Overview

overview

8

Static

static

7

c4210a26cc...18.dll

windows7-x64

8

c4210a26cc...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2024 19:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4210a26cc355b64ed5734df960b2b78_JaffaCakes118.dll

  • Size

    209KB

  • MD5

    c4210a26cc355b64ed5734df960b2b78

  • SHA1

    d0716e4ee39e2caefc5844b35143a4d7e38ae4ec

  • SHA256

    838d2f9aa24bb10a81b1d750e116c443100f2be1093fc138e31621fd5911c460

  • SHA512

    f000f29368d3c77c14c901573995b05b3b252134af1a16c01e32e1bfb3d35195f1d220f380f7bf887851495c001d3b56dd86895ef608dac9e43f32f0da777f43

  • SSDEEP

    6144:T/q32rRjPhKuDkkLjp+ScgBKozpJ1XVSGuRq9M:myR9rIMHZBKI/XV2M

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4210a26cc355b64ed5734df960b2b78_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4210a26cc355b64ed5734df960b2b78_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1736
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2172
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2320
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2716
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2336
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    321705bdf1e55fb046bd4bf528a80942

    SHA1

    a84c719839474886fc9fae64a48232c79d80fc2e

    SHA256

    a99ab9a04ec0e900baa6f069fafda75f7bf93f530822195d992e129537f98ca9

    SHA512

    41e364be4aa26c0efbf0bc2a3caf0db718961acad2102eacdeaa03c875746a1b5e3eac67527168b6855f47109a22e16260c3061e9583af6e18d7b45002af5203

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    626706e4e9bfbb085e53acccbc16c49e

    SHA1

    46aefc035146fc386b333677a1983b9289fe8a8b

    SHA256

    54196431355888c149a0514eefd994fda926ce6f5556094ef8ad58e462f155e5

    SHA512

    6f6a91e835bb7f68c3b6302b9aa3add6a75ce817b88ed4b776cd8e0fc254ca240ffe973ec3a76b43d82f1257f9b2cefc1637299862d608a039a244ea91b0cebd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cfc5daa0b879f0802e672e2a47c4ce79

    SHA1

    cc7d6ca97aeb909e7277c6e9ad27b9268994ac0c

    SHA256

    402371628e5b7bc44e1a702685743824aea267755ed0afc9f8f2171920b0a031

    SHA512

    1b04a86cef7ef4b50d63fef9870340963b38d3ee8a7b6d6e8e05ed80694a56a6098018e86aeb36ab8bef1bf5901d6875d70b17ff9cb766f42c9b80aa19b8ccd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    628ad10fc34e85e5e8900fb47af8d066

    SHA1

    09e2e40dfc60952ecfb3335f198b0fc29ec93e13

    SHA256

    0c827606bbdedcb10397f2ed5fa967b3d2f0b45456df5b83e90ead4d0905c8f2

    SHA512

    84a70eb858b1e11ce49b89c03b544cbe06fac5d3f5580e93919af99e83e016dead35f5690c97e223b7d8c2ac39dfb938770fc9e7c62690049dcb036b8d1595e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    110133d1b4939068563508c49822b963

    SHA1

    8fe50799849c918a5b864b4e77c4da2f0a76aa58

    SHA256

    5776aed8a4849435475db61dba3cab2d4318358e3ea47fdc609c9564d9683bfe

    SHA512

    9479bdb3eff2b6cfeaa756cfc9774aedd728a94ef4894316ae8a0f8ac5ae9726f6c1c073bab8eca7b06b7263f220a61f077a80902ba94f221ce6a24d453ae679

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81079999acf3d93bb77e77c048213237

    SHA1

    a17426655571f807ffb7fe5d2cee404717a4b9d0

    SHA256

    4d11656160df7f73bbde01b639b8e5e27c1606530928efed43cd11e4f5c2d2f4

    SHA512

    4175d04803eb6f6045af7f9d3d2a351578fb26b0a4935b9c222594f043b67bc111c751a84f8482b793ca1b17e2c40b9afdee8f239e3540d5824558c41a6afd0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c764e6c565ff6a2f79addbcb86ddb9f9

    SHA1

    3530b86eba991793329034b586a4eff4ec5d5f5d

    SHA256

    e54b7f23085f5f5ba74f70158963641aed73468266b9ed706313ec96923c7ad4

    SHA512

    ad7630159713eca69b946f1baedf174e9895eb44321d972858a0862ec5f8a5f1f934aeb168a0e935944ba093b8681770267a854cf1ade1fddd9d0e88c0ebc8ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94295d24ab4cc8b5730d07931b9f593e

    SHA1

    71c620b9c364f1e9a8efecab4ab9dd1319ec0eae

    SHA256

    7b4451d74d4c2b30ae838afc10f62b67978b6043abab5ab67ad237adb7031bbe

    SHA512

    1307d4d2bd63c6655a9f3ecebd53cf07fdaa66d24a12299282a3f76753da0b525edc3874fa96e305977f2411f277b6f9ec8548471f00630c4246879682d9afe4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8dd239987b12a319221336b0f76b3eff

