Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 05:33
Static task
static1
Behavioral task
behavioral1
Sample
d9b53fc976c66da18cbc7a830756fc47_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d9b53fc976c66da18cbc7a830756fc47_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
d9b53fc976c66da18cbc7a830756fc47_JaffaCakes118.dll
-
Size
33KB
-
MD5
d9b53fc976c66da18cbc7a830756fc47
-
SHA1
ff4aaf98d4335fa4444a6e0c54d4915001848185
-
SHA256
9349d29fbccb35187df035943e1507bb384a389a5e6f7d71f0781d10194f0e45
-
SHA512
22ef732b4fbaf523af35677d2c23701f4b03ab3206bc410c1319dbfd45c11117962c33c54b8668d0ca83d9fe73c467455ce61ad0598ff2b62a4338efe29fb777
-
SSDEEP
768:eH1OvRacYdkSY4m3nZck7kNoISYhqDeR9nIz:eH1OvRa04m3ZV7kNoWkqRBw
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4348 wrote to memory of 5116 4348 rundll32.exe 83 PID 4348 wrote to memory of 5116 4348 rundll32.exe 83 PID 4348 wrote to memory of 5116 4348 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9b53fc976c66da18cbc7a830756fc47_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4348 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9b53fc976c66da18cbc7a830756fc47_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:5116
-