Overview

overview

3

Static

static

3

dac143bfd3...18.dll

windows7-x64

3

dac143bfd3...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    82s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-09-2024 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dac143bfd328fd7afe87c2fb2fc66668_JaffaCakes118.dll

  • Size

    23KB

  • MD5

    dac143bfd328fd7afe87c2fb2fc66668

  • SHA1

    5e9ff7c7c8f260770bb5e03d636263dbf67ef140

  • SHA256

    bc89cc68327228d2171cb09b433b913bb2303f67589055f26dfb825d8b486107

  • SHA512

    a85b41f624a0236385983cf36e7cf22ae3f61396b46f57929850369b7286c8e450d7e362b187897b3dcd874f610bdd71e95d6e965932e75cc22d39de13da00de

  • SSDEEP

    384:6W4G4WYR8HoW3SQeFscVXpnh5g0RtAfIf3qPYT6Fir/r050gi0t1:6W4G7H43VXrl8Qf3E+6Mr/rLk1

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dac143bfd328fd7afe87c2fb2fc66668_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\dac143bfd328fd7afe87c2fb2fc66668_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads