Analysis

  • max time kernel
    134s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 08:04

General

  • Target

    be308e52bedd45a6d1e5def910eb8fb2_JaffaCakes118.dll

  • Size

    86KB

  • MD5

    be308e52bedd45a6d1e5def910eb8fb2

  • SHA1

    54c20ecff3eb55f638b4e969f30fd797cb51d5af

  • SHA256

    4893e11c115d091e108d6243089ee816a2531d30a4912fc139e38728b5536904

  • SHA512

    3b6f12b37f3b19bc148c43670cefd908da6730ba09512a71a43163620e8f01cc2cec9c5dbdbb8ece260a5b38d02507960fdbeb1acc03547d89fa46ae1bad6e54

  • SSDEEP

    1536:ev+eW/lPKYpFgBZtOdUh+Q6TUc5IwdjSZDqFE4/Oj:leWJnFGtGQyUgxduuE4/Oj

Score
7/10

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\be308e52bedd45a6d1e5def910eb8fb2_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\be308e52bedd45a6d1e5def910eb8fb2_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2672

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2672-0-0x0000000010000000-0x000000001000C000-memory.dmp

          Filesize

          48KB