Analysis
-
max time kernel
8s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
30-11-2024 05:14
General
-
Target
b4f079ba072df597deab79e4968dcd25_JaffaCakes118.dll
-
Size
255KB
-
MD5
b4f079ba072df597deab79e4968dcd25
-
SHA1
00005cd57b77e3daca98b2f825bfb953ac18514c
-
SHA256
5d73652e3a8c7f1fd919120301dca7f373bf1aa8e2fbaa650df5658e37ef4649
-
SHA512
b4c81ca991be02443d985fad4ab58aa26a4ff5da09bbb9df630e200fecf3d91a8ff688e9f4e3e11cf127245a654b54a5fedb39d70eaf2dd7bee85c9b20453f64
-
SSDEEP
3072:mUUWCjkOfOoRPQO97F/eUq+TrVFPKG+cyTA1ejfLsOA+5LDRnOX0Sn8L:mrjnHP19ZWUqYiNTAQzk63tOx8
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Program crash 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs
-
Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 5 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 13 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b4f079ba072df597deab79e4968dcd25_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b4f079ba072df597deab79e4968dcd25_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://195.189.227.126/4⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:17410 /prefetch:25⤵
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:17416 /prefetch:25⤵
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 14433044⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 14432644⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://195.189.227.126/4⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 14433004⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 14432884⤵
- Program crash
-
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4628 -ip 46281⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1936 -ip 19361⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4628 -ip 46281⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1936 -ip 19361⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD5549aeb864011f0c57644853ec90cbab9
SHA1fd63ad25ed0824b3aa6c9bce49f55d85d0a88e3e
SHA2568c2c91480d44c8881a3cde343916de69bcddf67dff17588e9640c4d7b01437ea
SHA5126d6cacc4c938ff1cc53d4504fc8faa8ca2c4ddab8c0edfddfaee6039a12b9f845dca85b0ef06cad8b6a2a7f02c0b6cb47cf6ea0dda333ae21bb59d222247be7e
-
Filesize
404B
MD5eec9073fe0a8066fe6eaaad092f475f5
SHA10f7ee37304893212e7dc5ec43dc98f9b3a4e99f6
SHA2564f69b6ba22b86fdacc187b1ea7a8f45fedb8da63b535ac29a3f0014a23aae43c
SHA512c54695c3f5c09d0b7956133054eb2598a8dba47082544f120341a714a6890daa48107870e7f2cf3cc11711c32f78354c23b296b40b465e35f1d3fe1bc4353bd9
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
276KB
-
Filesize
196KB
-
Filesize
276KB
-
Filesize
196KB
-
Filesize
196KB