1ecd5f030a0c9301b215a9d46f3e00a9bf22553f6297404f0f4d402166f15fd6

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 14:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b1012fc5d96bbc5b53ab78d462103b1_JaffaCakes118.dll
Size

40KB
MD5

0b1012fc5d96bbc5b53ab78d462103b1
SHA1

08a1227e5bfef7b2dbb62b602bdfd56ab0657266
SHA256

1ecd5f030a0c9301b215a9d46f3e00a9bf22553f6297404f0f4d402166f15fd6
SHA512

1cbb5347deae8d795e44bb87024db74dbeadd431ba7ec9a495db94b3ffbe956a6b9924fa0a6b492cf066e8c90c425f7e0ce4018f61a97e10d419ee1da0c508f7
SSDEEP

768:Bs/9ZSRTR1rehgw9Gdq/hyS/5PKUk3w1ONxYklc:iQFGh18qz4x7Yk6

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2888	rundll32.exe
2888	rundll32.exe
2888	rundll32.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2888	2884	rundll32.exe	30
PID 2884 wrote to memory of 2888	2884	rundll32.exe	30
PID 2884 wrote to memory of 2888	2884	rundll32.exe	30
PID 2884 wrote to memory of 2888	2884	rundll32.exe	30
PID 2884 wrote to memory of 2888	2884	rundll32.exe	30
PID 2884 wrote to memory of 2888	2884	rundll32.exe	30
PID 2884 wrote to memory of 2888	2884	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b1012fc5d96bbc5b53ab78d462103b1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b1012fc5d96bbc5b53ab78d462103b1_JaffaCakes118.dll,#1
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mta13187.dll

Filesize
1.1MB

MD5
2ee1e467d73642afddb03019f58c252b

SHA1
ea1f3b03f46db029a955190692cecbc571e1d46c

SHA256
5a7d5dafe22082b3ed035d640578ed7b5005edfe80e5c911774ec77a2caff1b3

SHA512
3482715d7c9adbfe61f7834120d1a8fce47ae5d70add285ddcfe8802a5d4a95ae00ae82079b9b9639c5d4fa5126ecfc61e1b09a141c0fea86926e26fc22f9082

Download Submit
memory/2888-0-0x00000000000E0000-0x00000000000EF000-memory.dmp

Filesize
60KB

Download