fba9ee3ddf7c0d8d6874ecada586fcd1e3ae2e8a73abb482a4e4620e863e0d08

General

Target

69411c2cf41c335c9335765bbe1a792f_JaffaCakes118.dll
Size

28KB
MD5

69411c2cf41c335c9335765bbe1a792f
SHA1

b0fc942ef6e05158c4d1a4c323cc519d02267e71
SHA256

fba9ee3ddf7c0d8d6874ecada586fcd1e3ae2e8a73abb482a4e4620e863e0d08
SHA512

200fdfc283cd5c1531989473bb042f905767ab0fe2ba5f4c2805612fa50594905c4c5ac8898c76a3472507d6d34a4218d432ccc2d7b6b36d015a94d6604f42bd
SSDEEP

384:Q6Ylq/+9HB0fnQ4TfdhPibSnEOdSjSX2WiqJV4157VVSh1CT443UHaefj7vvxlLe:Q6YlQ+9HMZfjPBnRS+ibxVSqEHd7D1c

Score

1^/10

Malware Config

Signatures

Modifies registry class 31 IoCs

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0DAD2FDD-5FD7-11D3-8F50-00C04F7971E2}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\FriendlyName = "BDA Network Providers"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBC Network Provider\FriendlyName = "Microsoft DVBC Network Provider"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBC Network Provider\CLSID = "{DC0C0FE7-0485-4266-B93F-68FBF80ED834}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FA4B375A-45B4-4D45-8440-263957B11623}	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft ATSC Network Provider\FilterData = 0200000000002000010000000000000030706933080000000000000001000000000000000000000030747933000000003800000048000000415f9871a11cd3119cc800c04f7971e08eeb36e44f52ce119f530020af0ba770	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBS Network Provider	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBS Network Provider\FriendlyName = "Microsoft DVBS Network Provider"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBC Network Provider	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0DAD2FDD-5FD7-11D3-8F50-00C04F7971E2}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13B37A2A-546B-47BF-BBCA-8AC97F1EBDCB}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBT Network Provider\FriendlyName = "Microsoft DVBT Network Provider"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FA4B375A-45B4-4D45-8440-263957B11623}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft ATSC Network Provider	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBS Network Provider\FilterData = 0200000000002000010000000000000030706933080000000000000001000000000000000000000030747933000000003800000048000000415f9871a11cd3119cc800c04f7971e08eeb36e44f52ce119f530020af0ba770	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBT Network Provider\FilterData = 0200000000002000010000000000000030706933080000000000000001000000000000000000000030747933000000003800000048000000415f9871a11cd3119cc800c04f7971e08eeb36e44f52ce119f530020af0ba770	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{216C62DF-6D7F-4E9A-8571-05F14EDB766A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{216C62DF-6D7F-4E9A-8571-05F14EDB766A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC0C0FE7-0485-4266-B93F-68FBF80ED834}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Merit = "6291456"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft ATSC Network Provider\FriendlyName = "Microsoft ATSC Network Provider"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBT Network Provider\CLSID = "{216C62DF-6D7F-4E9A-8571-05F14EDB766A}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC0C0FE7-0485-4266-B93F-68FBF80ED834}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13B37A2A-546B-47BF-BBCA-8AC97F1EBDCB}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBS Network Provider\CLSID = "{FA4B375A-45B4-4D45-8440-263957B11623}"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBC Network Provider\FilterData = 0200000000002000010000000000000030706933080000000000000001000000000000000000000030747933000000003800000048000000415f9871a11cd3119cc800c04f7971e08eeb36e44f52ce119f530020af0ba770	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\CLSID = "{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft ATSC Network Provider\CLSID = "{0DAD2FDD-5FD7-11D3-8F50-00C04F7971E2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance\Microsoft DVBT Network Provider	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3244 wrote to memory of 2096	3244	regsvr32.exe	regsvr32.exe
PID 3244 wrote to memory of 2096	3244	regsvr32.exe	regsvr32.exe
PID 3244 wrote to memory of 2096	3244	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\69411c2cf41c335c9335765bbe1a792f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3244

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\69411c2cf41c335c9335765bbe1a792f_JaffaCakes118.dll
2⤵
- Modifies registry class
PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2096-1-0x0000000022931000-0x0000000022932000-memory.dmp

Filesize
4KB

Download
memory/2096-0-0x0000000022920000-0x0000000022933000-memory.dmp

Filesize
76KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads