Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 07:38

General

  • Target

    13f310de2b64411797dcdffe141fece7_JaffaCakes118.dll

  • Size

    160KB

  • MD5

    13f310de2b64411797dcdffe141fece7

  • SHA1

    c03841524b3d2fad9b9df3c4d2220ba180939ae1

  • SHA256

    d141a37514c6de93f1ebbc67d8427e96f083519e20c752c8e940e6149a76d6b6

  • SHA512

    a2df2d89eb710f31702ba8ab957edf1c2ace19c3d84af7fafbd7be3f48b6c70fd9afd52aa5b7d9af4dc5c43f999dd47d8d5717632583b0321bcf0d26be6b6f5a

  • SSDEEP

    3072:7rDTlF5ofBRLH1ViTPc3+fO4WIvDwJolOmojbKaBu11:7rQRJsTPc3+feEO/Dk1

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\13f310de2b64411797dcdffe141fece7_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\13f310de2b64411797dcdffe141fece7_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Drops file in Windows directory
      • Modifies registry class
      PID:1344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads