Overview

overview

3

Static

static

3

234a7971d1...18.dll

windows7-x64

1

234a7971d1...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    130s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 18:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    234a7971d142d900e23db85fc954e6d8_JaffaCakes118.dll

  • Size

    101KB

  • MD5

    234a7971d142d900e23db85fc954e6d8

  • SHA1

    42691ee2b7a9773feffaf947ea667725e6363e01

  • SHA256

    92b8c7cb8da7d111992a99fe1ef9d756a952f763c7d0bc215be5ec880c9cb9da

  • SHA512

    9bbfbeaefd9bf22378c0734f59460a0dede6df8016444b82c0b826e63bb5f6e0ac395db239a5185fd8128f7ce5ec415410969c14098f65ad30ec489e7d91f215

  • SSDEEP

    3072:+2nw3C9d2HIUdWjdR75QKWUDO8st7pLpo2:pwy9w/dWjTlXjDHsW

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\234a7971d142d900e23db85fc954e6d8_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\234a7971d142d900e23db85fc954e6d8_JaffaCakes118.dll,#1
      2⤵
        PID:2656

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2656-1-0x0000000000B30000-0x0000000000B3B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2656-0-0x0000000010000000-0x0000000010025000-memory.dmp

            Filesize

            148KB

            Download

          • memory/2656-5-0x000000001001A000-0x0000000010023000-memory.dmp

            Filesize

            36KB

            Download