8d343be0ea83597f041f9cbc6ea5b63773affc267c6ad99d31badee16d2c86e5

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 23:29

Target

881af5234f3107e96ad1a9a60056d4a1_JaffaCakes118.dll
Size

392KB
MD5

881af5234f3107e96ad1a9a60056d4a1
SHA1

eba2bd4df7073faf2c59266d5104e71caed75a28
SHA256

8d343be0ea83597f041f9cbc6ea5b63773affc267c6ad99d31badee16d2c86e5
SHA512

739c146a4edfe59091967863b405f86658ff54784fbed7f67c1a297de67a85c92789d022fc2519cee75a84f1331d5c3a80c00cbead80864fc2041ec5d83f5c17
SSDEEP

6144:lFlJLzRTY2+0JunqK1C0oJzW5Gy7AjwZGBFIrUFevEF:z7zRTY2pJYqKXoJYGy7IBtF

Score

6^/10

Adds Run key to start application 2 TTPs 1 IoCs

Registry Run Keys / Startup Folder

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\TMP provider = "rundll32 C:\\Users\\Admin\\AppData\\Local\\Temp\\TMPprovider019.dll, RunDllEntry"	rundll32.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2308	rundll32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2308	1804	rundll32.exe	30
PID 1804 wrote to memory of 2308	1804	rundll32.exe	30
PID 1804 wrote to memory of 2308	1804	rundll32.exe	30
PID 1804 wrote to memory of 2308	1804	rundll32.exe	30
PID 1804 wrote to memory of 2308	1804	rundll32.exe	30
PID 1804 wrote to memory of 2308	1804	rundll32.exe	30
PID 1804 wrote to memory of 2308	1804	rundll32.exe	30
PID 2308 wrote to memory of 1280	2308	rundll32.exe	21