Overview

overview

5

Static

static

3

JaffaCakes...08.dll

windows7-x64

5

JaffaCakes...08.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    93s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-01-2025 09:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_e2669287a4058fc8966ca2b7a22a8808.dll

  • Size

    66KB

  • MD5

    e2669287a4058fc8966ca2b7a22a8808

  • SHA1

    5ad7f1804bf76feff7d6cdd4621f63dba0cbad66

  • SHA256

    10659f7ee9abf76fce6acf154ce115f2e3727eb2fdaf11ef14899708a76fbd1a

  • SHA512

    bc2b99cad2e126e6b8b9c5421fb78693a2b35ed00747f8212157e52c309bd02fca950d19336f3346434d1e31ac4a7e9eab060f0b19bb3e21c8179427bfe0fe11

  • SSDEEP

    1536:VKaouK0rof8925RMehGW4x6cHuP3fqshuqRdzz:VKaouK99MqB4x03BnZz

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2669287a4058fc8966ca2b7a22a8808.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5000
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2669287a4058fc8966ca2b7a22a8808.dll,#1
      2⤵
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:100
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2040
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:17410 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1352
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 100 -s 620
        3⤵
        • Program crash
        PID:3176
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 100 -ip 100
    1⤵
      PID:2952

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      5c880ecece7595aea41224edbf5f8bba

      SHA1

      883636d01cf260db4e245913bf0bf90ead6bbacf

      SHA256

      31736fecaf227fc906a4146252d5b452d9118e68c3a12c72095969f42724c621

      SHA512

      d5f565aa1cafa0fa8217c59355e7289138b862a99df2bbea6059b4f4ec1af0bd337e53d8349b9595606dfddbfe82d743ee748cff9b7c65b741d09e3cf9abb1cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      8cda5cbddf09ab2f8f587fbe6a4a5273

      SHA1

      f96bd7543c83cbf42802bb2608271d62b8204111

      SHA256

      3844229b95c482f4b7974f72564b3928202e12cecda5a604f3e4a3037a193f47

      SHA512

      d87baa091cb922011aea199f5bad654d3a209584e1df3076bc8c3a78f791fc8de213075c5103bf06c866ee2ce7a15df3ce219d952044547b10e6dd8463e7638f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8R55UT9S\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit