Overview

overview

7

Static

static

3

fc857bb077...18.dll

windows7-x64

7

fc857bb077...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 14:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fc857bb077bf663898f15e0fab8b5db5_JaffaCakes118.dll

  • Size

    11KB

  • MD5

    fc857bb077bf663898f15e0fab8b5db5

  • SHA1

    f6908596a9596e84cb66a7e6077948c2be04806d

  • SHA256

    9bb1ae355e58b2d79543fa03167afebe1fe0e275582d96c7ce3547ce31570b9a

  • SHA512

    bf9f20e8308f364388c3f440409ff0098544dd86e07e9801dd27c01b392bc0c7678b37ecfcd1aded787978d31359a30ff7c7a9ff70baaed0e8c19a108aa76249

  • SSDEEP

    192:GglCNy5/L8rBe6oi/J/kgLeYADlaoyqVuF6xR:AEJ8rc6oCJ/kgKxDllVuF

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops autorun.inf file 1 TTPs 24 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc857bb077bf663898f15e0fab8b5db5_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc857bb077bf663898f15e0fab8b5db5_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops autorun.inf file
      • System Location Discovery: System Language Discovery
      PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\259421581.tmp
    Filesize

    1.7MB

    MD5

    b5eb5bd3066959611e1f7a80fd6cc172

    SHA1

    6fb1532059212c840737b3f923a9c0b152c0887a

    SHA256

    1ffb68a66f28f604adcae9c135f8dcf301316ab7fda8ebd294583c56dd26f7cc

    SHA512

    6c0743e0ff4922e859ba66b68040ab994dbae33e80c63ce8c993ad31a0c7aad6c6467484da1550063214953cd641dbf597438dd0c02f24164505d88ca80ea1b6

    Download Submit