Analysis
-
max time kernel
140s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21-08-2024 16:13
General
-
Target
b4244151165b14bf5df91cd9046aafad_JaffaCakes118.dll
-
Size
429KB
-
MD5
b4244151165b14bf5df91cd9046aafad
-
SHA1
34fa5848b052603e350bb64a9cc015197d32d068
-
SHA256
d935c653803a8efd039fad751bd98d8bd0ac36259640cbe7bedaed9c1663bc90
-
SHA512
fa55333caf4ebd767b7196d753cbe357267b3db7dee4d527ccf7905d2873e59e52e57fd6b53aa613d28f520722dcbc90d57ae5ced80b17767741ebc4ddb88cb4
-
SSDEEP
12288:3wyC9lqNkv0cRZvLRQebhp80jWLjFa9e2J:+dNtFlO02jU9L
Score
10/10
Malware Config
Signatures
-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Templ.dll packer 1 IoCs
Detects Templ.dll packer which usually loads Trickbot.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\b4244151165b14bf5df91cd9046aafad_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\b4244151165b14bf5df91cd9046aafad_JaffaCakes118.dll2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 6083⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3748 -ip 37481⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
220KB
-
Filesize
260KB
-
Filesize
260KB
-
Filesize
260KB