Overview

overview

8

Static

static

3

7362611029...18.dll

windows7-x64

8

7362611029...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 08:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73626110298d3b426842a568d229f973_JaffaCakes118.dll

  • Size

    1.1MB

  • MD5

    73626110298d3b426842a568d229f973

  • SHA1

    41c969ac320c272c172821d5b13e840697409392

  • SHA256

    922f9ffedf68aca34e6e141db49d2bfc517ffdeb466faf7b6680b0c3e3d8f00c

  • SHA512

    a724355aa29d517d9c2ca60a9177bf53c2b69b0cfb55477a51a93f5ee8a02efac5c2550d03ae3b2ea452c697ec40157c1953ace2b0f2b61fba4f6658c0de5f03

  • SSDEEP

    24576:SMpZ4OxwR1QcQq/W7ihb4bPWmBLXvPmVpTrdzjs00r:SuNZ7Ib8ZBL2/Xs

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\73626110298d3b426842a568d229f973_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\73626110298d3b426842a568d229f973_JaffaCakes118.dll
      2⤵
      • Server Software Component: Terminal Services DLL
      • System Location Discovery: System Language Discovery
      PID:2036
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k dtcGep -s dticem
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:4456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\2a9c6c831d.dll
    Filesize

    114B

    MD5

    bea28bb32b13fa7049ae07d00cf7f3c8

    SHA1

    b1055aed4aedbf85e5835b41ac61c5978898bdf3

    SHA256

    bc5db74e5dc0be9802f24e246390ac27877bcee2248306f0328bf04271455c49

    SHA512

    c3413c7dc2b7b0a80b02447bf0d44de4e76e295b28e9bb1c1bf262880ee52032d9bde57b708e4529493fe4a99f181d4a9176f003faffc71e89417a1d191f1485

    Download Submit

  • memory/4456-0-0x0000000001300000-0x0000000001417000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4456-8-0x0000000001300000-0x0000000001417000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4456-32-0x0000000001300000-0x0000000001417000-memory.dmp

    Filesize

    1.1MB

    Download