1ecd5f030a0c9301b215a9d46f3e00a9bf22553f6297404f0f4d402166f15fd6

Analysis

max time kernel
93s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 14:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b1012fc5d96bbc5b53ab78d462103b1_JaffaCakes118.dll
Size

40KB
MD5

0b1012fc5d96bbc5b53ab78d462103b1
SHA1

08a1227e5bfef7b2dbb62b602bdfd56ab0657266
SHA256

1ecd5f030a0c9301b215a9d46f3e00a9bf22553f6297404f0f4d402166f15fd6
SHA512

1cbb5347deae8d795e44bb87024db74dbeadd431ba7ec9a495db94b3ffbe956a6b9924fa0a6b492cf066e8c90c425f7e0ce4018f61a97e10d419ee1da0c508f7
SSDEEP

768:Bs/9ZSRTR1rehgw9Gdq/hyS/5PKUk3w1ONxYklc:iQFGh18qz4x7Yk6

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3740	rundll32.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 3740	4664	rundll32.exe	82
PID 4664 wrote to memory of 3740	4664	rundll32.exe	82
PID 4664 wrote to memory of 3740	4664	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b1012fc5d96bbc5b53ab78d462103b1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b1012fc5d96bbc5b53ab78d462103b1_JaffaCakes118.dll,#1
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mta13187.dll

Filesize
1.6MB

MD5
e0e12856ca90be7f5ab8dfc0f0313078

SHA1
cc5accf48b8e6c2fd39d1f800229cdbb54305518

SHA256
81ec3e3c98e5f0af0dca21b9f08f2be445b46df2ca2354eaf3523bddcb125619

SHA512
162c56367dca2291117f2391951970273969518b0db2bbc5d51c458173a8028c88d9dfd93aef01ed05b369f953e2953cc6be252daeb17556dbc33e5383900fa6

Download Submit