Analysis
-
max time kernel
132s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
16/08/2024, 22:01
General
-
Target
a01aa314b92d551c022783e00acbdcf7_JaffaCakes118.dll
-
Size
90KB
-
MD5
a01aa314b92d551c022783e00acbdcf7
-
SHA1
3b095f3b87d5726d2c21627e4a37005056b57444
-
SHA256
cb5b2b5fc4dea5b4cbbeb8e14ce9fd79374a3aa13769a6b4c4835d6f7420b77c
-
SHA512
dcb32698690d88404dfdf74e67f8c4966b8142b9a020f0902e103bbff8bed7c91c058c7b3210667594440b9de348c47eaf67da9e92d74c8e0ed307f8729c5291
-
SSDEEP
1536:zMHSIHT9yM8vKOYqxzw57wIgO+nn2VzVb3kLr7h1QCYsi9t0W:z1QT0hvKOYUI/+n2vwf7hqCYs0t0W
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a01aa314b92d551c022783e00acbdcf7_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a01aa314b92d551c022783e00acbdcf7_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB