Analysis

  • max time kernel
    140s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-08-2024 13:41

General

  • Target

    8a93e178c29124a7da8bca3ad9c43e6e_JaffaCakes118.dll

  • Size

    86KB

  • MD5

    8a93e178c29124a7da8bca3ad9c43e6e

  • SHA1

    2ee7354f7ea9a850a5451ff78f05cad000f720ad

  • SHA256

    047122881c5549974c021c7ff5969f21784910485541bded18e041884912c951

  • SHA512

    a684df25af160b2b5d8dfadc1914695529f2f901f66fbb0403f78a1f799f9fcce27182d082f9afe4919eca7b0da6f1b03e41b3ce38a008f4381e0c66bb0c4ea5

  • SSDEEP

    1536:08UvoE81Sxmand42gWvty+51LTq4zQHir8AUQQPlTbTM4I6zj2dckp3sE6YvHEgJ:TUvoZSxmad42gWvdLTsHhZQST/tI6zqz

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a93e178c29124a7da8bca3ad9c43e6e_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3772
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a93e178c29124a7da8bca3ad9c43e6e_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads