Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 15:53

General

  • Target

    f16e4003d8b3fd6ac4ebfc5fa1827bee_JaffaCakes118.dll

  • Size

    306KB

  • MD5

    f16e4003d8b3fd6ac4ebfc5fa1827bee

  • SHA1

    6df2c79cd09b88f7709da6d1166f9fa3b7051580

  • SHA256

    6a9af334250406bb27c3fb6943c7bbd3ae5bb47c93d67fef172cfc7d06bb5a12

  • SHA512

    768ab171543b47f5794cf095d611552c9ad6ecfe8bfd33a1ea77c08ceea1f319c4216bf8e9aa29d1948904a87a89f12a3c6c0f81f6aef014c8041d5355dbb789

  • SSDEEP

    6144:ngfPDQhaD9h4NTbazcPFqR5Ayvm4TB/CUUzhSnB:ngfPDQUhGSzcP6fvm4T1CUUza

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f16e4003d8b3fd6ac4ebfc5fa1827bee_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\f16e4003d8b3fd6ac4ebfc5fa1827bee_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads