Analysis
-
max time kernel
138s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
26-07-2024 07:44
Static task
static1
Behavioral task
behavioral1
Sample
73295d46ba3e427d7d822617c406e1a9_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
73295d46ba3e427d7d822617c406e1a9_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
73295d46ba3e427d7d822617c406e1a9_JaffaCakes118.dll
-
Size
340KB
-
MD5
73295d46ba3e427d7d822617c406e1a9
-
SHA1
f6f72c057e7e47f5f403890e7f5298c6869adaaf
-
SHA256
3380faabd57f057d43727a6e6e2392525102d674acb9d18071fc68bcb84061ca
-
SHA512
e044bef4d6087c9a8b17f093fe1e7e6d5ff3f50cb93e82b35151a2c8a60916e43b974fd1a25774258c504267f5f77ea6bcd4b1274c3b61976c1dfe4180a6a561
-
SSDEEP
3072:rvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:r206xWgGxLxWN40PDKR/JnX2P
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1672 wrote to memory of 2732 1672 rundll32.exe 84 PID 1672 wrote to memory of 2732 1672 rundll32.exe 84 PID 1672 wrote to memory of 2732 1672 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\73295d46ba3e427d7d822617c406e1a9_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1672 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\73295d46ba3e427d7d822617c406e1a9_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2732
-