f062341697979fdf10bd4b9c1d06cddc455453f827795a7f62431aab1870ca9f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-12-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_04e6a1d54c6f9bfe6a95796a7687d6f4.dll
Size

269KB
MD5

04e6a1d54c6f9bfe6a95796a7687d6f4
SHA1

33efd9133d94d803664f71109c8c0159cea2ccb4
SHA256

f062341697979fdf10bd4b9c1d06cddc455453f827795a7f62431aab1870ca9f
SHA512

dd1564ee6813f9409082c8ee177a0544460c62219fd5c0ed6ba0abebb4da520feae62c8d574bafd1e8a9e74e5b2920da426d8c897a9d7a1f176094f6185772ca
SSDEEP

6144:FTdochbDK1aPBNaotanzwDH/yvjEp5ERAPzBn5aNyP7VL:MxfoIzwijEkGhMeVL

Score

7^/10

persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_Classes\CLSID\{2222222222222}\InprocServer32	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\CLSID	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\CLSID\{2222222222222}	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\CLSID\{2222222222222}\InprocServer32	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\CLSID\{2222222222222}\InprocServer32\ = "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\MSServerTypeLib3623718.dat"	rundll32.exe
Key renamed	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\CLSID\{2222222222222}	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_04e6a1d54c6f9bfe6a95796a7687d6f4.dll,#1
1⤵
- Modifies registry class
PID:1508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads