Overview

overview

3

Static

static

3

dfb35a1d2c...18.dll

windows7-x64

3

dfb35a1d2c...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-09-2024 06:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dfb35a1d2c03f3fb5e39fe7e7588751a_JaffaCakes118.dll

  • Size

    111KB

  • MD5

    dfb35a1d2c03f3fb5e39fe7e7588751a

  • SHA1

    91c3c889a62403f59f612bcddcc609e50404385b

  • SHA256

    6fbf634a9eec26f54b1bea7a64e24584b9608a3f4f7614a7d33d99591be6b194

  • SHA512

    3df4c13674ec152a385dc69d672a25e44966271e82d739f33c0ad55a879d6fe92fa3b117e367e96a08d0ec43c59fc2afa2293776728d2bc801d8300fb3d0208e

  • SSDEEP

    3072:/LEfy7U0GjxlqqmVkVdub8/hazriA3Y7TTY/:/LEfv0GtxIWha6AI7Tc

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dfb35a1d2c03f3fb5e39fe7e7588751a_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\dfb35a1d2c03f3fb5e39fe7e7588751a_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1560-0-0x00000000008F0000-0x0000000000911000-memory.dmp

    Filesize

    132KB

    Download