Overview

overview

3

Static

static

3

44dd9dad67...18.dll

windows7-x64

3

44dd9dad67...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2024, 00:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    44dd9dad67c2fd472f7fac64195e729c_JaffaCakes118.dll

  • Size

    5KB

  • MD5

    44dd9dad67c2fd472f7fac64195e729c

  • SHA1

    9b72c8bcf227c88edd9606e16c847e93d00060e6

  • SHA256

    62402127ab6fa2e60737244fcfa148c3e151ce5c2062fd6ba5531515b68cb6dd

  • SHA512

    24320c7a0de9adaefe966696108dab0855f957111a2b0e5a1aabd8f66d80868bcb5f9ea9938172259608e9d72d464a7487b606392f8ebe0c34d954d4e291782b

  • SSDEEP

    48:ajf8EUJz+woHlS9dtyUzrkfNoWnZHVBfqIHSaCAe:eXP0xyUzrkfimBe

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\44dd9dad67c2fd472f7fac64195e729c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2712
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\44dd9dad67c2fd472f7fac64195e729c_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:708

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/708-0-0x0000000010000000-0x0000000010006000-memory.dmp

          Filesize

          24KB

          Download