Analysis
-
max time kernel
125s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04/10/2024, 06:30
General
-
Target
1238291fc435f137a4d1bdfd168b8880_JaffaCakes118.dll
-
Size
116KB
-
MD5
1238291fc435f137a4d1bdfd168b8880
-
SHA1
20ba7aebd2ded9916d8c478bac885bb2d3298ca0
-
SHA256
1a1da5c8486af606c4f76bf3df7152cfd8063668fcb585d664c7acffa3485354
-
SHA512
63820e1dd645abb8ec9a5eb4e3fd4fdea406afb406897986257591445c652932cc4e264a944e1c3265107e975309cd4fbe0e657ef515b2376de7dfadb4e04c2f
-
SSDEEP
1536:EjAZXGnnFriOOkqzIEPm4ectSLfL3e/H6n2OMO/dup4OTLX:EjA6nNgPm4eaSbL3efI2OMO/M2c
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\1238291fc435f137a4d1bdfd168b8880_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\1238291fc435f137a4d1bdfd168b8880_JaffaCakes118.dll2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4436,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=3828 /prefetch:81⤵