Overview

overview

7

Static

static

7

0451c2c0fe...18.dll

windows7-x64

3

0451c2c0fe...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 08:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0451c2c0fee9b0fc5a97522fa2a75b7e_JaffaCakes118.dll

  • Size

    27KB

  • MD5

    0451c2c0fee9b0fc5a97522fa2a75b7e

  • SHA1

    8fbb41a16c8c5367fe730026f5cc2ebb6afe82d3

  • SHA256

    a2937458164981679422dc8d261312535ad1aa34f9a5a65fb8683cf51b2f0d23

  • SHA512

    3fb44d3cc98fe95f8247b7372c5963154acf8486aa01a7e61eaab8ab62760510f03ec3c4897151bcc9ceb14b89a4335ae21dc47dec1f347f1a5aca4b812d6db0

  • SSDEEP

    768:X6LF8n/o/VbPqjxaVNwQCycilGh8xtha5B:uuqbPqjUVNv1G2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0451c2c0fee9b0fc5a97522fa2a75b7e_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0451c2c0fee9b0fc5a97522fa2a75b7e_JaffaCakes118.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:1948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1948-1-0x0000000010000000-0x0000000010016000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1948-0-0x0000000010000000-0x0000000010016000-memory.dmp

    Filesize

    88KB

    Download