db58d343efbf99c39999f4c7e3d16217cab3dc664c6d81d2216d34de112eed73

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e26bddbf15950620e0e9891854cfce6_JaffaCakes118.dll
Size

1.2MB
MD5

3e26bddbf15950620e0e9891854cfce6
SHA1

57909acc4e39fd61ff4cf29173325d1493baa089
SHA256

db58d343efbf99c39999f4c7e3d16217cab3dc664c6d81d2216d34de112eed73
SHA512

20dac6324b017ba80e265909d181cde8bee64963377fe95dfe492996563085b3cd917a300a913af1363a7438a71a01e0708b919aa6146848cb20e904329e597d
SSDEEP

24576:BLW2JwUk2S6M8QjQPlGQl7vuXKC2/Nbb9hhXUdjL4U:BK2J42S68je0YvuXKPlbBhxMv

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2552	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2552	2244	rundll32.exe	30
PID 2244 wrote to memory of 2552	2244	rundll32.exe	30
PID 2244 wrote to memory of 2552	2244	rundll32.exe	30
PID 2244 wrote to memory of 2552	2244	rundll32.exe	30
PID 2244 wrote to memory of 2552	2244	rundll32.exe	30
PID 2244 wrote to memory of 2552	2244	rundll32.exe	30
PID 2244 wrote to memory of 2552	2244	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e26bddbf15950620e0e9891854cfce6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e26bddbf15950620e0e9891854cfce6_JaffaCakes118.dll,#1
  2⤵
  - Checks BIOS information in registry
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2552-0-0x0000000010000000-0x00000000101FF000-memory.dmp

Filesize
2.0MB

Download
memory/2552-3-0x0000000010000000-0x00000000101FF000-memory.dmp

Filesize
2.0MB

Download
memory/2552-8-0x0000000010000000-0x00000000101FF000-memory.dmp

Filesize
2.0MB

Download
memory/2552-7-0x0000000010000000-0x00000000101FF000-memory.dmp

Filesize
2.0MB

Download
memory/2552-10-0x0000000010001000-0x000000001009A000-memory.dmp

Filesize
612KB

Download
memory/2552-5-0x0000000010000000-0x00000000101FF000-memory.dmp

Filesize
2.0MB

Download
memory/2552-4-0x0000000010000000-0x00000000101FF000-memory.dmp

Filesize
2.0MB

Download
memory/2552-2-0x0000000010000000-0x00000000101FF000-memory.dmp

Filesize
2.0MB

Download
memory/2552-1-0x0000000010000000-0x00000000101FF000-memory.dmp

Filesize
2.0MB

Download
memory/2552-9-0x0000000010000000-0x00000000101FF000-memory.dmp

Filesize
2.0MB

Download