Analysis

  • max time kernel
    111s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2024 21:08

General

  • Target

    3663e5f8931f9f02a9d6b1b1a595925d_JaffaCakes118.dll

  • Size

    52KB

  • MD5

    3663e5f8931f9f02a9d6b1b1a595925d

  • SHA1

    2325bf6cd91e482754a95fc0a91dc74fbdf3981b

  • SHA256

    613eeb99f67cfd46a977f60eb531764ba96fbad207eef1635e39b6f52bc888bb

  • SHA512

    cc744a3bdee4ae06ce8a794d56c10945e4f3fc5318fb45b54528052c2e163c35e8592511232a13dcf897ed2a7bddf72d1d62bfc7ad15c04b80f9c9bdd76682e1

  • SSDEEP

    768:6XMNoe6mhGYkBVPMgF++mr/AkPz7U92lRM89hbZbDEJ7ZBN6f5gPVk0A:7oSGYyVC+e/JccFpwN6fmB

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3663e5f8931f9f02a9d6b1b1a595925d_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:404
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\3663e5f8931f9f02a9d6b1b1a595925d_JaffaCakes118.dll
      2⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\O„¡êá3؆4ô

    Filesize

    117B

    MD5

    a78aa906d3deed7941982a6e25bf0b46

    SHA1

    c5d066bc25f163ed91a2eaafb7e9b05f06fb2a82

    SHA256

    a5093ec6f258ab48a58782e0d208bedf849e1eaa640fc4d3bad29fa6f3353338

    SHA512

    a378c2ad1fd3c34b058c977cf37acaedcfea0b864e4a6a5192b1c20b6bccee38143a8f83fa6a5964a0633f59df180a5aa67467c7aa1cdca587acb87528dc80cd