Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 15:52

General

  • Target

    86affe8dde37b6d263e1b341ba729b64_JaffaCakes118.dll

  • Size

    63KB

  • MD5

    86affe8dde37b6d263e1b341ba729b64

  • SHA1

    ba87c875c9485f246d6fdc0f89e05ef54a8ffb1d

  • SHA256

    0792eea13d35ada52e0c9f9dfef351c04b12644e629ebe6211d7ba891cffe96e

  • SHA512

    c804d58264981823dc9280ee3eb13f56a0632ea00ea9f539a06bf1ec62f758c27e39705dbd0772c5ad36e7057f6cd7fc4dd969aed1a41a7309743dfce63a678b

  • SSDEEP

    1536:Vpj5HmesIxIHF0utvKOO1TlKEISbkeIj9u+OGrtfo5qeM7CEh:XZsIxgOu3O1TlKIbTIjdBnPCA

Score
7/10

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\86affe8dde37b6d263e1b341ba729b64_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\86affe8dde37b6d263e1b341ba729b64_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1876-0-0x0000000010000000-0x000000001000C000-memory.dmp

    Filesize

    48KB