1cb181c6d746f27a90103667cc791c470265a847c9969715bc59caab114b4905

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 05:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

72ba07efc441658c248fddeb2e3cbae2_JaffaCakes118.dll
Size

32KB
MD5

72ba07efc441658c248fddeb2e3cbae2
SHA1

2f476fd61564bc09230a362b24111c20fb555b0f
SHA256

1cb181c6d746f27a90103667cc791c470265a847c9969715bc59caab114b4905
SHA512

3095cd71bbd72edfc5cb74afd11b21e2a966edc442bde66e2a5e4d3df2217c629725d26710af404973923ca92f6f7c9f4c565342e121fdacb5d528b3dcbe9353
SSDEEP

384:UUIsK3EA9NMG5YBPUi9MY9zoDpb77+/VZSXGQG9aFJFrWCRIFDRW14:YsKUTeos4MY9zqb7QZkGZ96BTRItRW14

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 2660	1424	rundll32.exe	31
PID 1424 wrote to memory of 2660	1424	rundll32.exe	31
PID 1424 wrote to memory of 2660	1424	rundll32.exe	31
PID 1424 wrote to memory of 2660	1424	rundll32.exe	31
PID 1424 wrote to memory of 2660	1424	rundll32.exe	31
PID 1424 wrote to memory of 2660	1424	rundll32.exe	31
PID 1424 wrote to memory of 2660	1424	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\72ba07efc441658c248fddeb2e3cbae2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\72ba07efc441658c248fddeb2e3cbae2_JaffaCakes118.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads