Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 10:02

General

  • Target

    119bacfe95f0feb922e5d94127b285d1_JaffaCakes118.dll

  • Size

    456KB

  • MD5

    119bacfe95f0feb922e5d94127b285d1

  • SHA1

    bcfe88ad805f085904d8e159a881180836977d8c

  • SHA256

    92761fa10b905bd5dbd9d8e25f5de5c1288a2c6ebbd1c7347d36aae7f31342d8

  • SHA512

    21c6969994d75e79d42fdfe3e27f5d7ce7daf8b23c932447ebecd2a5f67c9bd1593aa7942643a781480a51323c182830c1bca9946ee9e99f9bd41a2d5be1cbf2

  • SSDEEP

    6144:8CMTahs6zHBFBjJxCaaMwswSAg/D8hyUd/c1X/UH+RJEfvVS1c/v0tZGzYNa2s1h:nBs6jBFBdaMw8AgUd4vLMEcEPGWH

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\119bacfe95f0feb922e5d94127b285d1_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\119bacfe95f0feb922e5d94127b285d1_JaffaCakes118.dll,#1
      2⤵
        PID:1320

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1320-2-0x0000000010000000-0x00000000100DE000-memory.dmp

      Filesize

      888KB

    • memory/1320-3-0x0000000010000000-0x00000000100DE000-memory.dmp

      Filesize

      888KB

    • memory/1320-1-0x0000000010000000-0x00000000100DE000-memory.dmp

      Filesize

      888KB

    • memory/1320-0-0x0000000010000000-0x00000000100DE000-memory.dmp

      Filesize

      888KB