Analysis
-
max time kernel
13s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01-10-2024 02:07
Static task
static1
Behavioral task
behavioral1
Sample
03fde21cb8b5bff09027ac98523622cb_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
03fde21cb8b5bff09027ac98523622cb_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
03fde21cb8b5bff09027ac98523622cb_JaffaCakes118.dll
-
Size
649KB
-
MD5
03fde21cb8b5bff09027ac98523622cb
-
SHA1
b853ee121304da131f8a487cdedf5663424b5991
-
SHA256
713efe1c9fbed9b197c0376b5933d4e2874786c74abaf35a50325b60e05f2f48
-
SHA512
ed13dd051bf972f7ae1e8b90ac5fd62319c24a3bafb5b9334f2a4bea2dba3d93301904ce80e80dda24acdbc4c2b83651315461f96d74fcd5610e5639e8df7e28
-
SSDEEP
12288:Q8TzPGFLjWdE4hrndQ2StZIzZkBhoQt7jv1RaT2RO6X9:DTy5oEcndQ2S/IzGkIv1wTuO6X9
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2256 wrote to memory of 112 2256 rundll32.exe 29 PID 2256 wrote to memory of 112 2256 rundll32.exe 29 PID 2256 wrote to memory of 112 2256 rundll32.exe 29 PID 2256 wrote to memory of 112 2256 rundll32.exe 29 PID 2256 wrote to memory of 112 2256 rundll32.exe 29 PID 2256 wrote to memory of 112 2256 rundll32.exe 29 PID 2256 wrote to memory of 112 2256 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03fde21cb8b5bff09027ac98523622cb_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03fde21cb8b5bff09027ac98523622cb_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:112
-