Overview

overview

3

Static

static

3

890fa989ff...18.dll

windows7-x64

1

890fa989ff...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-06-2024 02:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    890fa989ff9e93f05122e71fe76c3b9a_JaffaCakes118.dll

  • Size

    9KB

  • MD5

    890fa989ff9e93f05122e71fe76c3b9a

  • SHA1

    88289295ba21aa87b08b370c8b92ef0ae9435265

  • SHA256

    d301646a0269269760e71f93877e2f1490e87406768aa89e8dac6a6ec59afd73

  • SHA512

    a3ba7ce9c8ff856957aabb7908a1471dfe2070972f05ff523d91bbeedf364151ebbb33135bf4e0395e070e99393e45b579d749c6d8edf88eeb9f77074d3054a3

  • SSDEEP

    192:pm6RSACpUqZpGkQpndcJrd/ySHr5gRvfA1bs8HF3Ot5BsqdapdNspwVWYpZ:A6MbppgVd4Kcg1fABs2u5BsoSdNsplYn

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\890fa989ff9e93f05122e71fe76c3b9a_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\890fa989ff9e93f05122e71fe76c3b9a_JaffaCakes118.dll,#1
      2⤵
        PID:3608

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3608-0-0x0000000067700000-0x000000006770E000-memory.dmp

      Filesize

      56KB

      Download