Overview

overview

6

Static

static

3

JaffaCakes...62.dll

windows7-x64

6

JaffaCakes...62.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-01-2025 09:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_e2cff647db4b5d1f2b14736ecbb6a262.dll

  • Size

    48KB

  • MD5

    e2cff647db4b5d1f2b14736ecbb6a262

  • SHA1

    8210c134174ea01be9d1831279c6e8e1f1fdca2d

  • SHA256

    7a3aeefab9f1780a132a3d3e2378ebd338b5f49083cb116a93caa90be7fa0518

  • SHA512

    5b11c7f17344301a24e02d8831a22561ebbd30019a348abff5c8f8db3e0d0e11695d4ccdd485adb4b5fcf7c508fe823a9fd2543a2ca5a07c0b9ce0c153da88cc

  • SSDEEP

    768:tjeBCxOBZhzVocTz4OednT18idiI0ZkM0INq7CfP3VfTcbpAnSVuPEJ:tj7xOBrznz4Oedn58i+Z7XfPlriA5EJ

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2cff647db4b5d1f2b14736ecbb6a262.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2cff647db4b5d1f2b14736ecbb6a262.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3300-0-0x00000000009B0000-0x00000000009B8000-memory.dmp

    Filesize

    32KB

    Download