Overview

overview

3

Static

static

3

418b342b48...18.dll

windows7-x64

1

418b342b48...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-05-2024 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    418b342b48e4c63e1c2b2e5ba7a7054a_JaffaCakes118.dll

  • Size

    35KB

  • MD5

    418b342b48e4c63e1c2b2e5ba7a7054a

  • SHA1

    750f784ce5acf2d953caa2de449a52ffa67b5cb2

  • SHA256

    fae86ff0e3ccfd18b42cb2f1007e4e85377144efc2bd257068b0a2e50d4e692d

  • SHA512

    5ed01463298294a3be169b96193e0472598c02f8c9bee2f5aafa83545da09236a8cdb1533808a58a416ca2d77b22a6ea2ed6a7024343514731c4aeb22beca3a6

  • SSDEEP

    768:sN2kO1VdW+prtnZbbEsEdYHpx8m7DmCCqq:S2k4XW+ttnZbEddY78RFqq

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\418b342b48e4c63e1c2b2e5ba7a7054a_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4304
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\418b342b48e4c63e1c2b2e5ba7a7054a_JaffaCakes118.dll,#1
      2⤵
        PID:1584

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1584-0-0x00000000453F0000-0x0000000045406000-memory.dmp

      Filesize

      88KB

      Download