Analysis
-
max time kernel
92s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
-
submitted
15/09/2024, 09:09
General
-
Target
e225704f191087c9c08178dd4c71ae9f_JaffaCakes118.dll
-
Size
128KB
-
MD5
e225704f191087c9c08178dd4c71ae9f
-
SHA1
a77ff8f4a3d19fcdd41adcf88ca34891d901c0cf
-
SHA256
17fe8e56c93952baeacd5290827c0da9c8d5d8dc2a4c4c1bf6ade7b64787ed9c
-
SHA512
db97bbde78e434ebc7b5001489729a8c6751530d65337dfcb23c594d5a174bfe9a46c68aa08eb9bcb69c422e899ba582c08751d2a13e7760f15d2217d4ac365c
-
SSDEEP
3072:+niCJf9OJYv9rRPP0WF2w8XEivsHuJnoBiRK5zxaJ80:WiCJf9OGv3tFj85Rexa
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e225704f191087c9c08178dd4c71ae9f_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e225704f191087c9c08178dd4c71ae9f_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
-