Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
12/10/2024, 09:03
General
-
Target
393da8fa34746f0ade9c11804f7d0809_JaffaCakes118.dll
-
Size
29KB
-
MD5
393da8fa34746f0ade9c11804f7d0809
-
SHA1
670242370c72c6a11b7eadfc4d5f8a167916c6b4
-
SHA256
af09269b51f1a02a29e965cfeb68788b648363821d87cc9d724627d0e257dc58
-
SHA512
1233838be9c2184ecfc30a260832baead3242c532b1ccadbdebabd9afe1fe0586a221018dfe40abd6e0065907e3c17f03116ad9eca7ca194fe0aa2e8ff89e486
-
SSDEEP
384:hFJlTn+BNmNpbgic+axlpnMdtfROh/H2AGafONnEb6iwgMRDpM:NlqDoRfaNnMdVm+AjW+CP
Score
8/10
Malware Config
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
-
Blocklisted process makes network request 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\393da8fa34746f0ade9c11804f7d0809_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\393da8fa34746f0ade9c11804f7d0809_JaffaCakes118.dll,#12⤵
- Adds policy Run key to start application
- Blocklisted process makes network request
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-