Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 06:36

General

  • Target

    03ae7ed86d453a6b6fb5362d396c0908_JaffaCakes118.dll

  • Size

    162KB

  • MD5

    03ae7ed86d453a6b6fb5362d396c0908

  • SHA1

    3878fb142b8e392052e7c993683eb1164fc2f0fe

  • SHA256

    f2cdb57d828617a8bdf5d1f4a83e91d840084d9e5754f26aec183478cb3f1d70

  • SHA512

    85555782acc26e4bea677cd129330a75e09931fa6ecf8a4ca74115923bda74ab9b96d7231a3e14dd889f29f4b5383d7de889e007a54395b00c604ab3f31137ed

  • SSDEEP

    3072:onAloVPKGHUoshU4IqO6NOXQEpvQTes8eHxj0ggqicELJIyMv576y:ongoVPKKo5I8OXQEpzmxjqbLJadD

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\03ae7ed86d453a6b6fb5362d396c0908_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1004
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\03ae7ed86d453a6b6fb5362d396c0908_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:3752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads