Overview

overview

3

Static

static

3

a23ef24869...18.dll

windows7-x64

3

a23ef24869...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 10:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a23ef2486971c2ba619f0b5fb74549b7_JaffaCakes118.dll

  • Size

    33KB

  • MD5

    a23ef2486971c2ba619f0b5fb74549b7

  • SHA1

    2ce803c86ed9a7e2075838b0ec600d42fa6d3c23

  • SHA256

    dec7cfbbaf575631801138debfa56e99d3b47f5880b713d819b912a8804299d3

  • SHA512

    19347d8bb12f8dc708b8dda9e3273b3f1d3d99adcd875d0aedaccd76f49d26f22eee51a175415de15f6e825b5605b281927baa830082d464ab21143517e9f4b1

  • SSDEEP

    768:2EaVI5HfxVed0j1na778f02ONVO0xRAdX:2EaVo1j1o7802gvRkX

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a23ef2486971c2ba619f0b5fb74549b7_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:720
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a23ef2486971c2ba619f0b5fb74549b7_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1860

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads