Overview

overview

7

Static

static

3

ec5496aa3d...18.dll

windows7-x64

7

ec5496aa3d...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-04-2024 00:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec5496aa3db34f66928dec83bcb73d41_JaffaCakes118.dll

  • Size

    1.9MB

  • MD5

    ec5496aa3db34f66928dec83bcb73d41

  • SHA1

    f4ad818ac23ff1befe7c6747903ba750a59f65a0

  • SHA256

    bdc3e204295785efcb7edf8f25f32eeebe853c6e2d91b6caf8d9322c3f5b7c25

  • SHA512

    22b6f2cb807b7eccbd1a76d6127c7fdd284ed028d0d39fb87e2597e18c4040d0dfd2580ef201c41253c6c26b09473933f2625b088b2bd6b9e654220f41ebdf08

  • SSDEEP

    49152:bnJA77wJ4eMxr3glWQ4eqfsi1u1mTP8H:b+77wJ4lxEJXiFb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec5496aa3db34f66928dec83bcb73d41_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4788
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec5496aa3db34f66928dec83bcb73d41_JaffaCakes118.dll,#1
      2⤵
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:3320
      • C:\Program Files (x86)\ResolutionHost_1702874162\ResolutionHost.exe
        "C:\Program Files (x86)\ResolutionHost_1702874162\ResolutionHost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        PID:2596
  • C:\Program Files (x86)\ResolutionHost_1702874162\ResolutionHost.exe
    "C:\Program Files (x86)\ResolutionHost_1702874162\ResolutionHost.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    PID:3836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\ResolutionHost_1702874162\OUTLFLTR.DAT
    Filesize

    1.5MB

    MD5

    30aa7745b4abfc10fc91df3b34afc600

    SHA1

    e34f07a531f53d07e97a9fecde035b22a12ad1a0

    SHA256

    b8bcdb878f0dce633c6e82b98081d25093e4849e0e37704b614c80383db56e4f

    SHA512

    650ccb3132d587dcd2eec98005f860a9fdc313d3c8acbd4d9ea843686db3191150aec63bbb2b20b99cbc9c2554356965ed18434e4cff98c926278137e41475c7

    Download Submit

  • C:\Program Files (x86)\ResolutionHost_1702874162\RasTls.dll
    Filesize

    355KB

    MD5

    ca954cd8fc2298ba32900187cb5d391f

    SHA1

    9ffeea97424f4f6d86004b645246ebfec6d3d37b

    SHA256

    05f90af72c1aeb84e187a4a966ae1be553f0312f66e8fcd53842fb04c8b56b30

    SHA512

    58f4d5bf10fe23858df65849214fba0b5bb85a1cddd3f1f8c420b55cfd05ef6d637de28c7c651546ab4bc2bdcb15c0426afcd3d6aad0c817eeeb5be9c1e35465

    Download Submit

  • C:\Program Files (x86)\ResolutionHost_1702874162\ResolutionHost.exe
    Filesize

    105KB

    MD5

    62944e26b36b1dcace429ae26ba66164

    SHA1

    2616da1697f7c764ee7fb558887a6a3279861fac

    SHA256

    f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68

    SHA512

    e3c366044ac0b4df834b2f05d900cad01bc55b39028984ed3486aa2522e8c226bf9a81952da2c7e4bf0bc2c322d10fe58329e787238bb710a137827927b48d7c

    Download Submit

  • memory/2596-9-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2596-10-0x00000000033E0000-0x0000000003561000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3836-21-0x0000000002E60000-0x0000000002F31000-memory.dmp

    Filesize

    836KB

    Download

  • memory/3836-73-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-17-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-20-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-18-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3836-72-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-16-0x0000000001A60000-0x0000000001BCB000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3836-76-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-77-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-78-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-79-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-81-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-82-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-80-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/3836-143-0x00000000023E0000-0x0000000002C7A000-memory.dmp

    Filesize

    8.6MB

    Download