bd44c2495a596e0389f11d53c3a9a58bff6b310ca5f7fe2aa13e9cea3ac9dec8

Analysis

max time kernel
99s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4227b7060a83b67f00d80477acf5f13c_JaffaCakes118.dll
Size

58KB
MD5

4227b7060a83b67f00d80477acf5f13c
SHA1

30abeee9e31d9f769d9be01de0be94f4ca13acb8
SHA256

bd44c2495a596e0389f11d53c3a9a58bff6b310ca5f7fe2aa13e9cea3ac9dec8
SHA512

c7e0275f4449a4a1c5d376a601f47a94059d4aad53d9851ea7451fd261d5eec8844a5aa02120e4284327dba9d3d4b8f4520ab79af07e197f870e54d17c93688f
SSDEEP

1536:YsgeKdN5ahFDNvBiiEcqdLJ4PNHQQRgR/rBP:Xgem54bciEzKPNc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1460	1736	rundll32.exe	83
PID 1736 wrote to memory of 1460	1736	rundll32.exe	83
PID 1736 wrote to memory of 1460	1736	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4227b7060a83b67f00d80477acf5f13c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4227b7060a83b67f00d80477acf5f13c_JaffaCakes118.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1460-0-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/1460-1-0x0000000000890000-0x0000000000899000-memory.dmp

Filesize
36KB

Download
memory/1460-5-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download