Overview

overview

3

Static

static

3

c7e11b2cf8...18.dll

windows7-x64

3

c7e11b2cf8...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/08/2024, 23:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7e11b2cf8e7a7f1ed4bd55b2897fb93_JaffaCakes118.dll

  • Size

    253KB

  • MD5

    c7e11b2cf8e7a7f1ed4bd55b2897fb93

  • SHA1

    87ab4e39c0d36785a08bbfe0fb685f4a412df23c

  • SHA256

    d0b3a1d6d2edd2a13a71c2c77fd2a33fefdef74babec079c2de769dd420932f6

  • SHA512

    9bcfe306b9e3d73c5fbde0fdfc98826bc6947336beb627313694097e24ced1b09df45387907a195b6d04d9a0b06141aacf154d5ee182ca56f19c79483f9ad78b

  • SSDEEP

    6144:wp78nMINWDBVEASAu9Fl13ATzbttb8IWZ9f9:0IN8fErsTXtmD

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c7e11b2cf8e7a7f1ed4bd55b2897fb93_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1560
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\c7e11b2cf8e7a7f1ed4bd55b2897fb93_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads