Overview

overview

3

Static

static

3

08477b4764...18.dll

windows7-x64

3

08477b4764...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08477b47644a3b36b900cf7ad27fc276_JaffaCakes118.dll

  • Size

    588KB

  • MD5

    08477b47644a3b36b900cf7ad27fc276

  • SHA1

    2c2f317ea91518c1d85a0b04bd0eebe2f55fd704

  • SHA256

    bb73c5e2f9882ee284422e4b32137c401a68407636b018eeb1ebba89c159cf72

  • SHA512

    d299dca81923d648766040e3e86a03fbe3b1143ed0a0fff127794a32ff30e41449dd59817e80ec2645488625ac2b53b46ec3cb83c4f2e1fbbbe71c361dcc584a

  • SSDEEP

    768:NDRs4+d6Yi20XZ9hAVZqtKIZ+2fJcwqVETAz4HMBbsjjRGPZMoKV:fsHi2iGZDIZ+nVETAzFs1fo+

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\08477b47644a3b36b900cf7ad27fc276_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4064
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\08477b47644a3b36b900cf7ad27fc276_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2380-0-0x0000000010000000-0x0000000010012000-memory.dmp

    Filesize

    72KB

    Download