Analysis
-
max time kernel
93s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20-01-2025 09:08
General
-
Target
JaffaCakes118_e289bc1be2c5ba9d1016cb223d2d25bf.dll
-
Size
53KB
-
MD5
e289bc1be2c5ba9d1016cb223d2d25bf
-
SHA1
3db6dbec155a04a9c1acd805103271fcdd659a6a
-
SHA256
21be5c5205f9dac60ea377e1acf9620b99fa08087e9c03317a21a200838a7b13
-
SHA512
1ee9c45b469483732f935c4a99856a98d61abf936d8f4a7bf6d2b36194b583fbb346709b06cf89975dc0255459a75f5c44320212a28810571d33a85cb2f84b74
-
SSDEEP
768:GbvLDaaMact8TRtefoZxJ9UDyHB/UySvFcS9MFecTDIEHif+3u+i68JatlWYjUL5:ev7JIWYVK7TDIEHiX68JaeUMDiU
Score
5/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e289bc1be2c5ba9d1016cb223d2d25bf.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e289bc1be2c5ba9d1016cb223d2d25bf.dll,#12⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB