Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27/01/2025, 20:34
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_4371e0df5cad4758e219aec8c8cc3cc5.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4371e0df5cad4758e219aec8c8cc3cc5.dll
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_4371e0df5cad4758e219aec8c8cc3cc5.dll
-
Size
78KB
-
MD5
4371e0df5cad4758e219aec8c8cc3cc5
-
SHA1
81c0fe25770a701b3da82326deae7ff0301fc468
-
SHA256
0ce4e3f50bd0892d5964c4eb35206198ce20655ce0ced5ce1472f30012cb577f
-
SHA512
ad6c1028c1f8604ff1a69f854d62029174ec276ec2a30a824cf3f5d02c7d15d9ea93732bba824e9f9d7fb9e4cf5cc28aa8b759ddd9452761537bc80f61d6cc06
-
SSDEEP
1536:SsbHq+G5/oqriY69SmFY6r4iypChCBbJl:S2go3N976iNypICBbJl
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2004 wrote to memory of 1628 2004 rundll32.exe 30 PID 2004 wrote to memory of 1628 2004 rundll32.exe 30 PID 2004 wrote to memory of 1628 2004 rundll32.exe 30 PID 2004 wrote to memory of 1628 2004 rundll32.exe 30 PID 2004 wrote to memory of 1628 2004 rundll32.exe 30 PID 2004 wrote to memory of 1628 2004 rundll32.exe 30 PID 2004 wrote to memory of 1628 2004 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4371e0df5cad4758e219aec8c8cc3cc5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4371e0df5cad4758e219aec8c8cc3cc5.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1628
-