Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 07:42

General

  • Target

    041ccc8817669a1a430717f4bb962aa1_JaffaCakes118.dll

  • Size

    102KB

  • MD5

    041ccc8817669a1a430717f4bb962aa1

  • SHA1

    2e842d26c235d35fb7cecb8238333239bf3a84be

  • SHA256

    ff1abf21456bed9521b156a20239a2cde1ad1013d7875f53ff456e84fad1427b

  • SHA512

    f306a7efd3fb8f1ed1edf67e5461117e9d02c81d09606ed9179b9012ac11478cbef7215f5543a3f79e3bcc17391ed1614202ddaacacede246e487589769c8785

  • SSDEEP

    1536:MDuwxOKhvy91+6+s1u6QxT5or+POYSZJKohTTdcL6fnF:MDuwxRC+Yu6FSP3SZJKo9dK+nF

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 60 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\041ccc8817669a1a430717f4bb962aa1_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\041ccc8817669a1a430717f4bb962aa1_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:4660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads