c0e47b25b5fc9213982f68c6d314220777a2ab711f35848c0e424bb0d416e075

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 16:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a763fac1e942bca08062dcbb327172d5_JaffaCakes118.dll
Size

15KB
MD5

a763fac1e942bca08062dcbb327172d5
SHA1

856e8e6c6e22a850ab6e15e30f39a8900eac9c82
SHA256

c0e47b25b5fc9213982f68c6d314220777a2ab711f35848c0e424bb0d416e075
SHA512

13997d778726e9d0c00230e51bdeed9f2b6aba9bbc9be05adf4cb195678e4633d738a71328f50038a9cb0f597715d02c87ffd1284bbe843e8c5ea72934046a15
SSDEEP

384:45/nK9ZcfHL21qvoQhxmqqephDQ3y1CXP1K9Wt:4xSZMvoQhxmp21Qi1CXPUU

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30
PID 1768 wrote to memory of 1332	1768	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a763fac1e942bca08062dcbb327172d5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a763fac1e942bca08062dcbb327172d5_JaffaCakes118.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1332-0-0x0000000010002000-0x0000000010003000-memory.dmp

Filesize
4KB

Download