Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 13:09

General

  • Target

    0249fbe699f6cc74540a4c6a818f6010_JaffaCakes118.dll

  • Size

    118KB

  • MD5

    0249fbe699f6cc74540a4c6a818f6010

  • SHA1

    f86379f4b4e4b0d3e71977f19bb4771d26bacd61

  • SHA256

    779e0c6f4e300d834bdbc3bf17ce53a4cbd9701850e291967aad5219a643b658

  • SHA512

    b5e8a5485acc701b946d5b7f124ddf45c0647bb0e2d455eaa6046e9b86a42eafbc0f2f56ed94eb79481b3e5a7c9f25a4e0980783dccd3f404e01d374ba82680e

  • SSDEEP

    3072:RXN5MdJKeQYlwovHGCP8oNOdKOFp5+wpxF2hfM:R9MJKej01DgOTtxsfM

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0249fbe699f6cc74540a4c6a818f6010_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1036
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\0249fbe699f6cc74540a4c6a818f6010_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2232-0-0x0000000000190000-0x00000000001B1000-memory.dmp

    Filesize

    132KB

  • memory/2232-1-0x0000000010000000-0x000000001001D000-memory.dmp

    Filesize

    116KB

  • memory/2232-3-0x0000000000190000-0x00000000001B1000-memory.dmp

    Filesize

    132KB

  • memory/2232-4-0x0000000010000000-0x000000001001D000-memory.dmp

    Filesize

    116KB