Analysis
-
max time kernel
31s -
max time network
39s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
16-08-2024 00:35
Static task
static1
Behavioral task
behavioral1
Sample
9c43b40ac2f819a463ef7d735f3f2ae7_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
9c43b40ac2f819a463ef7d735f3f2ae7_JaffaCakes118.dll
Resource
win10v2004-20240802-en
Errors
General
-
Target
9c43b40ac2f819a463ef7d735f3f2ae7_JaffaCakes118.dll
-
Size
340KB
-
MD5
9c43b40ac2f819a463ef7d735f3f2ae7
-
SHA1
7ea1d113b83d1e94da0b37af33f88432c12ef689
-
SHA256
3ec4d80a2751d6611e030ce9a6ca1222156f1d6d70839b54571dafb24baf91bb
-
SHA512
78f0d6588919b9a59780fe41672f4f20f00922152d56b8f8391f790959a264c43c9eb69185b312afb529fcbf943d52077d53fd9febcc244607bb065ce4182d7e
-
SSDEEP
3072:+vA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:+206xWgGxLxWN40PDKR/JnX2P
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3008 wrote to memory of 2424 3008 rundll32.exe 84 PID 3008 wrote to memory of 2424 3008 rundll32.exe 84 PID 3008 wrote to memory of 2424 3008 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9c43b40ac2f819a463ef7d735f3f2ae7_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9c43b40ac2f819a463ef7d735f3f2ae7_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2424
-