Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
27/07/2024, 03:08
General
-
Target
76d51697dcbd89da33ec1b13a8fbbee2_JaffaCakes118.dll
-
Size
264KB
-
MD5
76d51697dcbd89da33ec1b13a8fbbee2
-
SHA1
17139a1d5f57dea9d036fe217bcba2c7bb1f5695
-
SHA256
66d45219a9ec0b87abf2a0e64aee35cf96fce97fe502d8c68a40bfd30e940dc0
-
SHA512
695b97a3a0695e3238d6d477af1ebc07d132ee4c7439d898fed8a3ad8535c9825a296e1d40d719064eae522f6cb1c340bcf6f8a4adea2af170106fa25e40834e
-
SSDEEP
3072:sOnRUx0nlnat3D9feiWHcnhelShQOLcTi642YjkPoycADUk/OLJDye0Ata5AsQJ/:sO80nlaWHchelShzLkipCo3ADUjhssX
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\76d51697dcbd89da33ec1b13a8fbbee2_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\76d51697dcbd89da33ec1b13a8fbbee2_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x384 0x38c1⤵
- Suspicious use of AdjustPrivilegeToken