Overview

overview

3

Static

static

3

ae1af03ee4...18.dll

windows7-x64

3

ae1af03ee4...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae1af03ee4038cc8b24f19b33a99eb90_JaffaCakes118.dll

  • Size

    29KB

  • MD5

    ae1af03ee4038cc8b24f19b33a99eb90

  • SHA1

    be43b7145fe95bae0e2b8e1e26b3f7b6ef44d167

  • SHA256

    359b6a542048d5daab0b1d4ecd7dae3a3ba4c1d6f129f01719cd4b4fb1540ed5

  • SHA512

    3ac94665f5bd84e8f1c649d22d64fa8ab50f57d3fb360c8b5ea8224bf15f99fa6124e4fe20fd531bd72ba9a353da2c0e2c60fca90c932ed519893c3994644fa4

  • SSDEEP

    384:hyuzek/ySFy8FbwaVoULteDcx/iA5R6osBIh9yAcfVa/uJgYYb8g4k9TbJhOAzl:/M8FbwaVoUcDcFR6nvvqX1Uk/9lAO7h

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae1af03ee4038cc8b24f19b33a99eb90_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae1af03ee4038cc8b24f19b33a99eb90_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\hsyhdf16.ini
    Filesize

    14B

    MD5

    95f3ef681f0ef4ed85e36ac92de0244e

    SHA1

    fb9ed20a0761e9ca1c3100078b3f5ec16efb2e03

    SHA256

    390e65802e705fe8928f41b135234653c86a3871bd8a3ec9c666fb33ccd9b468

    SHA512

    1c49bc25196f5486d35f4e359b041b4ce5e68dbfaddb605d6e79759d498a1dd3e9a38d894e5abdfd90262f6bdb4c9428497e049e24505fa35a2c5353a2166c58

    Download Submit

  • memory/2580-0-0x0000000000200000-0x000000000020D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2580-324-0x0000000000200000-0x000000000020D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2580-653-0x0000000000200000-0x000000000020D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2580-981-0x0000000000200000-0x000000000020D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2580-1309-0x0000000000200000-0x000000000020D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2580-1968-0x0000000000200000-0x000000000020D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2580-3906-0x0000000000200000-0x000000000020D000-memory.dmp

    Filesize

    52KB

    Download