Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16-12-2024 04:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f74bd8aec3f00c549c97c61e57e0a5dd_JaffaCakes118.dll
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
General
-
Target
f74bd8aec3f00c549c97c61e57e0a5dd_JaffaCakes118.dll
-
Size
192KB
-
MD5
f74bd8aec3f00c549c97c61e57e0a5dd
-
SHA1
20a587e202ef94ca5bbad5a5b9227a70b0f85b70
-
SHA256
fc6f41e774a9f8c8333fe856208c94921e503050d2940e1ce5accbb44ad8b80a
-
SHA512
ff7e54758a993825ede42f1a001129c088b49f44bfd4f8362ff3717794288c079b0c4713af92a0cb0a8c56a7d006a1714d6d6acd99e51c879ad4cf321f0a0448
-
SSDEEP
3072:Fh9zru102aidEwKsBIjucV6X6Gk50Ro6hNvJmkXUfpVq18aqe:vFL2aimsjO0y6hFibq18Re
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2372 wrote to memory of 3016 2372 rundll32.exe 31 PID 2372 wrote to memory of 3016 2372 rundll32.exe 31 PID 2372 wrote to memory of 3016 2372 rundll32.exe 31 PID 2372 wrote to memory of 3016 2372 rundll32.exe 31 PID 2372 wrote to memory of 3016 2372 rundll32.exe 31 PID 2372 wrote to memory of 3016 2372 rundll32.exe 31 PID 2372 wrote to memory of 3016 2372 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f74bd8aec3f00c549c97c61e57e0a5dd_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f74bd8aec3f00c549c97c61e57e0a5dd_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3016
-