Overview

overview

6

Static

static

3

b742cec399...18.dll

windows7-x64

6

b742cec399...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 10:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b742cec399b0b684404d48f7d676fc40_JaffaCakes118.dll

  • Size

    60KB

  • MD5

    b742cec399b0b684404d48f7d676fc40

  • SHA1

    089561e151aae6a219067fddf5fd9f6a1871d541

  • SHA256

    ae2cc6c7f897dcc373ecc95f236d12d86b05367cf790bbf4d93f644eed600269

  • SHA512

    22f614ebe00577bf4853d3709e07b255128e4af98b193fa618007998c32fc9965c2a276a4008fbb8fc455c0d60206131ad7bbb2f4c70bd80677396e3268ec3f5

  • SSDEEP

    1536:M70aWE4hpnDL2qVD1DzUmPQNYrfDSU+05w:Q/gpnPhVZsNYn5

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b742cec399b0b684404d48f7d676fc40_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:728
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b742cec399b0b684404d48f7d676fc40_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3892

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3892-1-0x0000000010000000-0x0000000010008000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3892-0-0x0000000000BC0000-0x0000000000BC9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3892-6-0x0000000000BC0000-0x0000000000BC9000-memory.dmp

          Filesize

          36KB

          Download