Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10-08-2024 15:52
Behavioral task
behavioral1
Sample
86affe8dde37b6d263e1b341ba729b64_JaffaCakes118.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
General
-
Target
86affe8dde37b6d263e1b341ba729b64_JaffaCakes118.dll
-
Size
63KB
-
MD5
86affe8dde37b6d263e1b341ba729b64
-
SHA1
ba87c875c9485f246d6fdc0f89e05ef54a8ffb1d
-
SHA256
0792eea13d35ada52e0c9f9dfef351c04b12644e629ebe6211d7ba891cffe96e
-
SHA512
c804d58264981823dc9280ee3eb13f56a0632ea00ea9f539a06bf1ec62f758c27e39705dbd0772c5ad36e7057f6cd7fc4dd969aed1a41a7309743dfce63a678b
-
SSDEEP
1536:Vpj5HmesIxIHF0utvKOO1TlKEISbkeIj9u+OGrtfo5qeM7CEh:XZsIxgOu3O1TlKIbTIjdBnPCA
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1876-0-0x0000000010000000-0x000000001000C000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3036 wrote to memory of 1876 3036 rundll32.exe 31 PID 3036 wrote to memory of 1876 3036 rundll32.exe 31 PID 3036 wrote to memory of 1876 3036 rundll32.exe 31 PID 3036 wrote to memory of 1876 3036 rundll32.exe 31 PID 3036 wrote to memory of 1876 3036 rundll32.exe 31 PID 3036 wrote to memory of 1876 3036 rundll32.exe 31 PID 3036 wrote to memory of 1876 3036 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\86affe8dde37b6d263e1b341ba729b64_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3036 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\86affe8dde37b6d263e1b341ba729b64_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1876
-