Overview

overview

3

Static

static

3

bcb995a5e3...18.dll

windows7-x64

3

bcb995a5e3...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 18:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bcb995a5e3e7dbdef52134d72c4af3f9_JaffaCakes118.dll

  • Size

    108KB

  • MD5

    bcb995a5e3e7dbdef52134d72c4af3f9

  • SHA1

    34d72c70367ad33d2b8d8299c5467d79d334656a

  • SHA256

    ba1d856756968df2dd901b482d77d5a9ae8a36bda085895b9fdeb1bf6f5e0da0

  • SHA512

    cb2418f8ed8113e71c0da4c537c46e3c7a758f977b88ba99bfb2e962e2f3924250487347c8b6f9264a13c0e3f36aac1cfeba038d20d5da304be685b287068ea2

  • SSDEEP

    3072:2fn3ggZivHXVrikmP2dKObx+cixanpk70W:m3X6XVuOXb4hxGa7

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcb995a5e3e7dbdef52134d72c4af3f9_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcb995a5e3e7dbdef52134d72c4af3f9_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads