Overview

overview

3

Static

static

3

fbfc31d64c...18.dll

windows7-x64

3

fbfc31d64c...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2024, 09:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fbfc31d64c74dcb967f948ea03f4ceb5_JaffaCakes118.dll

  • Size

    152KB

  • MD5

    fbfc31d64c74dcb967f948ea03f4ceb5

  • SHA1

    265aded17bf17627c50d8a6839e10dde50bde1e8

  • SHA256

    c630c39189a1eccb5d0b0a62845daadee78312defbcf849656c159bad14b2ad1

  • SHA512

    1bb6d1e4d01cd70a457ebcc22ab93299603699d067c377f5648c2203be626dbc366ba1d2865a74f79c9a1da7d6828835ebec292b9d9225c67a636fa0702c24b8

  • SSDEEP

    3072:cCM10vzGWxlJCo/g6w1QPUhUapVsJfNsyU39nWshW:I1wnxlB/LUhbpGTsz35Vs

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbfc31d64c74dcb967f948ea03f4ceb5_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4156
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbfc31d64c74dcb967f948ea03f4ceb5_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2260-0-0x000000006D570000-0x000000006D596000-memory.dmp

    Filesize

    152KB

    Download