Analysis
-
max time kernel
134s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
23-08-2024 07:38
General
-
Target
badce9df7f604b60f997570f6bbcea5b_JaffaCakes118.dll
-
Size
610KB
-
MD5
badce9df7f604b60f997570f6bbcea5b
-
SHA1
78455d36526f638e2a974f5515cfa6517386a748
-
SHA256
ab0050fd91cc25b35cfd840615845eadabd83bce490d463c652ed645ab740bde
-
SHA512
7eb690b58a565730b7ba434c79268f70597e91f1b871835a85f5d3565f0732a04c1618bac2aa06261f0729b2affc3743937dfd88b0a5e57e9a4ed479c6ba6f1c
-
SSDEEP
12288:5yA1ZdqVfv/6HftOIA3+00wstpSdCi3TLdLOGUFQBfWVBwBYHeIBv7pj:p1fqZCHwIr00taCiHpA2tWUUeIBT
Score
6/10
Malware Config
Signatures
-
Installs/modifies Browser Helper Object 2 TTPs 1 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 11 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\badce9df7f604b60f997570f6bbcea5b_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\badce9df7f604b60f997570f6bbcea5b_JaffaCakes118.dll2⤵
- Installs/modifies Browser Helper Object
- System Location Discovery: System Language Discovery
- Modifies registry class
-