Analysis
-
max time kernel
98s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
19-04-2024 06:48
General
-
Target
f9bcc58d13fcfc592a6cabb23520a6fb_JaffaCakes118.dll
-
Size
210KB
-
MD5
f9bcc58d13fcfc592a6cabb23520a6fb
-
SHA1
727fdd435c208ef2bf140cabb26fb1b2026b625f
-
SHA256
5b81e2314a4d0a7483f008dece6a5b0296d400ab494cf3bdd8e741cbbf0e867c
-
SHA512
9eb23107f5667e88eb00f6b02d8d3e007f65014b214f5abeefa50534a7be1de1eb82d55b8d90fa6fdd79d749dbaf969294b098ba6613260bc061f71c913c1766
-
SSDEEP
3072:6WjM4tenQB7H4T5UO6ecXRrfjnSn3B3wa//QOh9kdkiQn6ap8Mzc4yC4QsYIR85t:84clx6tRr7Gf/fkdkiQF/g4rPIR85t
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9bcc58d13fcfc592a6cabb23520a6fb_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9bcc58d13fcfc592a6cabb23520a6fb_JaffaCakes118.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 5683⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4712 -ip 47121⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4712-0-0x0000000000400000-0x0000000000457000-memory.dmpFilesize
348KB
-
memory/4712-1-0x0000000002520000-0x0000000002534000-memory.dmpFilesize
80KB