Overview

overview

3

Static

static

3

a9e17827ee...18.dll

windows7-x64

3

a9e17827ee...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-08-2024 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9e17827ee5024d63c2aa70c5cd5ac7a_JaffaCakes118.dll

  • Size

    204KB

  • MD5

    a9e17827ee5024d63c2aa70c5cd5ac7a

  • SHA1

    04c2f80355161f8411504aef1375ea789b3f55c8

  • SHA256

    bd10357dc8774010dea6c11722448066a18edca892aa1be7ee98384ed3c1406e

  • SHA512

    6dfc49017dcc338ace4661183fe28ce71c0424c31eca5b1c96536302d777b9d09c9d25783d09f646dc7d8a45bd2bb20e3ef223ca25e5c0248ddbda5058fd04c2

  • SSDEEP

    3072:Ju6osohT7+WKHNdyDIvSHEc9iJU9bWqc5KloY3SfcWRxvmw0qHxcO5VHWX43IIVm:KXqhM9AV5QVX49V0uuyL

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9e17827ee5024d63c2aa70c5cd5ac7a_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4564
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9e17827ee5024d63c2aa70c5cd5ac7a_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads