Overview

overview

5

Static

static

3

c832cd716c...18.dll

windows7-x64

5

c832cd716c...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    131s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2024, 04:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c832cd716cbe2b9ebb7c6ed4dd038eba_JaffaCakes118.dll

  • Size

    10KB

  • MD5

    c832cd716cbe2b9ebb7c6ed4dd038eba

  • SHA1

    b54f46a7c2358f6ae9f92bf0f1a667db254561ae

  • SHA256

    af89572a9f4b400ec42ba150cc27f30891af67443e0fcd21a8cea2e70b3c53fe

  • SHA512

    0fd1ffcafe4b3cfba7cb808d0f6e60025aeecd98532b6ecb09a9d6f6810bb08c6e52be6e9a0e3967955f13b9c33957332c72325127d19ff0ff591c0835c81c68

  • SSDEEP

    192:svrBt6Orpi5itGXmYoFbLfDz8n/jMcPkslsisl:MrdGXmYoFbLfDk/g6ks6i

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Program crash 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c832cd716cbe2b9ebb7c6ed4dd038eba_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:632
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c832cd716cbe2b9ebb7c6ed4dd038eba_JaffaCakes118.dll,#1
      2⤵
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      PID:1864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 564
        3⤵
        • Program crash
        PID:4960
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 640
        3⤵
        • Program crash
        PID:2060
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 640
        3⤵
        • Program crash
        PID:2600
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1864 -ip 1864
    1⤵
      PID:3684
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1864 -ip 1864
      1⤵
        PID:972
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1864 -ip 1864
        1⤵
          PID:2556

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/1864-0-0x0000000010000000-0x0000000010011000-memory.dmp

                Filesize

                68KB

                Download

              • memory/1864-1-0x0000000000530000-0x0000000000544000-memory.dmp

                Filesize

                80KB

                Download

              • memory/1864-9-0x0000000075500000-0x0000000075784000-memory.dmp

                Filesize

                2.5MB

                Download

              • memory/1864-8-0x0000000075500000-0x0000000075784000-memory.dmp

                Filesize

                2.5MB

                Download

              • memory/1864-10-0x0000000075500000-0x0000000075784000-memory.dmp

                Filesize

                2.5MB

                Download

              • memory/1864-12-0x0000000076E10000-0x0000000076FB0000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1864-7-0x0000000075790000-0x000000007582F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/1864-13-0x0000000075930000-0x0000000075EE3000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/1864-15-0x0000000076FD0000-0x000000007708F000-memory.dmp

                Filesize

                764KB

                Download

              • memory/1864-14-0x00000000776D0000-0x0000000077951000-memory.dmp

                Filesize

                2.5MB

                Download

              • memory/1864-20-0x0000000077370000-0x00000000773F7000-memory.dmp

                Filesize

                540KB

                Download

              • memory/1864-19-0x00000000776A0000-0x00000000776C5000-memory.dmp

                Filesize

                148KB

                Download

              • memory/1864-18-0x00000000776A0000-0x00000000776C5000-memory.dmp

                Filesize

                148KB

                Download

              • memory/1864-17-0x00000000776A0000-0x00000000776C5000-memory.dmp

                Filesize

                148KB

                Download

              • memory/1864-16-0x00000000764A0000-0x00000000768DC000-memory.dmp

                Filesize

                4.2MB

                Download

              • memory/1864-11-0x0000000075500000-0x0000000075784000-memory.dmp

                Filesize

                2.5MB

                Download

              • memory/1864-6-0x0000000075790000-0x000000007582F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/1864-5-0x0000000075F50000-0x0000000076165000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/1864-4-0x0000000075F50000-0x0000000076165000-memory.dmp

                Filesize

                2.1MB

                Download