6a0ced822e873b44565294b004e4b6fb94728f2381796a6385d814d26fd98209

Analysis

max time kernel
136s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

530841137fcfec6ed71e261214a44a0e_JaffaCakes118.dll
Size

30KB
MD5

530841137fcfec6ed71e261214a44a0e
SHA1

a5f83ed27a87a6a34f89274addbc7aee5a7a6c9f
SHA256

6a0ced822e873b44565294b004e4b6fb94728f2381796a6385d814d26fd98209
SHA512

a0d45179230942ca05a548e0aaf1842a634c2b024f964f83a693d08e4e8124947a3c9fd8bcba8a09826bc584c294804920b327417b7748d6e0470b84d29e9084
SSDEEP

384:XGOGYcw30Km0baDN91H+KBAJKSSP+2OKvS5F0uDiq6miacBAFYiiRjZFCOMR:Rh9m7YSS0+OU0uwmQAKiky9

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3512-0-0x0000000000400000-0x0000000000418000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 3512	1448	rundll32.exe	84
PID 1448 wrote to memory of 3512	1448	rundll32.exe	84
PID 1448 wrote to memory of 3512	1448	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\530841137fcfec6ed71e261214a44a0e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\530841137fcfec6ed71e261214a44a0e_JaffaCakes118.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3512-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download