Analysis
-
max time kernel
94s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2024 04:32
Behavioral task
behavioral1
Sample
JaffaCakes118_4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6.dll
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6.dll
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6.dll
-
Size
43KB
-
MD5
911289f9c871f9406faeafb5420039cb
-
SHA1
97f3dbcadc1f50bd676a2672b5a4b1f324e1f00f
-
SHA256
4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6
-
SHA512
959c22dfd13319004f336f89fd16d5ae1c851eea5ccbde2f62f4bd2084925db361f44370e7d3b3753cd97dd7d48013989158905145347493c5a210821949579a
-
SSDEEP
768:5sLkvkJb1J1up9RNdOuZtxE5WkXQDrT+mgazC434i3z93teyS7sOMImb:uLksJbLQ/aWkXQDrTfBzC434Sz9PS7sV
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 552 wrote to memory of 4208 552 rundll32.exe 83 PID 552 wrote to memory of 4208 552 rundll32.exe 83 PID 552 wrote to memory of 4208 552 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:552 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a36881ed346ab1d00077ba4c2cc4f8ca3b6b7c3c8d070403bfc414b2c422bf6.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4208
-