1cb9d6c862a40c97fd89f5adf60634d7b02e89e6ab2f926c45d281c0ddd8614f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af00f31b227b7a9300c75ab53d378931_JaffaCakes118.dll
Size

93KB
MD5

af00f31b227b7a9300c75ab53d378931
SHA1

c31c2fd51ea8fe52c8fcbdba1774f9fc4c904b16
SHA256

1cb9d6c862a40c97fd89f5adf60634d7b02e89e6ab2f926c45d281c0ddd8614f
SHA512

31f933b26c6ee9cb5c9530ba0b0e09ec2a0d3de4aec39151fa9244bf0dad836be32a11f77b3a171c8960ebe9d883cc1d8911aac0bca0a2c98b8b33fb74a2c4cf
SSDEEP

1536:ntudBcgCvI+KOocuI/Gu1bDnmtsg4uotPOhr/nKS0jToYWYhtlSe4J:tudfOxaqGu1bRRuoi0j1ThtAe4J

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2808	2744	rundll32.exe	30
PID 2744 wrote to memory of 2808	2744	rundll32.exe	30
PID 2744 wrote to memory of 2808	2744	rundll32.exe	30
PID 2744 wrote to memory of 2808	2744	rundll32.exe	30
PID 2744 wrote to memory of 2808	2744	rundll32.exe	30
PID 2744 wrote to memory of 2808	2744	rundll32.exe	30
PID 2744 wrote to memory of 2808	2744	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af00f31b227b7a9300c75ab53d378931_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af00f31b227b7a9300c75ab53d378931_JaffaCakes118.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads