0000-0x0000000000801000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2540-2-0x00000000007D0000-0x0000000000801000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2540-5-0x00000000007D0000-0x0000000000801000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2540-7-0x00000000007D0000-0x0000000000801000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2540-9-0x00000000007D0000-0x0000000000801000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2540-3-0x00000000007D0000-0x0000000000801000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2540-0-0x00000000001F0000-0x0000000000221000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2540-1-0x00000000002D0000-0x0000000000315000-memory.dmp

      Filesize

      276KB

      Download