Analysis
-
max time kernel
139s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 15:05
Static task
static1
Behavioral task
behavioral1
Sample
68119cb30ad06d61b9b2c83140f1aa17_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
68119cb30ad06d61b9b2c83140f1aa17_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
68119cb30ad06d61b9b2c83140f1aa17_JaffaCakes118.dll
-
Size
51KB
-
MD5
68119cb30ad06d61b9b2c83140f1aa17
-
SHA1
ba872fe164187eea737f48c23baeebbfc6558397
-
SHA256
145fc1f90e4f65c455c355f7b8b0a51d4e7c1d3854515cb2e6cce5c080f85abb
-
SHA512
0a7c5bf8a17b2d0ed7ad65eec9d886e3ce158fb2a7217d22ad2fb6174a88a62fec894d4c88f59795cfbff02734c9766419455ad0af7c021774d506669b6b1e19
-
SSDEEP
768:PPEcw1JFa3BIIu/jllQolIie7rBA4hSJVLzstrfk+bx9RBHCzHX:Hvwa3qj3YRoLotT7bxJHCrX
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\bibizuso.dll rundll32.exe File opened for modification C:\Windows\SysWOW64\dupobiku rundll32.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4716 rundll32.exe 4716 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4268 wrote to memory of 4716 4268 rundll32.exe 86 PID 4268 wrote to memory of 4716 4268 rundll32.exe 86 PID 4268 wrote to memory of 4716 4268 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\68119cb30ad06d61b9b2c83140f1aa17_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4268 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\68119cb30ad06d61b9b2c83140f1aa17_JaffaCakes118.dll,#12⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4716
-