Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
20-08-2024 12:52
Static task
static1
Behavioral task
behavioral1
Sample
af4c38c380037c1dd40a2b804a23a221_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
af4c38c380037c1dd40a2b804a23a221_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
af4c38c380037c1dd40a2b804a23a221_JaffaCakes118.dll
-
Size
6KB
-
MD5
af4c38c380037c1dd40a2b804a23a221
-
SHA1
96846f722895f2197556873b2187fef5c9513572
-
SHA256
309b725cefd18f9cdedc28ba5bb2c56b48e211bd03dcd49b74a841957a959fa9
-
SHA512
c84881a652b28686f8d98af0e97d31bed91047985d73015873ff167dab6ce6d289218e557e8fc2295e25355b422263aadea6ff2b42f194cb3a5a7de669795e0a
-
SSDEEP
48:aGy7MN4cpSGAXbIni1kvNs6ztutiKIZWiwQTnU5WwG2QozbC:xB4c4G6bn1k1sw0EW3enIWwGqb
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2980 wrote to memory of 3048 2980 rundll32.exe 30 PID 2980 wrote to memory of 3048 2980 rundll32.exe 30 PID 2980 wrote to memory of 3048 2980 rundll32.exe 30 PID 2980 wrote to memory of 3048 2980 rundll32.exe 30 PID 2980 wrote to memory of 3048 2980 rundll32.exe 30 PID 2980 wrote to memory of 3048 2980 rundll32.exe 30 PID 2980 wrote to memory of 3048 2980 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af4c38c380037c1dd40a2b804a23a221_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af4c38c380037c1dd40a2b804a23a221_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3048
-