Analysis
-
max time kernel
94s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
25-01-2025 06:48
General
-
Target
JaffaCakes118_2924e5b67b8a03b5ee9beddfe7f30b3e.dll
-
Size
2.5MB
-
MD5
2924e5b67b8a03b5ee9beddfe7f30b3e
-
SHA1
9830b88322fc8f0c60cc8ed5d5b7d131ee3318b6
-
SHA256
16d626e7c865d793eb4d96695201e853e25a7e9aa6ec18bec21c91e61b7877da
-
SHA512
3d658c461be14b364f28d5a1cc2643b889becb9eabaf9cc676c31d951aa58076608379a9fc37b78fbe3ff286caeb85d86906df6daf48b86fda1ec7258eaef64f
-
SSDEEP
49152:P3pp9ziy5bRCrEaoWzw7ai91wgvTBBsCkh9Sp3BVcmUG8lFN6ijGUKYsVMLz6ons:P3pv+y5dIVs7aWPvTBBKh9UBVc/ln16T
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2924e5b67b8a03b5ee9beddfe7f30b3e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2924e5b67b8a03b5ee9beddfe7f30b3e.dll,#12⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 2644⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 6363⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1712 -ip 17121⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2780 -ip 27801⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
221KB
MD5e70ecf2fa14973e7c61384fd7dc5c4e9
SHA1b284f9366cee9e961d9ee3be9148a87a5d2ed7f1
SHA256fd0f984f320a0422206c370fbc00c2e931bb9236d2ae36c4f9a968fc9241571a
SHA512563f7501121a16cd24a67443a919afdf4d011e930fea2719418919b9b1b1e30620d63d83954f8427899628a7023521a69cbae20597258f7654647c987c0a9aef
-
Filesize
4KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
2.6MB
-
Filesize
2.6MB