Overview

overview

8

Static

static

3

be47b31a70...18.dll

windows7-x64

8

be47b31a70...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2024 16:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be47b31a70b0efca7bbf8d4fbd9a7245_JaffaCakes118.dll

  • Size

    150KB

  • MD5

    be47b31a70b0efca7bbf8d4fbd9a7245

  • SHA1

    1ab8b4c0e11d28d17d6ec42a0b1f8a2aa0285c4c

  • SHA256

    09c5ac29ccd986a5dc0b0ad0b2f5d16e234acfa4620653a9b1b378ad7e75c540

  • SHA512

    bdefb53cbeacfc6a081203444a29165b8cbdc13c350b334e159103f8a94828c043643737ff58340fe7f0ec4c925e66d11a53be417a05af747413a4b453caa30e

  • SSDEEP

    3072:Z0BFpMyls+IDbm77hvlSoTUORW8/BIlPkKj4efFJyG:2fU+Uq7hvP6ycrj4WT

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 20 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\be47b31a70b0efca7bbf8d4fbd9a7245_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\be47b31a70b0efca7bbf8d4fbd9a7245_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3052
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\be47b31a70b0efca7bbf8d4fbd9a7245_JaffaCakes118.dll,SuppS
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1944
        • C:\Windows\SysWOW64\explorer.exe
          explorer.exe
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2824
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2944
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1896
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2952
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bc76317646586f3162959a175499726

    SHA1

    89a5cd0a66953a0d4adb16d94cc82ec851d86d07

    SHA256

    33aacf8fd33ef24680669f68472ebd73d304fc3bb31817935db58f9cb419983f

    SHA512

    d34ebd750e4e21f940f88291c9f44635ae9844acd50e07a7ef8a0e7be6f06dea973c59f888bd0e2873e90e22878f1a95767d5e246111f2f67fb60fa75fb94982

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b6260acebc0485a0e7c9d3974d7b171

    SHA1

    dbd362333556a2ff262bd60ffa684370b9bbb1d6

    SHA256

    d8c3c410369306f1922aebb2b8bafbf6c1d70631a0cff246c3ee802ae8bfc95a

    SHA512

    fa27a9839a1391c98d9696b9bbe982fb1d675a103f45da80b1f2f7ad8a52ae004b5e928b73082652c2654283eadae742e4be25b1b9e7fe2d89742a3481afe371

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16f14587f98c2fc45b92f0b7bb7f0cc7

    SHA1

    0eb88428d8caa1dc6e27e6a181348d442366b70d

    SHA256

    458abbcdb2574461339720f9f5f7237cecb998cd4a9ad292b10719312b1f635d

    SHA512

    d87d3ebbe3c6f9fc7fd4d7340168cfae006191b347973ab260479b5c66736b3080529dbc7aa9477db5fd92622cbbfceaecf723a5d855aeffc8df6b80b6247209

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70d6a98b58b136b29cb47ff00dc2eae9

    SHA1

    0cd9a97e7157ca487f89d558a6877ad3ff68b6a1

    SHA256

    93d8780ea2f9584c93c76f263030b91fba9396555cac1f1379293b07ab7c44b8

    SHA512

    0d25273e5142a7bf4bba6c86ea16238d3419190b05ce6f119ee5d1d3a73121aad5dab4cb08ecad2c96095ec9b71ff95d0216d703ab878c17389c75dcdd066f98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d16402326296d32076342114047cccfb

    SHA1

    0b77f26fcf3792f1e58a2dc88d242ca7ba9fbd66

    SHA256

    fc8b5f0827e5e2e0ffd3b67d8dcffdc05f1ad7575964ca0b20c692f258269899

    SHA512

    6ffca171524b495057014881050422eae45d453048317fb57e3267d6e6e5f993439463235f59d6737214b3495f9bd61b1462828769f34eadd52963a82494e31b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    794308840cea393c121118faa5104c4a

    SHA1

    ad5f8addf0dd07d958e93ac5db22ba8a185386c4

    SHA256

    a3f9541bb35924361417a00cc1953cb33107966fe4f6de0e1c322e2aa33b9ab4

    SHA512

    0683359ee0c5eaae079b9e0ae992d64a67beeb96242366e89e56214f01b3a2d93512897074247c75a5bc07aca971abc95b75330ba0312c74452ccd1d41e5ba75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffcd47fc4ce1ab3ce0b563f16c91ad62

    SHA1

    334af4252eb78fb6117c9f7d8ff732caba375a58

    SHA256

    4cf77d555b4b72c4d96ed262ccf17245e6f5cf4ff6b2ac1268a007f083a3cf85

    SHA512

    395e0007abb19a2d831d41a5827e5f7a3c56e0696ade2daca475a0e008444ed55f0aab392238812df6bedbcb367a3d5ee82df86a6257fe4c652365cce4c29cdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b390d3957afd49e553f2062e93af3a2

    SHA1

    77809f88992fc166881ae62e86b5c32d244eb673

    SHA256

    9dc4b4efcee17e8285693dfbbb2036705bfbf115a0d6394b6006177c670912f9

    SHA512

    5f59a65fb471e5bbdd97fa68b3bd7cb9060ca6d67374321796f5ef852536ad41879e4de8228f26e14fda7396dd094ba4083d7e5b60bf219b553848c0a9721800

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d116cf8d9f30a8bb434d25898933f4b

    SHA1

    5118dc717b12b1bcc90905ec779a7b2fc5513f4a

    SHA256

    e3979e46206474db435932d97e35a9bc940881364995c5cb3f11d839ae4e514d

    SHA512

    00df790697b1681ca5d67fa4b76bd83830eb075bacc6ee47ff1c0e308e446d775b10c7afa9ff415ce3f8f1b20dcde19aeca4a81d513182d4393a8d3c50ce09f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d5a3294d352abdb7068eed11002bdf1

