Overview

overview

6

Static

static

3

304dbe9db9...18.dll

windows7-x64

6

304dbe9db9...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    94s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2024 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    304dbe9db9649776d5f9bcb976d5c350_JaffaCakes118.dll

  • Size

    711KB

  • MD5

    304dbe9db9649776d5f9bcb976d5c350

  • SHA1

    0746ec4522063bc11be534640e359f0e56456f2f

  • SHA256

    57f161ee82babfb93937f79cc7ab375b161bdcecae151b67c6e9f13eacb61657

  • SHA512

    30edd3893eda881ee61c0682d55bc4f3b6a3d99bd00f3c0b634b93ee07f5dfae1fab72cdbb119ebaed1465862fec3db76fc7e2ff8d12d110a5c4c2e5b8764485

  • SSDEEP

    12288:sHCqAM6vj721fUXMgf1PuLpHz9vw8Gjk2Punxx1ot4VP1RUO:siqTyO6dMLvwos0xqt4VbUO

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\304dbe9db9649776d5f9bcb976d5c350_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\304dbe9db9649776d5f9bcb976d5c350_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:4152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads