Overview

overview

8

Static

static

7

cd98c33b8c...18.dll

windows7-x64

8

cd98c33b8c...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2024 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd98c33b8c684c19e1571187a8ff3234_JaffaCakes118.dll

  • Size

    188KB

  • MD5

    cd98c33b8c684c19e1571187a8ff3234

  • SHA1

    35714eaeb855124cfbf9607132db4d2bcbde3288

  • SHA256

    43d7182f818869d94e4bd1e16bd157f1981aa9002bdc689ce2736b29354ec178

  • SHA512

    4079f15f6b4c297d2b5ecb935570909eabcd3e6f08e613b55e8e645f2d5cd858b15edcea1fbbb1cac7db1cb82521abf7e7bf497d2fd130ec0e2b75ce0b66ce6c

  • SSDEEP

    3072:CYQNHPn7TboFfVqQlXt4veso+nfXNyMDKieHeLvMr9y8ZoIyseKwXlc38/:C1lPn7XoOYyvxo+nfXNJD3U8D3KElcs

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd98c33b8c684c19e1571187a8ff3234_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd98c33b8c684c19e1571187a8ff3234_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2380
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2832
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2848
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2220
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:3068
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c6cfa21e47b330ef3a4c345084dfbc7

    SHA1

    e63c34716277bf32745bafcc5618a1d0d83ef2ff

    SHA256

    ab044fd5218ba6ca332b2f7caedf318541ed20b49ac7848937379f28ebea488e

    SHA512

    b27c357764e1e14390950d1240167a5b6c5a04eafb017ea92e638ce48e2c89faedd2ba466b5417b8bddbd19f6b285c7464e3d75c70ad5764cfdc0c3aa9c5a0a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae60aba66f323d10f9cae35f29b65169

    SHA1

    045082545cfde4070c6a827052834d621834deb2

    SHA256

    7fed78bd7344b44d011ec5cbd69beed2baf75103b316b5ab85160f04b6a5c4c6

    SHA512

    0e13630122d93dbec4a110a4419b31eb1558998170a753a89b8997a44eb44fa41ca9ccb8c6ddb8dc0fe2afe84805fd15a13c4dac787cdeb2f60a308d8b68f9f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f3b12fd69095dcc5dc007aa77a23225

    SHA1

    0920f2b827bee6ddcaf7aa1089246b72568cdb13

    SHA256

    c429ef7e635012cd0773f63d8a5a57a1590a6886f0e2771cce1155117051c39c

    SHA512

    1978585d69ad0172629289b66d16209b7e63ef448cb7a5e21adbaf57cbc90f13853c2fd36be19a1428133401334d6fba9cdac1ed67243309d8394a293cefae67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b866400ea2faf12fed22de32f56f33f0

    SHA1

    7a8bf070b390af4358436ac07cd13dc75f3361cd

    SHA256

    c0bf8805dbdb9a4bec51ecb6618bbf4a9b0923809ec392504765cd259f82dcee

    SHA512

    1b9db0291856dea758235b0717c733b9710e9d5ade3d747403d7480617c7fc1274528d13736101e56c04b14840dce200d5187dd6cc4337ea38b10ca25bcae792

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86e0e577a6e74fa1c5060c6a34d30515

    SHA1

    f9822ca45063882d2f5bea154d82b84c7d4da02e

    SHA256

    d3cd2ddb3f4c2164b3ed30d00da4ee165a9eccd6b6fa4d0442210b2ef72f821b

    SHA512

    8b53ab2d842a1e927714e4d907064cf41d70434d8549d604e27c9ce0962051dcd72e3af24bdea6df4243932f8d8ce258b394c30b66980424cba0640a40ab67b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    064927a1d5ea09c492b8073d39bb9815

    SHA1

    ea7b42f8784b4e517e615b758229131503313a11

    SHA256

    a8cd593391e7956dd39d4dc018a434d5a0a219c555b889ed788d82e76b7722a1

    SHA512

    c8ef51e63adb0a679b7e87123d969a60339fb89c9047b92ceaee027b523ab0867c922915703de544fe1006bf225f2bbeb5b8802555a724f6b81c94d8404b5726

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be6d832924e142bdf5f3269a7cfad25b

    SHA1

    c97b7afdf03dc816b745e7855902aeeec4436399

    SHA256

    5cc56c07ad73e5c3fec4b9fefea54ee6518e6bed0d8a0cd6ecf81547e7280501

    SHA512

    b7f76e1b0349af80dccabe568ef28fcd216df32fe866f4e22f3b1855ef788d48823b19e7a8425c25ead1e436b2fc7e7e5970be379eff7ffb77dea219abbf8b53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5868a755b2a4679a243f2b80905fd954

    SHA1

    e59f6fc346a28aa8887f11f460ec78af490f9734

    SHA256

    ba1b99a85ade299d2a05a1527306db5610d56e24254cd7a6bb55a3c779069937

    SHA512

    26af8988f28ae4e82d6abeb48067ac94428657223f42e932e2b70da9940df1d0227b6af7caef72885ade1eb6d16d7970d9ac2fe81922926d48a13193a9bc1576

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fcf19da2ec10c7edaf1c64c683d9c140

    SHA1

    aaa07261f590181e0f1e0690756e0bb2234467af

    SHA256

    03c2ac9ef5920f22518e941f24be5c63b841ff7678715fd841185e21779a6ec4

    SHA512

    80d8e2bbc059d650e5e17bbbc96e43fd2f3e9814981be99b1c293f7dbe90dcb0953c1e5e575278000b5779fe4db0f995b7d4a5a66cc1173239175e747e56e1f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6d03a0640fd4465ae42bf8416f22818

