Analysis
-
max time kernel
92s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19-09-2024 04:51
General
-
Target
ea9eb93f0b3c558811498b7ea44dc7db_JaffaCakes118.dll
-
Size
4KB
-
MD5
ea9eb93f0b3c558811498b7ea44dc7db
-
SHA1
1c6baa1b6e4d8237537560cdc3ff90fb5b4ceb7a
-
SHA256
1a35c3bee9c77f7ccf6972fb4a20a138ae526c3e4bece4af4973b8e664aa6713
-
SHA512
0531fd9afc0fc1aaadf5d1ab196d33429019b9d4965cdb141d802fcec4672934ce6d34fa04ad03f34ea9c3a5ba336bad6a697dd2243c3e16909826a3986bba1c
-
SSDEEP
48:Cyv65WSVlwQFfylfMwlNoXJu0b4Oa8nUWEa+q6+0clnAtUYfzDCB2FSeJY8JTaCH:Dv6/V2QF6uwvGbmxClmXDCBmo9Q
Score
7/10
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ea9eb93f0b3c558811498b7ea44dc7db_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ea9eb93f0b3c558811498b7ea44dc7db_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
-
Filesize
92KB