Analysis
-
max time kernel
124s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13/09/2024, 01:16
General
-
Target
dd642c542981783db4368a75e3c57102_JaffaCakes118.dll
-
Size
80KB
-
MD5
dd642c542981783db4368a75e3c57102
-
SHA1
73b33cd718f4ef85af5776af6ff64173aeb95f19
-
SHA256
58ef09297c4f441669d11b5d2ae83aa51b7644e7e2c6091df86a771d458bb205
-
SHA512
3f3adadcf0ce44c053c26ca7ffedbb55ba45dbb94f3cfb37f524aa128c4ed07a845d0e555ec6ae8468ecfea257632bdb858dac5d096b9705ed7a23b50e879bfe
-
SSDEEP
1536:n1P3M7ctAfbdosRfzSTGLBwk4F2USblWEYNjwI+bH5GVYeIfMy:n107PdnzSYBw12USblktwD5dh
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dd642c542981783db4368a75e3c57102_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dd642c542981783db4368a75e3c57102_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4060,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB