Overview

overview

10

Static

static

3

5d6860a98f...18.dll

windows7-x64

10

5d6860a98f...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2024 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d6860a98f0a5122b34331a275f3556b_JaffaCakes118.dll

  • Size

    24KB

  • MD5

    5d6860a98f0a5122b34331a275f3556b

  • SHA1

    2af844edc64a46cf82f17b4ef20dedb49b733422

  • SHA256

    a9f15397512e7ae62b381036d8cf2babb20e391bf1c4145dfcdf03813b94bbba

  • SHA512

    511702b455e36023fefbb1153b97ff34c7dfd9743f0f4fa224ba071cd88011ae65fdffa60d767e90d1423dd682878d9058bbfbdc0a11b8d40fb7a0bbad6798eb

  • SSDEEP

    384:Zve6kWKQYebBTfN4ZgeEYqpiVHESVviSDbo6dE+oekG802OyG0i02OyG0:ZDKQRjpCTtSUEQpH2OyGy2OyG

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d6860a98f0a5122b34331a275f3556b_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d6860a98f0a5122b34331a275f3556b_JaffaCakes118.dll,#1
      2⤵
      • Modifies WinLogon for persistence
      • Drops file in System32 directory
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:3640
      • C:\Windows\SysWOW64\svchost.exe
        svchost.exe
        3⤵
        • Modifies registry class
        PID:1512
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1512-51-0x00000000602C0000-0x00000000602CD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3736-14-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-3-0x00007FF9E71F0000-0x00007FF9E7200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-20-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-19-0x00007FF9E4C40000-0x00007FF9E4C50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-5-0x00007FFA2720D000-0x00007FFA2720E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3736-6-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-7-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-9-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-10-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-8-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-13-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-0-0x00007FF9E71F0000-0x00007FF9E7200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-2-0x00007FF9E71F0000-0x00007FF9E7200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-1-0x00007FF9E71F0000-0x00007FF9E7200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-4-0x00007FF9E71F0000-0x00007FF9E7200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-17-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-16-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-15-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-12-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-11-0x00007FF9E4C40000-0x00007FF9E4C50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-48-0x00007FF9E71F0000-0x00007FF9E7200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-47-0x00007FF9E71F0000-0x00007FF9E7200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-46-0x00007FF9E71F0000-0x00007FF9E7200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-45-0x00007FF9E71F0000-0x00007FF9E7200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-49-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3736-18-0x00007FFA27170000-0x00007FFA27365000-memory.dmp

    Filesize

    2.0MB

    Download