Analysis
-
max time kernel
31s -
max time network
40s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/10/2024, 07:12
Static task
static1
Behavioral task
behavioral1
Sample
16ac47370c954675d0cf5767b2897345_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
16ac47370c954675d0cf5767b2897345_JaffaCakes118.dll
Resource
win10v2004-20240802-en
Errors
General
-
Target
16ac47370c954675d0cf5767b2897345_JaffaCakes118.dll
-
Size
51KB
-
MD5
16ac47370c954675d0cf5767b2897345
-
SHA1
baf60abbfe1c2e334a791a210007e999bc4e1ecc
-
SHA256
82c3630d9391dbae26ed79adcef076a7d0d08f1bd19ef95eeec5e655a7b0afc3
-
SHA512
5b4c441bf34a4bb8a0cf225d24263800a62b0b0dfb13476fef07fd202ed160d19e6142babc35d2378ec90ba83e74e8e7ffa8515174a8a07c4e51bd131ed3414e
-
SSDEEP
1536:R3qepjm6NV5v5xxQyMGnAr6czHyXkLBmP6:xqoS/yMGAtzH59Z
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4376 wrote to memory of 4200 4376 rundll32.exe 82 PID 4376 wrote to memory of 4200 4376 rundll32.exe 82 PID 4376 wrote to memory of 4200 4376 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16ac47370c954675d0cf5767b2897345_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4376 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16ac47370c954675d0cf5767b2897345_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4200
-