Overview

overview

3

Static

static

3

85b8c9ab49...18.dll

windows7-x64

1

85b8c9ab49...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 02:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85b8c9ab498d9282c5d7900bd4e0e12e_JaffaCakes118.dll

  • Size

    140KB

  • MD5

    85b8c9ab498d9282c5d7900bd4e0e12e

  • SHA1

    8a1ef05104a3949116c95355e170c7bf74a11b4c

  • SHA256

    95b9df255d873cde24e8e3b8d16082a5ca90819844f9d07b17eb18050c371687

  • SHA512

    a55392e7fa4d938a6d363da856cf7d8f5f0ca1ef202306db5817d5b80e813143dd5b5ea654e15b3ccbfb0b750f8ee0406e6aaa121d776c61b9a203af440ae457

  • SSDEEP

    3072:CsgwEvM3z0BQg/S3jSEUl+Welmef2Aze001gCm6+f0Ii7:Csge3wXCQefZCm6+E

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\85b8c9ab498d9282c5d7900bd4e0e12e_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2796
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\85b8c9ab498d9282c5d7900bd4e0e12e_JaffaCakes118.dll,#1
      2⤵
        PID:2028

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads