Overview

overview

7

Static

static

7

88d22fbef6...18.dll

windows7-x64

3

88d22fbef6...18.dll

windows10-2004-x64

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-08-2024 03:27

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    88d22fbef6f04a3a2089d9388b2683ec_JaffaCakes118.dll

  • Size

    382KB

  • MD5

    88d22fbef6f04a3a2089d9388b2683ec

  • SHA1

    a48bfaf08e66969f4eb96765e751f19bf3287c71

  • SHA256

    d8af60e8d4d225dde2a85960921614056d6e5adce18460cbee571a1f773f1df3

  • SHA512

    5c088e8ba8056231ba18a7a7272bd2a8cb9750b444a3bed2aeb3e76389b80632b428ad93eeef8ab499b7517e683dbce3174790578f817a56112bf9b708fa6050

  • SSDEEP

    6144:DsEdhspTYMN5OC+T5EscFhWRLC+6LcP9lsk7BPXS5Es2ATbwiRHRq4mt:DsQiOdCyjCWpCTwlhaEbAAWHro

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\88d22fbef6f04a3a2089d9388b2683ec_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\88d22fbef6f04a3a2089d9388b2683ec_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4308-0-0x0000000004190000-0x0000000004225000-memory.dmp

    Filesize

    596KB

    Download