Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
01-10-2024 19:48
General
-
Target
072ce3f2267981da35d42eb8769eb725_JaffaCakes118.dll
-
Size
48KB
-
MD5
072ce3f2267981da35d42eb8769eb725
-
SHA1
7bf3daee4b95a40ca8010af83bf6b5557bf21f15
-
SHA256
bcacaa36766fb2d01b5dca8b82ba73d8bd6d6baa66896f5257ac2a74a36ba8a2
-
SHA512
ffa0d2ec27e5f13987ea2d0c7b3f02e2ca7e6a1233672ff8ff20f21887da8c39b7afeb535b96a3054ef7aa584c9c75cf2dc01c8e3b99ddcd4f6ca8a5bb6c6591
-
SSDEEP
768:7Mt30cRXrgwvm8/ZVT6pDZDKGol5UjXZ4CaJEp0spdkMPLN19JoBG9QuF:7Mt30cR7D+ST0DKzaJ4CH0s7kMTN1zrJ
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\072ce3f2267981da35d42eb8769eb725_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\072ce3f2267981da35d42eb8769eb725_JaffaCakes118.dll2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Rundll32.exeC:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\072ce3f2267981da35d42eb8769eb725_JaffaCakes118.dll,DllUnregisterServer3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
-