Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
20/08/2024, 03:44
General
-
Target
adc06d6c53fa9a556e036afac30d286b_JaffaCakes118.dll
-
Size
674KB
-
MD5
adc06d6c53fa9a556e036afac30d286b
-
SHA1
236683575c941eb7430de461e211f02a0c10e421
-
SHA256
7f7d496c9a375fc47dcf4d147e113a223f2704ff68cc4c764b9ea03d5efd5dad
-
SHA512
399b5013409a7f4ca8175b4aefd369f357b54b7e527ccb62573be7bc7fa66f97005ce88fb6c720a28f0a26df0e3fe232567a6fa06cbaaa53873347a11fdfa618
-
SSDEEP
12288:NeOgFnqbLBNdY50Yu2hkEmhYt8ZyNZyCCZ4r2q1/Th1GvwSYwx7QTVIVEMXS4W:NUqnBLYyYNkEmhYWINZyCCZe2VxETVGS
Score
6/10
Malware Config
Signatures
-
Installs/modifies Browser Helper Object 2 TTPs 2 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 5 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\adc06d6c53fa9a556e036afac30d286b_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\adc06d6c53fa9a556e036afac30d286b_JaffaCakes118.dll2⤵
- Installs/modifies Browser Helper Object
- System Location Discovery: System Language Discovery
- Modifies registry class
-