Analysis
-
max time kernel
136s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/08/2024, 07:05
General
-
Target
a5d5bc428041a5234d5cdeae30264804_JaffaCakes118.dll
-
Size
54KB
-
MD5
a5d5bc428041a5234d5cdeae30264804
-
SHA1
7613a568f5286974ffb2d5bbe4693ea460dc4f24
-
SHA256
d55cd693c63e8ae1115e28d5af58e61ec576f93e0359def9529f1cc1f2aaef80
-
SHA512
4280ec7a21419339761bc0289b0516d5dab9be541cab2026893abedd6dbcbabd127964cf9def48647beeaa29571739c3eff6a9241008ac600e158e920d69d607
-
SSDEEP
768:Gx4m7JNSll3dTG+1hL8GJPGs980IfYUIiWkrB+W7BwKBTnQppEAZ7:Bm1NGJVGG4GJPGj2ssGBjIpvZ7
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a5d5bc428041a5234d5cdeae30264804_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a5d5bc428041a5234d5cdeae30264804_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB