Overview

overview

3

Static

static

3

45aa10f5a8...18.dll

windows7-x64

3

45aa10f5a8...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2024, 03:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    45aa10f5a897e665f0f23d4c8c6b0e3d_JaffaCakes118.dll

  • Size

    3KB

  • MD5

    45aa10f5a897e665f0f23d4c8c6b0e3d

  • SHA1

    9e1cc6c6f22fc4bfd350f845dbd3771085fa7baa

  • SHA256

    9f46bfb053df9837b9f87f2d90c2906550248a493b2740c1f84386fda638bdbe

  • SHA512

    a8458573f8f2ff07cdea09114e47f84f603591e4300f10c84f5ef6b41c4776bb8e461ffe18a63bdff6ffe0f8be0a48a084b5ce1e55f434fe6d14126c877a220d

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\45aa10f5a897e665f0f23d4c8c6b0e3d_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5116
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\45aa10f5a897e665f0f23d4c8c6b0e3d_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3556

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads