Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20-01-2025 09:03
General
-
Target
JaffaCakes118_e26bb4db689fff47bf4f7ae0f0e32d72.dll
-
Size
224KB
-
MD5
e26bb4db689fff47bf4f7ae0f0e32d72
-
SHA1
00de58eba63b7eb84d0c7a1326e8f416d3306144
-
SHA256
194c291ebd6df03e65ec8d0a61815e13da9dc97151f7ee379a7b753543d7b237
-
SHA512
38f004c85e606bc908dcb3e848a8bef571a8b22f440ec99f81dba8ec517d4dcc42e8b32c584363869c40efd169bf7672c3b664874b95ce7e697fed7226abbbba
-
SSDEEP
6144:4J6N917yssJAYR7MwJyYDtSXvrVYKzNujZno:4J6X1770DR7DJbM/BYmeZno
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e26bb4db689fff47bf4f7ae0f0e32d72.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e26bb4db689fff47bf4f7ae0f0e32d72.dll2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2963⤵
- Program crash
-
-