5dfcbf7ba237678b93348d48ead67bed2f1a002932ebb9810ec05b747a056abd

Analysis

max time kernel
128s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb203af9ffb734498d25af952174ae11_JaffaCakes118.dll
Size

42KB
MD5

eb203af9ffb734498d25af952174ae11
SHA1

59cb2604db0bb7a899a8b320c326b546e05239d9
SHA256

5dfcbf7ba237678b93348d48ead67bed2f1a002932ebb9810ec05b747a056abd
SHA512

4d919827e136a7fc5fbaa262c5cfb883da0033dad88171f9b92d1d32fee4ea079604135a5120778179b42440c1654dd70993b23e60545a42a1df6e15182a7a35
SSDEEP

384:cp7JkDVwnUXGXde580c/1JZyXruK7ZH3IpgwYoZ8T2rpnB8si1mx0bCf1qMYJLyz:cRY8NNAB7ZH3B1LTgpnBS1nbC90Lyz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 2084	4536	regsvr32.exe	89
PID 4536 wrote to memory of 2084	4536	regsvr32.exe	89
PID 4536 wrote to memory of 2084	4536	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\eb203af9ffb734498d25af952174ae11_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\eb203af9ffb734498d25af952174ae11_JaffaCakes118.dll
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1012,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
1⤵
PID:3872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads