Analysis
-
max time kernel
95s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20-01-2025 09:06
General
-
Target
JaffaCakes118_e281e0fcf0ce25bd4a0cd53289091852.dll
-
Size
60KB
-
MD5
e281e0fcf0ce25bd4a0cd53289091852
-
SHA1
0e0a169b2361c202bd95a3158a559bc87fe876b3
-
SHA256
2469438a6b3325be299a99a3a4ac3965d549fa66d4a6d17b0c63c8d29b5e9627
-
SHA512
69c353d7d2a09adb085b75ce346989d25ffa5c0be69d34bd8907fdef8ba4593369e72e67a80880003d919e6715952f6309a29a196efb860b6f95b044a13e06c9
-
SSDEEP
768:z3OHS8KOzlYcg/3gibiFLO3trhpoHplSb/EydW3u4M10bgbIVCOo2v7u6jvOd2:yHZpYT/3Iy3hhEyd8u/1UgEUiu6jvZ
Score
5/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e281e0fcf0ce25bd4a0cd53289091852.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e281e0fcf0ce25bd4a0cd53289091852.dll,#12⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB