Overview

overview

7

Static

static

7

d5d1accbdd...18.dll

windows7-x64

7

d5d1accbdd...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 06:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d5d1accbddd91839e7a1f50dcd3fff5d_JaffaCakes118.dll

  • Size

    102KB

  • MD5

    d5d1accbddd91839e7a1f50dcd3fff5d

  • SHA1

    64e773add01feccbd8bdaf4f0be36c6aa3e717c0

  • SHA256

    1aa003456609523eec7c662db767b5c088b30bbdc93c96fb9fb4ecd14f19080f

  • SHA512

    04256b06323b63ff44b7e478f48d9dc42f97fdaf4db7ce26834fc176c57581634e219ad4c838f65f3cc2e5fb02376a44d9fc12ddd38b15edbb2ce12a3ee655e4

  • SSDEEP

    1536:9iJJJXbJlTYTnkU3fQyCcdzRpI6e5tAAJQ10q+62xyG74C4mPxzMuwkN:cJvpYTnkU3IFr6ezbvq/2MGUC4I1IK

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5d1accbddd91839e7a1f50dcd3fff5d_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5d1accbddd91839e7a1f50dcd3fff5d_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1440

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1440-0-0x0000000010000000-0x000000001000E000-memory.dmp

          Filesize

          56KB

          Download