Overview

overview

3

Static

static

3

cffdb609c7...18.dll

windows7-x64

3

cffdb609c7...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    95s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-09-2024 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cffdb609c73c66853c4e26bc15551fc2_JaffaCakes118.dll

  • Size

    2.5MB

  • MD5

    cffdb609c73c66853c4e26bc15551fc2

  • SHA1

    b535ac791215cfdaaf52c739277c3c7ab82fed4d

  • SHA256

    8790eebea941ad4fb7aa2d5b3e6616423a91e8e06b7d5930a22e44e0f23d7b69

  • SHA512

    374ecb0d789db5bf6d8030e84a7bca574059e396c551afbe426b41f9e1590076baa6322a221c86d54d859e58756b4b38e865810469d99b43fce4cbf1c2beecb0

  • SSDEEP

    49152:Tm/FPdGuHCGeQCAqXoZWHHAz+Sx+WysjwCgOJ/j/nA8smT47+7FiB+cfY:TmFfCVQ42+SMWNxJ7/nATC4K7XB

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cffdb609c73c66853c4e26bc15551fc2_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1604
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cffdb609c73c66853c4e26bc15551fc2_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2948-0-0x0000000020000000-0x0000000020008000-memory.dmp

    Filesize

    32KB

    Download