Analysis
-
max time kernel
94s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
11-09-2024 20:39
General
-
Target
db2d3634d80c2bb511544cec623a1eb8_JaffaCakes118.dll
-
Size
211KB
-
MD5
db2d3634d80c2bb511544cec623a1eb8
-
SHA1
86604351580230a3d050deece33fd6be997c63f3
-
SHA256
c79736be1e8982a6533bfde9e622e356ccf74f1a5515f112b2a5ef05bb8adb4a
-
SHA512
3f44039c49f0c67502d2444b1733988fa4c764b3ff8caddd9f0d43042af5e599fce943a352ed58381ab4eb5c7bfd8874a2c1c492a488d9ef3f1a99651b5c2163
-
SSDEEP
192:YrFre1Zpl3Iejbi+Bphzjsz+UgE2z1X85g6GzwUu9jGmrTeH1VqVkgUw9O:Yrw1Tl33igccE2zFSnGzw7tc199
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\db2d3634d80c2bb511544cec623a1eb8_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\db2d3634d80c2bb511544cec623a1eb8_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB