Overview

overview

6

Static

static

3

329b22f3ac...18.dll

windows7-x64

6

329b22f3ac...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 00:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    329b22f3ac69564ca8ef059344c1721d_JaffaCakes118.dll

  • Size

    1.1MB

  • MD5

    329b22f3ac69564ca8ef059344c1721d

  • SHA1

    9120c62ceb251c15aaa86ba868db340ffee5b4c1

  • SHA256

    0ed836895f48a90114f62e4442e4382e848235eae5be70aa0cf89355ad846ea0

  • SHA512

    dca1d7582f92f3a44f09fa9864426c76e342a6f3121c3df51235803bd46e0ba767efc667bb35bff8338e8e9fbf92b0f25b59bcdfad207c1b625d4e74ca9bf23f

  • SSDEEP

    12288:t3fK0eTf8SevjNyCqmM+ffguTEpSuC04lBZuF/IUTUmVh8QhenETlCcN9Pkk660b:By0CHIyChyj7bYrUT1Vh/GETUYmu7i

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\329b22f3ac69564ca8ef059344c1721d_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\329b22f3ac69564ca8ef059344c1721d_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2204

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2204-0-0x0000000002380000-0x0000000002496000-memory.dmp

          Filesize

          1.1MB

          Download