Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04-10-2024 13:06
General
-
Target
1378ec816bb43e48d1ba93f1d0a458d0_JaffaCakes118.dll
-
Size
145KB
-
MD5
1378ec816bb43e48d1ba93f1d0a458d0
-
SHA1
10fa1e7dfb45c6c36f1deee87349b3e65b1d605c
-
SHA256
1bdd36862a3b95d2f370b2620b4933afa73bcd1053473a2e33554c2c7a933423
-
SHA512
3d0816d8756c3a6976707cf8066bb0f1672f6ee6c00fe84ee361a652578e4613b82dbd45bccc04e981b9a66556e09e5e1a5b4d5abd35d7a4b68b0b912861066b
-
SSDEEP
3072:sQzoKqIR5nRY4B+IJywjoL5CmKmitGBrAwPdO2:sQzoCnLMIJPqCyv9dO2
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\1378ec816bb43e48d1ba93f1d0a458d0_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\1378ec816bb43e48d1ba93f1d0a458d0_JaffaCakes118.dll2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 2963⤵
- Program crash
-
-