Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03/10/2024, 23:14
Static task
static1
Behavioral task
behavioral1
Sample
10ddc57c3245ce884345724e1c3e0ddb_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
10ddc57c3245ce884345724e1c3e0ddb_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
10ddc57c3245ce884345724e1c3e0ddb_JaffaCakes118.dll
-
Size
149KB
-
MD5
10ddc57c3245ce884345724e1c3e0ddb
-
SHA1
54591f19387923757e52fadc3a42deac82329f49
-
SHA256
ef7898f4bf147c58b5ae768e7c367dd3806ef6bad4c71883c77a89a21486d961
-
SHA512
4dcf5225e5736f286501caa41ad86d911f8f188e71d59f2b615f1241daae51c8081091b6bab30db9c749dd87a27f076e5fbfd38e07783d60ae3f725266aa32e4
-
SSDEEP
3072:9culWqooG54++VAy2eTBf8pWtrfF6Oa4NH:BooG5eVWeTBkpwUOa4N
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1404 wrote to memory of 848 1404 rundll32.exe 31 PID 1404 wrote to memory of 848 1404 rundll32.exe 31 PID 1404 wrote to memory of 848 1404 rundll32.exe 31 PID 1404 wrote to memory of 848 1404 rundll32.exe 31 PID 1404 wrote to memory of 848 1404 rundll32.exe 31 PID 1404 wrote to memory of 848 1404 rundll32.exe 31 PID 1404 wrote to memory of 848 1404 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\10ddc57c3245ce884345724e1c3e0ddb_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1404 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\10ddc57c3245ce884345724e1c3e0ddb_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:848
-