    SHA1

    c3164c99012aa6cd3a32a76cfabc66567db2f8bc

    SHA256

    16f58295f992ad3bb6781e6ce3731990b74e3a60f14059e8dd4c4bb1670d0dfe

    SHA512

    e457722917df9c37dfaa734714389cf2046ac616e649ac3510acc4999d7f769fb96636c2caacebd56bd6efcb5ee061afc385ecd5a758a66dc68c3f725386d2b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f26b78954f8ae26ca3d8bab274ab5d23

    SHA1

    a4a0e4e7cee85b3b7e4e67e8be4d6bd60066a2d7

    SHA256

    1e540db32332f6a44514adf0c1f6f67088c8963683a0300aa818e56ac904f4a9

    SHA512

    cb8bf38325f8713e08dc14891e3366be3e60a5abdd51b2d59a9a6347ce3dae37a4d35b841da863b594f971a9d468ffe5ea6ec785254fdc831178431aa417b3f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f92ea9f71027a7127a0cd3685bcc64e4

    SHA1

    54f2ad099a236445e8c683c36cc8850195c0e9e4

    SHA256

    45847868df9ce692220efd7894df7e43ac1f37b915d774ada62907820f749a99

    SHA512

    6b05e045ef67f0c7b713abc4883ed56a97fd1fe7457a8fa64ec74fbc579f1d6b20272d1fadf78ca7d76cdce1164ee52111d7a32b324d3e7f9c53fb890e7ef64b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b96d10f9befb19264604c53253e6d35b

    SHA1

    18c6a3d32618149bfab670887c1d9895c8b77611

    SHA256

    bbdd427e1bd7210c14744aaa76db3eadbac5d72b2f5ce8d2c46f8920c8fed778

    SHA512

    ee2c23355573a853e68613d54d19810b252fd239cee5c22a99ac0b79a0121ac08466c51f44a11c6fabcdd9ddbbcdbab3c29debdfa5f861c27f5f1ce40ed5f91a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06872ef038b8f924f3164c46568990c2

    SHA1

    80add59aba32f2e7a9b6790a38d6042aa34881b6

    SHA256

    9fc27687ad10675ebf862cff19c64e9ed183343da12e69cd67a2b5c9fe63c4b4

    SHA512

    7659e4bcff5fb765d563ede5e177343a967e24939dbd501c6c25202ede7920ce0e2506a259117c4ac40da3e2fd9cb2f59ebebf2d53e5c8604c95eb46f1de2682

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36402e89c8063380ce65174ffba15bdc

    SHA1

    859033b6ea70a1566a01e4399e2d33e9bd057491

    SHA256

    4baecc747a8d4055b111b58e0d170a23e41f752e18eee96e2f2a9726ed217cb8

    SHA512

    e8b57792abb81ada9dff6eec27caa18ebe7fbcfc865b9b324b192a78323c1d4a9eb7ac7695ade2ba210c854e58bca6f0fbd47b9fd44a880c3efd53b8201f29fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    839e29863f5a8995338856dde87f8df5

    SHA1

    88ab564094c09030d12c342e125c26204a2d194b

    SHA256

    873e8fb66da6175dc2fd31bb903164d8f659703c211c5410015fc9a11d6c66b0

    SHA512

    9616cc22476b395e9a9777f4e4bc53350687a57aef8c847f819560ad2aaceaa5a98802163bc9863f356d8e5699474e7bd4bc88bac2c9c1ca101d83f10a81bb60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ec1a812cffaea099f10287cba550257

    SHA1

    73ff6a0cead676a2d22988b5efb53c04b0349ab2

    SHA256

    738f5a45d2e96c0ef008cc46abdd22a90a1a7c30b420ce0c969d90c42a22838b

    SHA512

    8ad2ce7f3a7e0c8ba24370ed69892d8ce02751302a1a226ec8f70b583e53582023366a0073e059003e892d49a3983d8e513e667d8231290076a65893991d4b4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7debf9f996bd0b07512ec04f770cf799

    SHA1

    9056474933d3915b8b7be1709d9cb744963358f0

    SHA256

    22736a88d94bcfef8820176447ad2b46375ab52e4e723fcfb6cc401be7a086ab

    SHA512

    d2f0ec0f0ed778ff0bd9a32d5d5c52484a591bb77e8a59f072741963895613cadb0f855a0cbe00ebf07148b748ec6cfe513159ed3c6ddca385bb18e36bd7f83e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28d8ebe09e7c81bda9b16ca94226b860

    SHA1

    56b854a9959f376449d11799b2154e580212bc27

    SHA256

    f268776a4bec46af37769c4ab87aa9af975acacd21fef4a4c38f3b7260f96272

    SHA512

    bd1466e4a5384bc375566643624766cfb7b0d15e6acf6b7e07981bafc4b7fa131c884f6bebcdbde6ad23c1182dd8876bbaa4ed169d7357c3011a508c03bc9243

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7800.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7871.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1896-17-0x0000000002E50000-0x0000000002EA8000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1896-15-0x0000000002E50000-0x0000000002EA8000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1944-7-0x0000000000230000-0x0000000000288000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1944-8-0x0000000000231000-0x000000000024E000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1944-9-0x0000000000230000-0x0000000000288000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2132-10-0x0000000003B00000-0x0000000003B10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2944-16-0x0000000000DD0000-0x0000000000E28000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2944-11-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2944-12-0x0000000000DD0000-0x0000000000E28000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2944-13-0x0000000000DB0000-0x0000000000DB2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3052-0-0x0000000000401000-0x000000000041E000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3052-6-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3052-5-0x0000000000401000-0x000000000041E000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3052-1-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3052-2-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download