Analysis
-
max time kernel
135s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
24-08-2024 13:55
General
-
Target
bebbb8a2fb3300b980e4adc48fd8ea13_JaffaCakes118.dll
-
Size
196KB
-
MD5
bebbb8a2fb3300b980e4adc48fd8ea13
-
SHA1
6f1edb722e11672fab901b2e596ae304e977d75e
-
SHA256
ab5adcc47224ed6f559038992409551cde386a1b45e7407127dc41b462a7dd0d
-
SHA512
a5a0614b5ae67c70f5c66d765a9b952697efe7af94bfe5919c56c3b0220a81e05b4adfd736e32efda09d58866579c7b4022d0dcdbc4c6c2fa836daf9e6ea8c52
-
SSDEEP
3072:AkZYZSOPhRUILVv5uIiRVB/G+Z7uK1u/if+tpMFJztPij4UAR:7YZSOZSIyIqBBZNU/ifqqRj5R
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bebbb8a2fb3300b980e4adc48fd8ea13_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bebbb8a2fb3300b980e4adc48fd8ea13_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 6523⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4440 -ip 44401⤵