Overview

overview

8

Static

static

7

886a09768f...18.dll

windows7-x64

8

886a09768f...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 01:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    886a09768f8eee7ad5580d341ce7bb6a_JaffaCakes118.dll

  • Size

    41KB

  • MD5

    886a09768f8eee7ad5580d341ce7bb6a

  • SHA1

    598a88002c08c53bae3fa96baf41d77a298fef87

  • SHA256

    f7402e1146de9b11953fe2db5032207c5072dec81d6d3d9c341f1bf174d0d4f9

  • SHA512

    5e31f6ed58b43f183237a7e2218e0c5d8acc28197dde852087ff46c3f484d55c9c5edb658eee0eec1e8c96686bb81d5cd9d2789712c7b90bf0981f8466ea7cbe

  • SSDEEP

    768:HqoeN/bg30M0nv46QKqUT+m3lY76Nh1TPF7+7GquAiDG14j7l8j:H7eN830M0nv46ibSlY78h146qCDGqj7m

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\886a09768f8eee7ad5580d341ce7bb6a_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\886a09768f8eee7ad5580d341ce7bb6a_JaffaCakes118.dll,#1
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2068-1-0x0000000000120000-0x000000000013E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2068-3-0x00000000001B0000-0x00000000001CE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2068-2-0x0000000000120000-0x000000000013E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2068-0-0x0000000000120000-0x000000000013E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2068-4-0x00000000001B0000-0x00000000001CE000-memory.dmp

          Filesize

          120KB

          Download