Overview

overview

6

Static

static

3

262e6d0448...18.dll

windows7-x64

6

262e6d0448...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 20:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    262e6d04480fb977a10617b2968ddb92_JaffaCakes118.dll

  • Size

    440KB

  • MD5

    262e6d04480fb977a10617b2968ddb92

  • SHA1

    f0741dd550f64395e9926f17446c960c19279b24

  • SHA256

    1abae68c8d313cb9df7f5b200f11a72324ae18dcc134059ac422d018bf149c63

  • SHA512

    9cf18b946f50728c93fb9c3d79cb0579751954301e88686928ba1db1ec9bef4b054a7cca1d3c1c93aee2130da35dadbdb3a5f770b4b130a7335495743456e74e

  • SSDEEP

    12288:fJ0WxRB9mn1M5noURdBkdHgmW0nhfQCl6QL1d649oHBZV:fJ9xR+qPvmBg6hLpz6492H

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\262e6d04480fb977a10617b2968ddb92_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3956
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\262e6d04480fb977a10617b2968ddb92_JaffaCakes118.dll,#1
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Drops file in System32 directory
      PID:876

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads