Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
24/07/2024, 07:15
General
-
Target
6ab4f3f48fd522d0eb58b4b340b87c0f_JaffaCakes118.dll
-
Size
72KB
-
MD5
6ab4f3f48fd522d0eb58b4b340b87c0f
-
SHA1
b7fff5cfe18ab02d905230382ce9d90bc4b9d12d
-
SHA256
dd934131071367eed829309d4eecfe4a8df2891fc51e03da405c4997cdc69582
-
SHA512
e36a5aadfd58326310b79f53f52e314b859f970002e2567ff13bb36bc9af431ec329675548855b981a185d4470300e1b9727a0600bc6f6ffaa3448552d7395e6
-
SSDEEP
1536:jZIcCxRjZbQf5LHDYH092u4mgz5F3WEPLmiWxmqmuIqHmB72sK:x+y5LHDSPufguEPLjBqHmBisK
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ab4f3f48fd522d0eb58b4b340b87c0f_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ab4f3f48fd522d0eb58b4b340b87c0f_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB