Analysis
-
max time kernel
92s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27/09/2024, 08:06
Static task
static1
Behavioral task
behavioral1
Sample
fa08746b8e8871a7f13e44dc58503ef9_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fa08746b8e8871a7f13e44dc58503ef9_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
fa08746b8e8871a7f13e44dc58503ef9_JaffaCakes118.dll
-
Size
52KB
-
MD5
fa08746b8e8871a7f13e44dc58503ef9
-
SHA1
c922d47f94fb93735d4a6e39bf68904cd74223fa
-
SHA256
1b7330be21ce5d34baf0fa145f2137f25d51a967599ec30768110de37ab5dcbb
-
SHA512
1cdc2c92454e3d1ba13b724aeaaec7572f3ae84ab6659b777b1e926955a748adaf48ff299482b3aaf6b03154931c8ab10171c6206fa607750ae311e445ac5f3c
-
SSDEEP
1536:wOMZpEUEKkrEEZ6OgdWy03KxsEBy/tsuJq:wOMgUEKWES+OKiEB4q
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3428 wrote to memory of 3244 3428 rundll32.exe 82 PID 3428 wrote to memory of 3244 3428 rundll32.exe 82 PID 3428 wrote to memory of 3244 3428 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fa08746b8e8871a7f13e44dc58503ef9_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3428 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fa08746b8e8871a7f13e44dc58503ef9_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3244
-