Overview

overview

3

Static

static

3

cfa3976df9...18.dll

windows7-x64

3

cfa3976df9...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    95s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/09/2024, 13:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfa3976df93642beaaa782b6499076f8_JaffaCakes118.dll

  • Size

    180KB

  • MD5

    cfa3976df93642beaaa782b6499076f8

  • SHA1

    891c27af6c1a797085164825aca84d7ed26dd3e4

  • SHA256

    0998f722fe29220fb272ed31cbce0db86c23d5ee93ae244279b2b50189f404d8

  • SHA512

    5e1b575722863924219f3df2ae9d5599df97515455f388dab81f4df5b0f4826ef4e743f219b02d60d410a6e7c02190a7e0ae0752d166888e4250ac80341c2afc

  • SSDEEP

    3072:Lrq/6DHEPauWchWDdsS6w/EDswYA9aIP1K/1vQGe9GV428CTKK48kePg1PhHD052:a/yEUXdd6w/EDW/1vFe9phCTKK4l9HQN

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfa3976df93642beaaa782b6499076f8_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4268
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfa3976df93642beaaa782b6499076f8_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads