76c8c64baec7cec564996e5fb9001b782cebf50b2e9c379a8c6c91c16a8fa73c

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b15a951b400a75760842e4b6fe3b9f5_JaffaCakes118.dll
Size

244KB
MD5

0b15a951b400a75760842e4b6fe3b9f5
SHA1

b668346d737f1515af83191dc16da30804cc2b03
SHA256

76c8c64baec7cec564996e5fb9001b782cebf50b2e9c379a8c6c91c16a8fa73c
SHA512

00180651f842b9870339d443e791e9d3895a15dad5917a6b56a0ce583e868c4f95128ae8a7a3af4f1abcf5422c521b90cb7e2d2a9e6aa454bdc19c9bbf2e3337
SSDEEP

3072:6cmou8jc101p3k7kvK6O4RqDZd4ESB0zTP4rCz64YxcAz78W/SGEc:6cmaP9k73DZx8UQWz64wcS78W/wc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2684	2668	rundll32.exe	31
PID 2668 wrote to memory of 2684	2668	rundll32.exe	31
PID 2668 wrote to memory of 2684	2668	rundll32.exe	31
PID 2668 wrote to memory of 2684	2668	rundll32.exe	31
PID 2668 wrote to memory of 2684	2668	rundll32.exe	31
PID 2668 wrote to memory of 2684	2668	rundll32.exe	31
PID 2668 wrote to memory of 2684	2668	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b15a951b400a75760842e4b6fe3b9f5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b15a951b400a75760842e4b6fe3b9f5_JaffaCakes118.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads