Overview

overview

3

Static

static

3

20c3f00fee...18.dll

windows7-x64

1

20c3f00fee...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 02:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20c3f00fee0404b9d59ec57ff1fd679f_JaffaCakes118.dll

  • Size

    29KB

  • MD5

    20c3f00fee0404b9d59ec57ff1fd679f

  • SHA1

    6255b90e7c2c97a85fcd8dc64ad23c8dcd89945d

  • SHA256

    c369a93f257d28f1cbe3fe9d293a64fe2cb397498f60af4fb6d195b667ab6088

  • SHA512

    3642604807ce67c8dfeefb8a51991d4a04b9056d898a42dfc7396b4078d7e41b30318fe1c59ecf640c4535c5a482536ce046f19578ea3e4baf13199f6e467c6f

  • SSDEEP

    768:jKSCquFw0GQO/mRsrEiWcqP+eR8pdDPB1:BCquFw0GQiQcFP1

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\20c3f00fee0404b9d59ec57ff1fd679f_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\20c3f00fee0404b9d59ec57ff1fd679f_JaffaCakes118.dll
      2⤵
        PID:3016

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3016-0-0x00000000001B0000-0x00000000001BD000-memory.dmp

      Filesize

      52KB

      Download