Overview

overview

3

Static

static

1

fce5cea499...18.dll

windows7-x64

3

fce5cea499...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2024, 18:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fce5cea4992efb502872b96817bd47d9_JaffaCakes118.dll

  • Size

    44KB

  • MD5

    fce5cea4992efb502872b96817bd47d9

  • SHA1

    f45a46f71f17de32c46f2cc4e88592c8b7c4e445

  • SHA256

    18c0a2a2856a3c328fc5dd72a34dcc1823772e856b8b343012fda9e529230237

  • SHA512

    335a650e5747928f77dbc19575ed61cf8d957d8fe5d262c8d9200cf9637378ae036c66fd07cb03d96da4f96d1d09598078c309d8c23f9ef965b74637d889a71f

  • SSDEEP

    768:ZftPNRpChZDdSi232fDoXg0qZC3I9PlhNl+0Z2wWP9ZoE:xWi4b+gF6I9Plrl5ulZr

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fce5cea4992efb502872b96817bd47d9_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5052
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fce5cea4992efb502872b96817bd47d9_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3624

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads