Analysis
-
max time kernel
125s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-12-2024 01:53
General
-
Target
fdf8837f40feeb71fae7a1b77f5fa79f_JaffaCakes118.dll
-
Size
246KB
-
MD5
fdf8837f40feeb71fae7a1b77f5fa79f
-
SHA1
0d01d20e5d38ee49edeaf9f3447c753564ec1451
-
SHA256
e2f6c2cb5e16f2d5b8482e004a026be9bf375ce2fb91f4816c4ed104e666d013
-
SHA512
29984a9626b458948f7549b574c8769209d18b6e82b9eaeea275455a754c4a3f1868bc66d2fd8ce85153b6db7d40ea6597d7c7b9946cf18738b675e52b78657f
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0h:jDgtfRQUHPw06MoV2nwTBlhm8J
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Yunsip family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fdf8837f40feeb71fae7a1b77f5fa79f_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fdf8837f40feeb71fae7a1b77f5fa79f_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
-