Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
10-08-2024 11:56
General
-
Target
85f5fd81c9f9f7f625afb5fd5972dc51_JaffaCakes118.dll
-
Size
69KB
-
MD5
85f5fd81c9f9f7f625afb5fd5972dc51
-
SHA1
f31ffe45f2136c139e0ce5f09e68cf6d4afb49d7
-
SHA256
1ae8f9dc996906e6464e9eb026ee61b7211bde19433f12af9b8b864a0de8714a
-
SHA512
cd8e8ba60d707b6371745f65ffed288d21e4a6cfb407aebeff54bb17868e374fb368569d79329fa314bb31953f8a36548d92d627701f8c3827ff16c3c3a083b2
-
SSDEEP
1536:yl3E0TOl6iHM7B8GdtDWP6VuhDduF8p1fMqwt7quwN2jJ:E396TMukDW6Vqwm1KwN2jJ
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85f5fd81c9f9f7f625afb5fd5972dc51_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85f5fd81c9f9f7f625afb5fd5972dc51_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB