Analysis
-
max time kernel
94s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
12/09/2024, 07:34
General
-
Target
dc13e7cf6c128a0f98a89f28025f7164_JaffaCakes118.dll
-
Size
168KB
-
MD5
dc13e7cf6c128a0f98a89f28025f7164
-
SHA1
fc562ef5dfc6860590ce05f2c25ac1cfe5708028
-
SHA256
9991986b7be391987dc278e0d52f97d43ad80cae46b2a1aab53c1c9b253a1f03
-
SHA512
e451f3508e44984c3c87eb47ba92acfcfa00fb98f499a741d00de54e4797f6fceb4661c2eac9839d9990c18647fd44b2aeb279d6c25265a725f8756a1ccb3fea
-
SSDEEP
3072:759ExQ3AjaTEcGPDQbDgqKGdV707Y3XUfFYeGw+ZgDGhOQiNX3ZHcqpKqn2jNwmq:759XAB7QQ7y7KiBeGw+GDa76XeqC
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dc13e7cf6c128a0f98a89f28025f7164_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dc13e7cf6c128a0f98a89f28025f7164_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 5563⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4084 -ip 40841⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
156KB