Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27/01/2025, 14:57
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_40bee07e2539bb9e9b7c826668ec7f9e.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_40bee07e2539bb9e9b7c826668ec7f9e.dll
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_40bee07e2539bb9e9b7c826668ec7f9e.dll
-
Size
36KB
-
MD5
40bee07e2539bb9e9b7c826668ec7f9e
-
SHA1
467f841d8b6eadcf6144b91797512d8648d37e1f
-
SHA256
109266e970daf27e513c15e11ae640b495824539a2dd2bc384e245818f3c762b
-
SHA512
da2ca09c69c439031f2cadd750a27b26fde9181a933c2063ab82781c18fb231a5630dcd16352efabf8c9f7fe8eb895b636abd4d16665b901d4079e9bf2abe5c2
-
SSDEEP
768:HT1BNCkK5gVGxlaZql9J1oT1cIg7/fO3+a5hCDKR4plx85/t:znNCl5X/J12y5736+4QWR4pzUV
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2820 wrote to memory of 2832 2820 rundll32.exe 30 PID 2820 wrote to memory of 2832 2820 rundll32.exe 30 PID 2820 wrote to memory of 2832 2820 rundll32.exe 30 PID 2820 wrote to memory of 2832 2820 rundll32.exe 30 PID 2820 wrote to memory of 2832 2820 rundll32.exe 30 PID 2820 wrote to memory of 2832 2820 rundll32.exe 30 PID 2820 wrote to memory of 2832 2820 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40bee07e2539bb9e9b7c826668ec7f9e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40bee07e2539bb9e9b7c826668ec7f9e.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2832
-