    SHA1

    9d4d95d14375bb3771109517df8043961d0552d2

    SHA256

    a2642a03edf4b290108f1ea033ace6979de576ce6f3b98b69b2b99a9bd2e236c

    SHA512

    12a3529153d4638257b2be6acaa2260fddde4fa038b7d7e76a796fe3d99b07986705850565f62199c1663fe8141a8b269ffbf6874bcdf469f9ba1cfd9fc81ec8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a95b887ec1b8f257f94781a7ee18a6e

    SHA1

    7f31d085ba68e3fa3193854123ada93e388379e5

    SHA256

    712b7bd1d046bc98c45aa8d39d6624056fc7759f2a2c435d27f9c84e7a3686e5

    SHA512

    08e8b094aebfca6631d98bc88fcddba94d7cde1f4e52cb5e09d041d56e9416ccf619e1d4f072f7e96df9097776427633744fa2b6e931827214b82839af1083b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a6c0a7126970de7f5ea9d32ca8f130a

    SHA1

    75249225403380d590124126c69f4217b5bb9de9

    SHA256

    7506c04da30c279ed992af40b45dbcd1cb22a3df31adffc26e3056b53d9ce11f

    SHA512

    81a67546ff07b84ffecff2eaf53b7ab5747de5f821b59c72045b9de6fb95fbeca9096237936905c1660d9af3beaab4bb104b4195fc73f436f47b97f85c122228

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cfc74c36a16ed9e6d187eb716943953

    SHA1

    9492cc47dfca3abfe73632c34670704ce131c618

    SHA256

    63a5da3fd53a9ffac8897635a41c27b6c178fa0d507df6a1e2c7b82712b165a5

    SHA512

    fa3c9f0b0135b332e0868d27177fa7b20c1026518fe0165516d1579e2687fde5a037f99893e6b8117bb763c84fea6729f7dded6a2a0131dfac05eaccd10515a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33b57ba99a549360891ec0df1841b1da

    SHA1

    179dc9efcd85abdf87032551983b5d67a4cf771d

    SHA256

    d5665bfbf86f350e458d5a2267954e2c38784365152529ef9b08f8bb7effedac

    SHA512

    b3f55488d43e64629d5d8008e6b7913cf6b5188399952befd017de3470cca3dd496c7240155f30b7afcbecb51a80173b5dc5e316f2fb30816f8334aefeae00c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f28fc6847067db764e10442ee707cc87

    SHA1

    8fb2264d7233b8be56a63a1d556c0ce08143fc50

    SHA256

    21954eb4a7b91564e5872f78e9af667db90bc7710485b7ab6eab432a90ea8036

    SHA512

    0b95a8edb6a5a1795583b0b4476f03af2a9c1d7dda6c683bad218f520a40f7632c6231d50e04a5cee092b1aaf0c27b9477cc884d04c789a79ebe6066086e830c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83f4267c8ba71041120cae85ac669596

    SHA1

    1839a99e29fb44e06a3c8d8027585395d93768a4

    SHA256

    b0d741c67cf50a859533581ce80f5f385add130e50146df01d485c65068af812

    SHA512

    d0d5b9afb8ebb66f8422a6e0a851284295fa06fcc503d38627022ee38d6af7b7ba5ee2be284fc965fb33f9826f0ba079b954744cd84ce56c492b7b8ee7b6af94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ebe292d856be96ca0f72e4505c5737a

    SHA1

    8c0a4960aa6938e0d286452581a378ca33b19eed

    SHA256

    efb7a9b303047bd8f04379d0eafa10d1ccb98d8847d9d1d94d166b27a3c277c0

    SHA512

    8a3d9cd22a9afa9e847b41342cde3f6b1c680de859125caf8d0972b94ee4a4fb7be8cc47618b2c398c317bb497743d4de1d80f91a3b406360867b6e700787f00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f6517706e9d5f60e9095c2635951aa2

    SHA1

    a98ac976fa3d053d2c5d08ea51492144af7451b4

    SHA256

    c0b1b90f6483997b12c14e3ae0f0975960fea7e05e51dec93e988670e770c20e

    SHA512

    c1a007270d4beadbb304ab6f909d8658b5593f5ccd1e397777bc39ad36e6a0bc0ac53e3285d5cc986a63d755cdc810c000529701e32d82a861c2db2431676b1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ff5d513328002206d347687f407b843

    SHA1

    559ab0f2e03ae6873b343552f9ae2e051437bbe0

    SHA256

    7530ed46a031ce2ad23b4c85682fa3cc186311254dfadf70a57e546daff55da6

    SHA512

    d3d3c5fdaf02604f3c47e5339314fecd96ea0295a6a83df778cc1060ae4cdd559cb95abc4bbfe7a0e0861be51f5a6712b65649fd80bf6e533743d75af5ec86b0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB01F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB0CF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2220-12-0x0000000000A50000-0x0000000000A9B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2220-13-0x0000000000A50000-0x0000000000A9B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2220-16-0x0000000000A50000-0x0000000000A9B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2380-14-0x0000000000220000-0x000000000026B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2380-4-0x0000000000220000-0x000000000026B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2380-3-0x00000000000C0000-0x00000000000D4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2380-0-0x0000000000220000-0x000000000026B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2380-1-0x0000000000220000-0x000000000026B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2380-2-0x0000000000220000-0x000000000026B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2760-6-0x0000000003B10000-0x0000000003B20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-15-0x0000000000220000-0x000000000026B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2848-7-0x0000000000160000-0x0000000000161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2848-8-0x0000000000220000-0x000000000026B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2848-10-0x0000000000A20000-0x0000000000A22000-memory.dmp

    Filesize

    8KB

    Download