    SHA1

    fa253ec51f077f2dba6c64565be0dbe083996825

    SHA256

    eba115e71e30a75d4cc06db96579d0a1b6c1e54989991a87893c56f0a9789b08

    SHA512

    34bfd9467487417d1c849864fbd240443e7c2563d83f38a9650188a0cd6fbcaa3991c55f1e494d3d103468a4cc9545c63486ce96d441e628890fd53faa569146

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bbf5a5e50176e96b267bd6808a0f156

    SHA1

    94980adb1a3cb607106955aca8d9bc5e82832d8c

    SHA256

    38ac4bc9949c92bbe83ec77dbb6d58e8e8fea1a70a6492816747af10f576bdba

    SHA512

    ab8d7d5a5c359092f018dbc4193fa58add9b24ef17a2b76685e76c96ed959ba795314ec35bcfef041eee2c945161af0abcbc6d884c378e4276510227a74b8823

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3211df724255a409469fcc37f5fa89ba

    SHA1

    1cb23270efbe6fecdedd4b546fbd2b3ed9337b03

    SHA256

    b604fa42efa769fa7cd9c12b399f938588866847656c1bd181755f744757d2d0

    SHA512

    0778166c1671a968202b2abb26cbb092fcc8e3304e48d37d222f5060798aadea2eb2b48fe74ac03b9df8032541b8955ae19c78ebdd538e84a43469cf985d327c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4cc1e2b4f567f8341d01595320a93f39

    SHA1

    6b2b3aa7d47fa6ab18830abb90d11a5aeb97d7da

    SHA256

    a471dee449a8e52a765b33fa5630f97f4117a5ee14ebcede9e4157e4b6ca8586

    SHA512

    538ffcfdb45bf0261284ed88b95167b545a2b36c7c27e5020e07fa45937126f416abbda5d0de4875a5eaa0d121c03cc36195303a51b6c2926d03635d29b167af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e15b8e9ee74acaaafc94dea7db2d89d9

    SHA1

    f0dd478814d802bb9fd01c6a8e049def2aff84c9

    SHA256

    24ed7068f8ad30bcee9ab80952fbcb21f4f072991c3f8c4bd7baf83a7a054231

    SHA512

    045f0cd80f16a123bb7e69bbc346fe91f880ad31e915a869e96d8ab26125bfc4e6cea8bbc504ac5bf7e57b2162ccb8cad43db400a806888a4cc8e9cbd8d0a355

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4348e4b622107d4faf15a7b95aa0f885

    SHA1

    3b178985bd5eeac85aed89225f3570f08035c5d8

    SHA256

    0f6ed88336e40522f7c5ed616d691f9dfddd3f4a5a8b59b1fe858469a99ddeb8

    SHA512

    f2d84baf12771197c8c13b005146d2109eca13779533d35bf6a6023739db2059ab6d893168a67fedd53943e216226b901f86a5a6151700be4044ec9b2ee7f753

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8fe67a76b63441410c3d3fdd03f2e1d

    SHA1

    aa3324cde739863bb29d35cfb66a9653b7e3d302

    SHA256

    dd8cd70035ed0c4b56e928ef80832c00991d1e85fa93bd9b873cb65852cb8384

    SHA512

    d66622d6bb8f68d3853c399e725dc4ea64c2324a72bf9817aaf921c71baa1bc0fb4affd73ae97b8bc89181d4cf2427ca148574e2f59c7e15117819d8a6443d6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ab7e7e037f0923ef2b6dcd63454fbb0

    SHA1

    6ef3371c17186ffa548bb4a804c536288812c75b

    SHA256

    e3988791a6e747f3b46de89f29c25637f6c9e0c545c409a69312445e465f9312

    SHA512

    fc4b886e6b0375fce344f9ba5d0b48719bcd6fe15202314037116a49b9f6557b3794f0c0c5f63f31fa20ff1526b8fbb4ebaed1e95ede91f5aee2711a3da279f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de76f247f9add5a35f09f39f248dfbb9

    SHA1

    34e2323633f5f27c476a5328cfffd797d259f787

    SHA256

    70bdfcb86d1f83ec6ae14e3447ca286a2a831986f1a63c76526fb4ef7a9286d3

    SHA512

    2bea6525937eb0c3581983c286f8d0731acb02cbbf8877e888a61080ac68fbafaee34ec7382e1c0142794a8a5c08358eafb71b746bfdb5438777396324eaba0b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab58F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar600.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1736-2-0x0000000000120000-0x0000000000172000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1736-1-0x0000000000120000-0x0000000000172000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1736-0-0x0000000000120000-0x0000000000172000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1736-14-0x0000000000120000-0x0000000000172000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1736-3-0x00000000000C0000-0x00000000000D4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1736-4-0x0000000000120000-0x0000000000172000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2320-7-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-9-0x0000000000A50000-0x0000000000AA2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2320-8-0x0000000000A50000-0x0000000000AA2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2320-12-0x0000000000380000-0x0000000000382000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2320-15-0x0000000000A50000-0x0000000000AA2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2548-6-0x0000000003D90000-0x0000000003DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2716-11-0x0000000000390000-0x00000000003E2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2716-13-0x0000000000390000-0x00000000003E2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2716-16-0x0000000000390000-0x00000000003E2000-memory.dmp

    Filesize

    328KB

    Download