Analysis
-
max time kernel
141s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
23/08/2024, 19:29
General
-
Target
bce2e423443995446764665bde4165a7_JaffaCakes118.dll
-
Size
1.1MB
-
MD5
bce2e423443995446764665bde4165a7
-
SHA1
31eb39141d19c2c95d070d5c56838d6886a06f2d
-
SHA256
c3db1940d43ee33ce510a1c066389e96a4505e0a8f90bc82ad5c98fb3127ac54
-
SHA512
bc46faf08262b4fd678d17be5272e93a6d2c4322f6695d67ddd15987269ba8c1c9d64d1e2baba424b92c5ae65719e21c6069f0f2b574d0c5db0fd2dccc851270
-
SSDEEP
24576:SMpZ4OxwR1QcQq/W7ihb4bPWmBLXvPmVpTrdzjs00A:SuNZ7Ib8ZBL2/Xj
Malware Config
Signatures
-
Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\bce2e423443995446764665bde4165a7_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\bce2e423443995446764665bde4165a7_JaffaCakes118.dll2⤵
- Server Software Component: Terminal Services DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k dtcGep -s dticem1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3840,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
123B
MD5b8cf9b7e34240951ec9c56f07e5f8c99
SHA129251731d9f2a4390c42cb2f12096208438fafac
SHA256e1b3e1a69746279bef548c2ce30ecb627abbe70e8f111cc5a4ea2ddbd713389d
SHA512f3a58798155954ffa9af3079609c27cae8f17e44dfe8fa0a02885130f3de95f5b9646c1688ddaae49f8c46a3bed29d4f9b2ca5d2f36a9e3582900ea61aae1c24
-
Filesize
114B
MD5a34ef6803ac17182d4d3b11ce6ec9cdf
SHA1cb2ffdab71a244fab0a404a05926346529d8bbbe
SHA2569fe0654f3929b95c6c35617bdc7280feaeee2f9374ef1e6bec763d0a1d3a71f2
SHA512e0d2528878f367038ae1339371a28ce7e558dbe6d504ee34d77d614c6249a92895cb668eed396d26eab82a71f10799429c9e0995c546b73b76a7d15d5d1aa380
-
Filesize
1.1MB
-
Filesize
1.1MB