Overview

overview

8

Static

static

3

bbaf29fca3...18.dll

windows7-x64

8

bbaf29fca3...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 12:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bbaf29fca338956b1174a8fb992fb501_JaffaCakes118.dll

  • Size

    507KB

  • MD5

    bbaf29fca338956b1174a8fb992fb501

  • SHA1

    071ec0f9c6044d21d62612392fa8c392b5ffa302

  • SHA256

    04d885532e4a5997455b2990e8c64c3a9273c98974153c7a2c1447cb64242fbb

  • SHA512

    4c974a2ed58336d585fcab9a38277ee9dec49a711a71c9debcddeafa95ad2fc1ee6a532790490d5c58f0a0c8a9bfb9f858b291642ff4b2b5e7f7e2d3e14e1135

  • SSDEEP

    6144:35V42i2Jfqcx0qUXFN7U83Fs2g6//zAvQv66yhetdzzqg+hyr9vOghb8Rq+n5:JiH33JXFru2/zhI4v+h2OAW

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbaf29fca338956b1174a8fb992fb501_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbaf29fca338956b1174a8fb992fb501_JaffaCakes118.dll,#1
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s C:\Users\Admin\AppData\Local\Temp\512C.tmp
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2748
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 268
        3⤵
        • Program crash
        PID:2708

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\512C.tmp
          Filesize

          401KB

          MD5

          c046b5ff304c69e4bfed303e9ce3c83e

          SHA1

          615494fa285b91a09a08c80cfd9a2caa9c913516

          SHA256

          45a9b235d37b624dbd0bdb868255bc42c81b927454b461409cb059be14c7287f

          SHA512

          dff02617398a3dfba13fae3ae9482622695f75e9b0984a45aa630bc02692deac69f7ab11f044c74e961af219f0999aada5f62d3cce9c8f3af6819004515fb08d

          Download Submit

        • memory/2748-8-0x00000000001A0000-0x0000000000200000-memory.dmp

          Filesize

          384KB

          Download

        • memory/3064-0-0x00000000001D0000-0x000000000024C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3064-3-0x00000000001D0000-0x000000000024C000-memory.dmp

          Filesize

          496KB

          Download