Overview

overview

3

Static

static

3

b20f2d30c3...18.dll

windows7-x64

3

b20f2d30c3...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 04:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b20f2d30c306914998ecdab6f1136f73_JaffaCakes118.dll

  • Size

    1.0MB

  • MD5

    b20f2d30c306914998ecdab6f1136f73

  • SHA1

    18d22e35fa6b9e3f350852affefdc8006b65517c

  • SHA256

    53c542b5f68cbb037188c7f8880e5c5e8411d22a273471d04c5ec0825db4772c

  • SHA512

    543d2f17ba1308e9e3d6a78cb41cd85282e0c21c6682e10fc12bcbe9405a491213ff5e567507ff9de15cb227e216b1ac263241c46422ad5aad58237a52a46dc9

  • SSDEEP

    24576:jy3OJNyLE1cF5B7feaZ3io9cnHVvlimTKzqWn:j7yxFIVxTkqWn

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b20f2d30c306914998ecdab6f1136f73_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:924
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b20f2d30c306914998ecdab6f1136f73_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2860

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads