Overview

overview

3

Static

static

3

2664ae0908...18.dll

windows7-x64

1

2664ae0908...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2664ae090847696c52a4a205a7206755_JaffaCakes118.dll

  • Size

    12KB

  • MD5

    2664ae090847696c52a4a205a7206755

  • SHA1

    5e01de76aa231afe1be3f62bc215c61a543a0649

  • SHA256

    5a8971482798143e38c4a0b705ea1fc528d4836e70c992896c939e37bf84889c

  • SHA512

    4b47859bd053539fbc7f2a888b191f14da546ac0d5ca860ef96a51d3b211c5a99d4e0e8b9c76b1d828be4851cfafed161bc2c683e975fd9f0cac747ae48b6404

  • SSDEEP

    384:fEx2w6si9IYOP1utNXQ3rqZ8qEoTXDSxSx:fEx1i97OALXQ3rVoTXDSxm

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2664ae090847696c52a4a205a7206755_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2664ae090847696c52a4a205a7206755_JaffaCakes118.dll,#1
      2⤵
        PID:1776

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmp170E.tmp
      Filesize

      3KB

      MD5

      cb0a060d793a5d883972f9dda12e01ff

      SHA1

      b82bdd6b3167006813e37994cfbb09d9e6f08155

      SHA256

      a16e2c67dc397f2b92b2891f61ad01448b69c997c79c306c9852620a7c7f186c

      SHA512

      daa737e6c4d03fe184fb7319a70bc6d4ec4c5cfad4640aa9dca10215b69c68d415193879ad380103a0e48d53125b668592d5cdcc219518c7812014b679984086

      Download Submit

    • C:\name.log
      Filesize

      60B

      MD5

      a764045c1199b36daa0811698ce1f92b

      SHA1

      9f367bac911d786b9d44e52585cb71afb24e7967

      SHA256

      5bee6dee7219fe42b556542a3fdec752f259c5375ccdf02f6fdef07ce5e07d52

      SHA512

      444fb66a75a5695127f881c6fb98920769e562213c7a9700af1d79eabd3753609b9caf787ad4c06bac9d72d0eaff40d32073fb368d104d787c06c78aaa6ecf10

      Download Submit

    • memory/1776-0-0x0000000025000000-0x000000002501A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/1776-1-0x0000000025011000-0x0000000025012000-memory.dmp

      Filesize

      4KB

      Download