Analysis

  • max time kernel
    12s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 21:14 UTC

General

  • Target

    b0dd39b3abfc43a883ada52ec6778007_JaffaCakes118.dll

  • Size

    157KB

  • MD5

    b0dd39b3abfc43a883ada52ec6778007

  • SHA1

    70a76cf3d2819c7497a2d9c8bc5553a4590c7174

  • SHA256

    54df66fcdb8d782afb1fc13162f9cdb206a0801a134aaefa12cd8b392b1897e3

  • SHA512

    9e5aa599d340a9c677eb1d847db981852c5a463a33d6712a59c31575837cbc8769d41aefb03fa946dad7d2e8b4c94c9d58c2af3836da8d2d233d30fdb07c47a9

  • SSDEEP

    1536:O2DXS/tgRM/tgRM/tgRM/tgRM/tgRM/tgRM/tgRM/tgRM/tgRM/tgRt:O2DXS1L1L1L1L1L1L1L1L1L1Q

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b0dd39b3abfc43a883ada52ec6778007_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\b0dd39b3abfc43a883ada52ec6778007_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1560-0-0x0000000000330000-0x0000000000344000-memory.dmp

    Filesize

    80KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.