Overview

overview

3

Static

static

3

b5fe5bb720...18.dll

windows7-x64

3

b5fe5bb720...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2024 02:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5fe5bb720bd7fe20849d44ed8d63abe_JaffaCakes118.dll

  • Size

    52KB

  • MD5

    b5fe5bb720bd7fe20849d44ed8d63abe

  • SHA1

    4f9c04b38ae130059e4da4010389f1c14d8dde4c

  • SHA256

    ab21d89bc67fca8ec92826030b7785e70fa838032e65a48586f9d3c1622b52bf

  • SHA512

    c2324aa8c7faaa81f8f802e1f983a1584886fe3c6a49b241264c5c3fd80c05f7b92f90c2826dfa7aeb3e9d0bf41763c80cf8da241b243001e79f6a5f4b531f18

  • SSDEEP

    768:lKG8RmiL5GXq9IHIZLjDj7p55v+61NQ35sE2u1G+3AWHwnZ5abPvjUAo:4GMmwKqnVl5N+SKqWGJnZ4PvQ

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b5fe5bb720bd7fe20849d44ed8d63abe_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\b5fe5bb720bd7fe20849d44ed8d63abe_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads