Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21/09/2024, 22:23
General
-
Target
f0ba7ce74b762d6e3027e5b5f433a29c_JaffaCakes118.dll
-
Size
252KB
-
MD5
f0ba7ce74b762d6e3027e5b5f433a29c
-
SHA1
58d64c03a11d66a0a7bb4b3b629551dd0a772af2
-
SHA256
275ff1a58cc55f0aeae3d35c88bfb575c5a8549416b41a3395bf6e1978dc1b30
-
SHA512
a8f16e408f0580763f5efb99eb8239441c03dafca1a2e5305cfb5c62ea9f925013945006873ce6167291a247006dfb53b5d4cd24569c93178925b31deed1c226
-
SSDEEP
6144:jjq18KK/bJ4TGPlsI7T3FV1DhlkjVK5OBI1AV2jnrgnU8YrmWTvj0Cz3d73/SnPT:q18JpNsI7T3FV1DhlkjVK5OBI1AV2jnd
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 5 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f0ba7ce74b762d6e3027e5b5f433a29c_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f0ba7ce74b762d6e3027e5b5f433a29c_JaffaCakes118.dll,#12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- System Location Discovery: System Language Discovery
- Modifies registry class
-