Analysis
-
max time kernel
134s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21/08/2024, 07:12
General
-
Target
b28cfc597b7c320a3eb01662d7dd46eb_JaffaCakes118.dll
-
Size
12KB
-
MD5
b28cfc597b7c320a3eb01662d7dd46eb
-
SHA1
ef6df2398d186cda1aba67ccd04eeebfe323a998
-
SHA256
bd3445abd9a1573248929312c5907c74f62ca8857b97453f1d3cfcc5b1eb47ec
-
SHA512
dc578a4bbc3907182a0f0a2ed8df2c26e8b6b402e3e16a868025113465a0843a47b654c1c973e38531c5c4b8f993ca11562ac1d1dbe32993185f5e3d0eba1508
-
SSDEEP
192:4QtXNRdkVOvbCZLUkP/YJG0Om+kDUeQQd4OSqwEANYVe:/tXxfvbCZLUkP/gDlQQd4OFHV
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b28cfc597b7c320a3eb01662d7dd46eb_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b28cfc597b7c320a3eb01662d7dd46eb_JaffaCakes118.dll,#12⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
-