Overview

overview

6

Static

static

3

5fb7ee24bd...18.dll

windows7-x64

6

5fb7ee24bd...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2024 08:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5fb7ee24bdbc07ae8350a878eff5e5af_JaffaCakes118.dll

  • Size

    52KB

  • MD5

    5fb7ee24bdbc07ae8350a878eff5e5af

  • SHA1

    1d265e9bfcf09f35b4f8a0a1acb3a1d9121065d2

  • SHA256

    fac037c6e6174dda5f18eb66b58519b707cb81ec0aae3094d09c31f1a54af62b

  • SHA512

    5e2ac26af11949acf6a2e7ee8451a1b01babf8ac9e550e1d3e9db869fe5c1d4bb4ea8c1da8ecdbda90ae1e95ae9410821efdc0dfe967fc88ef8b0e826be499a1

  • SSDEEP

    1536:sWo0xGEs0OVmo4PB8UJm6c1xMBOqo3x7N3//dXjICemK:dOVmLPu7ZD3/aCemK

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 12 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5fb7ee24bdbc07ae8350a878eff5e5af_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\5fb7ee24bdbc07ae8350a878eff5e5af_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads