Analysis
-
max time kernel
3s -
max time network
5s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
08/09/2024, 13:50
Errors
General
-
Target
d481be83a6e5afc2d2f1658eed58d153_JaffaCakes118.dll
-
Size
1.1MB
-
MD5
d481be83a6e5afc2d2f1658eed58d153
-
SHA1
c52b562bd7981452a926e51a1ff79553e896164d
-
SHA256
549d561f4658daed0880a8e7580d84cf5b40b5096d10f4fc86c37603c5297209
-
SHA512
21a2169fe51ebe3c3aafb54a2fed262bb25b9e72c12cbf357e9d8170252204222961ec0def91e3f6a4cc6bdc1d02412be7f04e7a3d770f9f5b3a09e9eaea46bf
-
SSDEEP
3072:zH8dK2Bz1UnOawKS9tXNi7ThDQruyhjfI9Yqvnc7BGcFtpSH8dK2:zck2a4di7ThDbuUc7JFuck2
Malware Config
Signatures
-
Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies data under HKEY_USERS 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d481be83a6e5afc2d2f1658eed58d153_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d481be83a6e5afc2d2f1658eed58d153_JaffaCakes118.dll,#12⤵
- Server Software Component: Terminal Services DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39ae855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.7MB
MD5668c30fb9a50d0e4c7b658680187fddb
SHA1e253446b32607861c90736f3cab4d32ef3e6d102
SHA2562db276847d04f92cf21ba8170288a82fe3e31619990c8e7de347c13b3f633d54
SHA5125b3ec7165746b9622d7f95bb4257b0f164d299afed9a21c72dcfc2cc511153fd4c607ce2ed6382ea146d4d3907b1022e40cf35a01ee346ff8e5186f71f5ef15b