Overview

overview

7

Static

static

3

1b14800f3b...18.dll

windows7-x64

7

1b14800f3b...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b14800f3bf8510df67b3852d89ba96c_JaffaCakes118.dll

  • Size

    2.5MB

  • MD5

    1b14800f3bf8510df67b3852d89ba96c

  • SHA1

    c2947d79db7628f5ddce1fa0214546b669f7ac20

  • SHA256

    76cb6688425cab5aea30cb1e8838e0cd87058d866a47c584f6ca328d1fd760d6

  • SHA512

    5d74a837d91e1866ca1dd9b480e5656670d1d563d30655223dc73daa9c302efbac422a0674d53e55cf3b523018d092e02e4580fad71ce0df078c2f71a9f93600

  • SSDEEP

    49152:tS2OQs9KruyJHMg4tV7eUFnpD5mQcY/3k7hvr:8QsgnJs1VaUFpt7Jk7R

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b14800f3bf8510df67b3852d89ba96c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b14800f3bf8510df67b3852d89ba96c_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\SkinH_EL.dll
    Filesize

    688KB

    MD5

    bd42ef63fc0f79fdaaeca95d62a96bbb

    SHA1

    97ca8ccb0e6f7ffeb05dc441b2427feb0b634033

    SHA256

    573cf4e4dfa8fe51fc8b80b79cd626cb861260d26b6e4f627841e11b4dce2f48

    SHA512

    431b5487003add16865538de428bf518046ee97ab6423d88f92cda4ff263f971c0cf3827049465b9288a219cc32698fd687939c7c648870dd7d8d6776735c93c

    Download Submit

  • memory/372-0-0x0000000010000000-0x00000000102A0000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/372-6-0x0000000003430000-0x00000000034DF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/372-10-0x0000000010000000-0x00000000102A0000-memory.dmp

    Filesize

    2.6MB

    Download