Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 04:33

General

  • Target

    a3d4a2d0ff0e9d1ab550da0118ca030d_JaffaCakes118.dll

  • Size

    719KB

  • MD5

    a3d4a2d0ff0e9d1ab550da0118ca030d

  • SHA1

    d2ed8e27c1171cb13ab6b2d5def9944eb8fb95b1

  • SHA256

    4223565b2e7343b46f1092c78fc655ff3d63315d5e64483e81ee2db192f92268

  • SHA512

    852cafb36de22e1673a25ae37457f3b281312d2d9a2769b777eaf055766eef00c8b0c3ccc93cd00439d033f79b1fdb3223245b61d030b06fd3e8015acbb16a7a

  • SSDEEP

    12288:EzT152LYwNwt+I8LFktPqU1FCqckxaq/butNxReGtQ1D5Xq32w3HXFLPaIU+H8NJ:Ezbv4wLPqACUaqKtNxApqxLBUxq

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3d4a2d0ff0e9d1ab550da0118ca030d_JaffaCakes118.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2648 -s 100
      2⤵
        PID:2264

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2648-0-0x000007FEF6240000-0x000007FEF646A000-memory.dmp

      Filesize

      2.2MB

    • memory/2648-5-0x000007FEF6240000-0x000007FEF646A000-memory.dmp

      Filesize

      2.2MB

    • memory/2648-6-0x000007FEF6470000-0x000007FEF669A000-memory.dmp

      Filesize

      2.2MB

    • memory/2648-7-0x0000000000120000-0x0000000000121000-memory.dmp

      Filesize

      4KB

    • memory/2648-3-0x000007FEF6470000-0x000007FEF669A000-memory.dmp

      Filesize

      2.2MB