Analysis
-
max time kernel
130s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/08/2024, 18:33
General
-
Target
a7c1f567c3c15ebe25ce5a14cab6c386_JaffaCakes118.dll
-
Size
45KB
-
MD5
a7c1f567c3c15ebe25ce5a14cab6c386
-
SHA1
95062fe1856ac90dffd02888660a40d0e6b03237
-
SHA256
ceabbde817369a171b56fd1ce9fea00ef8b5dc665cd90cdf26033bc8e2906f42
-
SHA512
757cfb6d9a417bcf587fe35e23dd40c32ea1cb7fe0a769b6c9d73656fdd5e813fb032aa845ffef41dae589d9a876f62bb92cc9a6134ff8a954b9888641e0b89d
-
SSDEEP
768:z3OHS8KOzeJ5UVhHYNTeqTE+mx2af3dY1wDZlAF3LPsWS1kn0Hgl2R:yHZ67GhHZq4+7afNY1aZiLUvXy2R
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a7c1f567c3c15ebe25ce5a14cab6c386_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a7c1f567c3c15ebe25ce5a14cab6c386_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB