Analysis

  • max time kernel
    92s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-06-2024 13:04

General

  • Target

    02435db34a379161d61476d386c19068_JaffaCakes118.dll

  • Size

    118KB

  • MD5

    02435db34a379161d61476d386c19068

  • SHA1

    d32dd9201b9ecf673a3ddf2bcfbfb1847d54bafc

  • SHA256

    53e8e812ccd312f44e12528725d7e937c52d12060b53dc0e3367e8d7f02c34bc

  • SHA512

    1e55ad835c4ca0c2798bb1c074cd3d0a84e06f0c6308bfe81ebed3ca0c0452519e5c42918033ed0749b1f78b8bbdb153929bdcdd0897a7913aebca8fb3ad5fbf

  • SSDEEP

    3072:IVRaNBTlghjl+1aQCJn4uaq63ExLJWo6Qzdn10c3r6cyWTV:WRaNLg+klJn4rOSo6Qzdn1xucFV

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\02435db34a379161d61476d386c19068_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\02435db34a379161d61476d386c19068_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2728-0-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

  • memory/2728-1-0x0000000010000000-0x000000001001D000-memory.dmp

    Filesize

    116KB

  • memory/2728-2-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

  • memory/2728-3-0x0000000010000000-0x000000001001D000-memory.dmp

    Filesize

    116KB