Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
10-10-2024 16:07
General
-
Target
30bf70723181f20c813f7e3b0fdf39b0_JaffaCakes118.dll
-
Size
182KB
-
MD5
30bf70723181f20c813f7e3b0fdf39b0
-
SHA1
b7cfc6197050003b0d680769deca2fb21e883ae7
-
SHA256
ddc3ba4db167c16f9fc637a53d94511dc66fee6cdaaca65f01c557f9ae03536b
-
SHA512
2b0d546fc285f5508b0c03361ccef244003ea682c997ff12c637b5fcdb74a2482bf6df138558c223f2e56ccffad49ceccf97877c6eed6d7fc7e7957d681e4c72
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0k:jDgtfRQUHPw06MoV2nwTBlhm8s
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\30bf70723181f20c813f7e3b0fdf39b0_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\30bf70723181f20c813f7e3b0fdf39b0_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-