Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
10/03/2025, 07:14
General
-
Target
JaffaCakes118_5dc1c8c0a584900ff90aabf87c6a2548.dll
-
Size
504KB
-
MD5
5dc1c8c0a584900ff90aabf87c6a2548
-
SHA1
bfcfbb48b7a0fb5c701581b1ef0b46e859ddb659
-
SHA256
9c8c7e4522bc34dae092a974d7b2f0c18cf697ec1eed2c4511fee0335979a4f2
-
SHA512
b514c0aa2dbc26a7cc74522c4d393fb8aefc2341bfe13fdc54623a0bc0dcc65aedfc6b568f512cd918416ffdc3acac20cf95efc1e19a92fbd8d5277569ce824f
-
SSDEEP
3072:Mp6s+wuAhRfhqt7sOD7Yq7QltTYfTBftvchUn6nbknBrmzhoFMH7An6f8:MIsxp4tlYuQLYfTBlEhUn6nyBm+KHc60
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5dc1c8c0a584900ff90aabf87c6a2548.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5dc1c8c0a584900ff90aabf87c6a2548.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 2243⤵
- Program crash
-
-