Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/09/2024, 15:20
General
-
Target
f64b64519d9b8bdd4c264d167785a72b_JaffaCakes118.dll
-
Size
22KB
-
MD5
f64b64519d9b8bdd4c264d167785a72b
-
SHA1
5a429a901378d938ba1655bce096928e2f7160e7
-
SHA256
c8030651a3dbe48ba7068ebbb94a99211535c51b48855c6f76b62088119ba260
-
SHA512
0e577921e038be30782432f5a294f73657c8354b42a150302d1d96ff923b6039fc911dcb4a6c408dfd13140221574dc1e09d5344f3e7bed89e0899f73f5aeea4
-
SSDEEP
384:NeH+tWzlSDrb5+gIS3a2Oaa2pbNGJ38pPJv1TCAxAr6+S9Pfu7n5i:ntWurb6SOalwYxv1TlxndeVi
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f64b64519d9b8bdd4c264d167785a72b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f64b64519d9b8bdd4c264d167785a72b_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Wscript.exeWscript.exe c:\windows\ime\vbs\pp.vbs3⤵
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB