Analysis
-
max time kernel
140s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11-08-2024 13:41
Static task
static1
Behavioral task
behavioral1
Sample
8a93e178c29124a7da8bca3ad9c43e6e_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8a93e178c29124a7da8bca3ad9c43e6e_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
8a93e178c29124a7da8bca3ad9c43e6e_JaffaCakes118.dll
-
Size
86KB
-
MD5
8a93e178c29124a7da8bca3ad9c43e6e
-
SHA1
2ee7354f7ea9a850a5451ff78f05cad000f720ad
-
SHA256
047122881c5549974c021c7ff5969f21784910485541bded18e041884912c951
-
SHA512
a684df25af160b2b5d8dfadc1914695529f2f901f66fbb0403f78a1f799f9fcce27182d082f9afe4919eca7b0da6f1b03e41b3ce38a008f4381e0c66bb0c4ea5
-
SSDEEP
1536:08UvoE81Sxmand42gWvty+51LTq4zQHir8AUQQPlTbTM4I6zj2dckp3sE6YvHEgJ:TUvoZSxmad42gWvdLTsHhZQST/tI6zqz
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3772 wrote to memory of 3708 3772 rundll32.exe 86 PID 3772 wrote to memory of 3708 3772 rundll32.exe 86 PID 3772 wrote to memory of 3708 3772 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a93e178c29124a7da8bca3ad9c43e6e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3772 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a93e178c29124a7da8bca3ad9c43e6e_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3708
-