Overview

overview

3

Static

static

3

20ebd2a9e3...18.dll

windows7-x64

1

20ebd2a9e3...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    41s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20ebd2a9e3294fbd62add8bb5e568756_JaffaCakes118.dll

  • Size

    18KB

  • MD5

    20ebd2a9e3294fbd62add8bb5e568756

  • SHA1

    12ffbf934a884c0858c9b0d3c7a03f14e6638d4e

  • SHA256

    a4c362d623147c75dcd2b9b5ba0463576e5a0a271e0d14f1dfd561df1fe5f3f6

  • SHA512

    2a65854e22cf6b507750f0dcd8385df59a3c8e5f0fdad9181a776904df1a8b54abdf28d761eff2d73d82951a3cff2786f6947ef9b2b4f3a8f6768b14bcb61aca

  • SSDEEP

    192:JBv5P1RdqOs0U87+SZA5U2tqdAiDtFlNlJuXJMCIJO8DVGEeDzq6Ld:lLdZs0U8gULACDlNlJYKO3EoG

Score
1/10

Malware Config

Signatures

  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3424
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\20ebd2a9e3294fbd62add8bb5e568756_JaffaCakes118.dll,#1
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3904
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe C:\Users\Admin\AppData\Local\Temp\20ebd2a9e3294fbd62add8bb5e568756_JaffaCakes118.dll,#1
          3⤵
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1832

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1832-0-0x0000000010000000-0x0000000010007000-memory.dmp

      Filesize

      28KB

      Download