Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27/01/2025, 20:34
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_43729648b032f8b8bf315299d8894237.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_43729648b032f8b8bf315299d8894237.dll
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_43729648b032f8b8bf315299d8894237.dll
-
Size
88KB
-
MD5
43729648b032f8b8bf315299d8894237
-
SHA1
c6f8261b0e6a0542eff89daf8fa04d51d6e5cddb
-
SHA256
b9fd0c7b637f61a56c22c9a60fcbbae33c41558b45e0b44e6d0dd21bd194fab3
-
SHA512
5f8ae8006393bcceef28deb670d3df7734572af65a92e6a2f300ba51b3d6b59f981f7bf47eef7420675c89f845745db13598d090e5b443ebb8e6b799c763fc49
-
SSDEEP
1536:C1hQQOyDyIw8xY0hzyZ6QdIg6Wncl6yno8PcX0BryNZHOVS+vDDDZP04L8:2AXSzvQdIghnCAX/O0+7ps4
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4052 wrote to memory of 2988 4052 rundll32.exe 83 PID 4052 wrote to memory of 2988 4052 rundll32.exe 83 PID 4052 wrote to memory of 2988 4052 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43729648b032f8b8bf315299d8894237.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4052 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43729648b032f8b8bf315299d8894237.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2988
-