Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
06-09-2024 10:10
General
-
Target
cf4ce60a17e5971ab8e82f171000ee9a_JaffaCakes118.dll
-
Size
22KB
-
MD5
cf4ce60a17e5971ab8e82f171000ee9a
-
SHA1
207a1166c7abdb99c61ab9e62230147157c05035
-
SHA256
18419201d8ccffef16972f42e65cdcec0cb2c53a076cae99de99d36be6cf34e6
-
SHA512
6bde613c0e39775bd215ee687a84afc3a77575b11707743327311fd7ce39861465cab7aa5a8198f63f04a8dca87bc20cbe483e51ab53bda0ac34a3a89164544e
-
SSDEEP
384:NeH+tWzlSDrb5+gIS3a2Oaa2pbNGJ38pPJv1TCAxAr6+S9Pfu7n5X:ntWurb6SOalwYxv1TlxndeVX
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cf4ce60a17e5971ab8e82f171000ee9a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cf4ce60a17e5971ab8e82f171000ee9a_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Wscript.exeWscript.exe c:\windows\ime\vbs\pp.vbs3⤵
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB