Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/10/2024, 16:54
Static task
static1
Behavioral task
behavioral1
Sample
3b1990d3a18fce1cbff2e1879cfe7e3a_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3b1990d3a18fce1cbff2e1879cfe7e3a_JaffaCakes118.dll
Resource
win10v2004-20241007-en
General
-
Target
3b1990d3a18fce1cbff2e1879cfe7e3a_JaffaCakes118.dll
-
Size
18KB
-
MD5
3b1990d3a18fce1cbff2e1879cfe7e3a
-
SHA1
614ff064f1c3967b3f42706e31160a95c91267a5
-
SHA256
e38814a8acb8dc6fc6d572e60d8a4d3c1321e03c1e90ff5c27737e4b7f884523
-
SHA512
5e3cdaeabd2c78e47cece93bbf717d50973ae7897191d11a1147b0aef34fd68098798f677f5e0dbdbe5e8b0e9b796f8fe207e48061297a01e955943853cec990
-
SSDEEP
384:vRdCyfMqlW2mQmjNyTo63Eo78HHP5AzTO:XCyUqlvmQAIb37Im
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2312 wrote to memory of 2432 2312 rundll32.exe 30 PID 2312 wrote to memory of 2432 2312 rundll32.exe 30 PID 2312 wrote to memory of 2432 2312 rundll32.exe 30 PID 2312 wrote to memory of 2432 2312 rundll32.exe 30 PID 2312 wrote to memory of 2432 2312 rundll32.exe 30 PID 2312 wrote to memory of 2432 2312 rundll32.exe 30 PID 2312 wrote to memory of 2432 2312 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b1990d3a18fce1cbff2e1879cfe7e3a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b1990d3a18fce1cbff2e1879cfe7e3a_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2432
-