Analysis
-
max time kernel
94s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
03-01-2025 03:26
General
-
Target
JaffaCakes118_69f22bd9958d721f61f60a1ebef6fb60.dll
-
Size
329KB
-
MD5
69f22bd9958d721f61f60a1ebef6fb60
-
SHA1
34a8d8b57c8f3e6799ed37d817263c58b65ca3f9
-
SHA256
e5913938a3d2eca68bbb52a2e997d35a8e6ae58325ad68e4be79b93e639f39de
-
SHA512
9f6fcdefc76bd15b59f3be8eb028d54b11f1ead17589da9cb59474970169154aab1c72f011a3fe2e9932885e524fdd664ea2c19664732094de391d986b410983
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0s:jDgtfRQUHPw06MoV2nwTBlhm8k
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Yunsip family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_69f22bd9958d721f61f60a1ebef6fb60.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_69f22bd9958d721f61f60a1ebef6fb60.dll,#12⤵
- System Location Discovery: System Language Discovery
-