Overview

overview

1

Static

static

1

9c0f7b8fc7...18.dll

windows7-x64

1

9c0f7b8fc7...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c0f7b8fc769c1f00ce157d6bd29d4d0_JaffaCakes118.dll

  • Size

    934KB

  • MD5

    9c0f7b8fc769c1f00ce157d6bd29d4d0

  • SHA1

    ea60f3d90a9a0076e8e294b6535edb0ce0b1d90c

  • SHA256

    a039587cb37f33112286a89e8f41eae183a91b376cec771162c6e0a5b517730c

  • SHA512

    1146bb0fe62f4adae05995a524707acde0245a4cff063dd58df725ba4bbddd5c682f9aff3bf89eeb09f0e0da028980ec7cb097ad3c7b4358dd1992fa2415fd1e

  • SSDEEP

    12288:vkVUTaD9/+I9qY3s5F0HUQ+0HNXT0N14Ge5kSFwAGzRuFmvQTIWYi26wSSq:4C0HUQxtXTuowAGzR2XTINi2PSSq

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c0f7b8fc769c1f00ce157d6bd29d4d0_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3576
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c0f7b8fc769c1f00ce157d6bd29d4d0_JaffaCakes118.dll,#1
      2⤵
        PID:2992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads