Analysis
-
max time kernel
143s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
10-08-2024 19:43
General
-
Target
8767e7a8571d6c17fb6e1a864d9d9141_JaffaCakes118.dll
-
Size
57KB
-
MD5
8767e7a8571d6c17fb6e1a864d9d9141
-
SHA1
ad7dc625dfb616502f920970d8fd4debdf2114a9
-
SHA256
e9a73f7fec4685553d110e9643000b792b3bea3f6546d649c97daa0c8ed64b61
-
SHA512
92f9b22c27555e35d71d381e431cab06f1a36fa5e107e5b93646a6d9eed66b1e0132c92bcbbae0601470bcbb407197e2e61d8f8d835be85f6b68a41134746ea3
-
SSDEEP
768:nNpqz4SIakBZiV3tIuw2BEBuwSiFgXFNuFUD6o6ipUWEF/dkeasLzoR3XaisTBuB:az+a8KVrKuwfgOWUipENOew3XHAugc
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\8767e7a8571d6c17fb6e1a864d9d9141_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\8767e7a8571d6c17fb6e1a864d9d9141_JaffaCakes118.dll2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB