Analysis
-
max time kernel
127s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2024 22:01
Static task
static1
Behavioral task
behavioral1
Sample
90e6856c7ebc92ffe04f96c82f3d5e46_JaffaCakes118.dll
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
90e6856c7ebc92ffe04f96c82f3d5e46_JaffaCakes118.dll
Resource
win10v2004-20241007-en
General
-
Target
90e6856c7ebc92ffe04f96c82f3d5e46_JaffaCakes118.dll
-
Size
384KB
-
MD5
90e6856c7ebc92ffe04f96c82f3d5e46
-
SHA1
fb2d9d951dec500c61a21fc134038478a9c58030
-
SHA256
6a3769b25b77ad2d587ce5c7a2fdd689b200b83b1121e42daa5eafd89453d361
-
SHA512
4e04da4611fccbbe810ada5221e0699f24487817d7a44b4eed92e12fe0a4cec8edc43e54467eb2a6097fea402f15db91ca4694e906f9f92a523e2fdb6f84fc09
-
SSDEEP
6144:7YoYyqA8M7NFN9vB76uo0ar7G7FwgNJb/Icl5LmBvxT6DkxyAEUy7DTkkz8FAcce:R4Ad3NtB76uoSZbNek5LmBZTVy7DTWFi
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 4468 rundll32.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4468 rundll32.exe 4468 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1276 wrote to memory of 4468 1276 rundll32.exe 83 PID 1276 wrote to memory of 4468 1276 rundll32.exe 83 PID 1276 wrote to memory of 4468 1276 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\90e6856c7ebc92ffe04f96c82f3d5e46_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\90e6856c7ebc92ffe04f96c82f3d5e46_JaffaCakes118.dll,#12⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4468
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD5174d921f1387b534ee96dc294b79fb3f
SHA17dad0fd02fa624373fc411c541d9391275c6dba3
SHA256dc7f1117328a8d68d3904daad34bcbb9675177ba1a507f0da13436874f881324
SHA51235724d8a4c458854d1cd7ca773abaea2b548aea2cb8b345e1b2eae86fc178b2c17c52e0f4f173fa2419b31337a2e6f090195f23d9587c5dfd1851c7c556d0b4d