Overview

overview

6

Static

static

3

fbb043fa39...18.dll

windows7-x64

6

fbb043fa39...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 02:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fbb043fa3913efacafd5b4000f5daa0b_JaffaCakes118.dll

  • Size

    124KB

  • MD5

    fbb043fa3913efacafd5b4000f5daa0b

  • SHA1

    09e8cee71c786b6cdb8a7fd0009ba1746a332add

  • SHA256

    f5aff0a5441e93f11d3a075de293d60123a0b156187f435b24bb314cc756b17c

  • SHA512

    cd5219191d240ff1bf96982264d3cc054061a51c3372e15d8ca33833433ba420583ea64b45b937bc46272e35759e2ab1284982355488b0099b093d38d0942128

  • SSDEEP

    1536:zQFTrStYIOvdwx71+CBHJoOYdWuWbsgTXfZzALGVAjnIqTsmaeCQtt5+R:IStxydoxtHbYdVabZaNkqWeCQtt5+R

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbb043fa3913efacafd5b4000f5daa0b_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbb043fa3913efacafd5b4000f5daa0b_JaffaCakes118.dll,#1
      2⤵
        PID:1044

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1044-0-0x0000000000780000-0x000000000078B000-memory.dmp
      Filesize

      44KB

      Download
    • memory/1044-2-0x0000000010000000-0x000000001000A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/1044-4-0x0000000000780000-0x000000000078B000-memory.dmp
      Filesize

      44KB

      Download
    • memory/1044-8-0x0000000000780000-0x000000000078B000-memory.dmp
      Filesize

      44KB

      Download