Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 14:50

General

  • Target

    3dd1a3bac31bca8ba2ae30554daaebf6_JaffaCakes118.dll

  • Size

    640KB

  • MD5

    3dd1a3bac31bca8ba2ae30554daaebf6

  • SHA1

    4a73142e087ef9caaa4a932c510a0135b0da8546

  • SHA256

    2d4278ac632b4bb57bfc0dc45dc4f226e3381a0df77aaa09a22d558829485e35

  • SHA512

    610c0ba93c2393155c441d2b973eb5d63c6b50fe908def75bc68b1773128a59f0bd033ec515b42e71bc2eca27c0285bc7b5f597e0fc6e425c2706c7cecc80620

  • SSDEEP

    12288:3kdtYzsZDM2fjYiV/UzxoyS7nUmsn7lLu2UJQ7VhM2tePm:0dGzs/0kwolUf7lZUJQBhMA+

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3dd1a3bac31bca8ba2ae30554daaebf6_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\3dd1a3bac31bca8ba2ae30554daaebf6_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:3180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3180-0-0x0000000001EC0000-0x0000000001F64000-memory.dmp

    Filesize

    656KB