Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
04-07-2024 19:07
General
-
Target
25eb80fd3a87c49d8d623ab7bfc694c5_JaffaCakes118.dll
-
Size
92KB
-
MD5
25eb80fd3a87c49d8d623ab7bfc694c5
-
SHA1
e9a9f9e571c2acad59a1d461504ff4f6f1debc87
-
SHA256
b5d5c25c5183d0d4065ce6ece09e692b517a6f24ed4c5cdb9553c47aa675f2db
-
SHA512
2b2df4f6fcf66870910eeb7935472a6c25e913d93eea8718ccdfa19aed1938b171c9c7986b0a85f20ef9cfc17841d2102575fcb0cbc3e0debd72b44e688d562a
-
SSDEEP
1536:b2L+PzX9kRV648MJ38+fg7TZI2LNJ57TGm7sQikBIRZR8F2T+iDztE/sE/r20cCq:y0r90648MJ388jeRsQbIR6fgWzK0cCzG
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Modifies registry class 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\25eb80fd3a87c49d8d623ab7bfc694c5_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\25eb80fd3a87c49d8d623ab7bfc694c5_JaffaCakes118.dll2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD525eb80fd3a87c49d8d623ab7bfc694c5
SHA1e9a9f9e571c2acad59a1d461504ff4f6f1debc87
SHA256b5d5c25c5183d0d4065ce6ece09e692b517a6f24ed4c5cdb9553c47aa675f2db
SHA5122b2df4f6fcf66870910eeb7935472a6c25e913d93eea8718ccdfa19aed1938b171c9c7986b0a85f20ef9cfc17841d2102575fcb0cbc3e0debd72b44e688d562a
-
Filesize
96KB