0b0128fc69fba75b8d22780773a1bb9f172966ceb68bb88df6ae4fd44f06a868

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf237ba662e2c68f0f67d13d2a583501_JaffaCakes118.dll
Size

102KB
MD5

cf237ba662e2c68f0f67d13d2a583501
SHA1

086cd06b62e17d70a4116db17e83f515c671ad13
SHA256

0b0128fc69fba75b8d22780773a1bb9f172966ceb68bb88df6ae4fd44f06a868
SHA512

70d2db5ee1a532a699f11271b05ff376681193d0df6382984218b25bba05a55075371f27282e2737eb449cb4a8228f48c83b1f8a5300b075f782453de6cdb352
SSDEEP

3072:TdEMsPvtAbmdS5wIyy9T8r9s2tucVkZspm:qMAvtA7YyZ+i2tucaZl

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2916	2824	rundll32.exe	30
PID 2824 wrote to memory of 2916	2824	rundll32.exe	30
PID 2824 wrote to memory of 2916	2824	rundll32.exe	30
PID 2824 wrote to memory of 2916	2824	rundll32.exe	30
PID 2824 wrote to memory of 2916	2824	rundll32.exe	30
PID 2824 wrote to memory of 2916	2824	rundll32.exe	30
PID 2824 wrote to memory of 2916	2824	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf237ba662e2c68f0f67d13d2a583501_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf237ba662e2c68f0f67d13d2a583501_JaffaCakes118.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads