Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2024 02:07

General

  • Target

    03fde21cb8b5bff09027ac98523622cb_JaffaCakes118.dll

  • Size

    649KB

  • MD5

    03fde21cb8b5bff09027ac98523622cb

  • SHA1

    b853ee121304da131f8a487cdedf5663424b5991

  • SHA256

    713efe1c9fbed9b197c0376b5933d4e2874786c74abaf35a50325b60e05f2f48

  • SHA512

    ed13dd051bf972f7ae1e8b90ac5fd62319c24a3bafb5b9334f2a4bea2dba3d93301904ce80e80dda24acdbc4c2b83651315461f96d74fcd5610e5639e8df7e28

  • SSDEEP

    12288:Q8TzPGFLjWdE4hrndQ2StZIzZkBhoQt7jv1RaT2RO6X9:DTy5oEcndQ2S/IzGkIv1wTuO6X9

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\03fde21cb8b5bff09027ac98523622cb_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\03fde21cb8b5bff09027ac98523622cb_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads