Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    15-04-2024 17:08

General

  • Target

    f18eca2bc9c3df81c3dd85ef44f43417_JaffaCakes118.dll

  • Size

    640KB

  • MD5

    f18eca2bc9c3df81c3dd85ef44f43417

  • SHA1

    3f28e44534bf380a726ec15d9ca7f00584182c01

  • SHA256

    d548941884f52509f8c0fa8333f867c09850488f258ca6cac86c5a7ef6855d9e

  • SHA512

    8784a26ef22923e482c4cecc49c6ff2c7fa08df70dbaeebfab2f451c7c33e1a6bcac4d02dd00c92a1698dfc85f9a16075c18e08e96a0eb12c851765649600817

  • SSDEEP

    12288:3kdtYzsZDM2fjYiV/UzxoyS7nUmsn7lhppzh+Z2tePm:0dGzs/0kwolUf7l9h+ZA+

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f18eca2bc9c3df81c3dd85ef44f43417_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\f18eca2bc9c3df81c3dd85ef44f43417_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2188-0-0x0000000001DD0000-0x0000000001E74000-memory.dmp

    Filesize

    656KB