Analysis
-
max time kernel
94s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-10-2024 03:55
General
-
Target
08c13bac542f5fb0099a530f26b749ae_JaffaCakes118.dll
-
Size
336KB
-
MD5
08c13bac542f5fb0099a530f26b749ae
-
SHA1
898ed4e10f7eab3a1d2493d7df49b3a370c9a60c
-
SHA256
d9d8d7a716947c50d700b3f7b4ade02ded317ed2096775ea6338503e6eeda5d1
-
SHA512
a1a90bb5878d47acdfc9d55e326ac1bf9edcfe7d6a67823f8b10c6a108d28cc92ff887ed823f8c0ca59dcdfce5580239450339002359ed542bbc885759df347d
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0m:jDgtfRQUHPw06MoV2nwTBlhm8u
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\08c13bac542f5fb0099a530f26b749ae_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\08c13bac542f5fb0099a530f26b749ae_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-