Overview

overview

3

Static

static

3

3565326225...18.dll

windows7-x64

1

3565326225...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 15:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3565326225bfa74818f6752b6dc87edc_JaffaCakes118.dll

  • Size

    254KB

  • MD5

    3565326225bfa74818f6752b6dc87edc

  • SHA1

    c8ad483fb0c20e158d89a8b4bfd0d049138df8ed

  • SHA256

    5791c6ab288ffddb8e23514c383a51849e1293dc6f11f58a7a23757a9b00f6a0

  • SHA512

    d2965ddae104778745e92ae9c1669fa44fe5437184a5fbda5c1b86562407979a57c0540b64032844a31d127aa7b82786a5d347b6f48d548c50e41465522da87c

  • SSDEEP

    6144:Vc3W3ZZ+PuJUaDcUTD1do9lGJ8/FUQfhOGv7htx/oCzvuZ9:Vc3WLyuGaDcA1dEG6/FUEhXvlnQCi

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3444
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\3565326225bfa74818f6752b6dc87edc_JaffaCakes118.dll,#1
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4616
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe C:\Users\Admin\AppData\Local\Temp\3565326225bfa74818f6752b6dc87edc_JaffaCakes118.dll,#1
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1464

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1464-0-0x0000000010000000-0x0000000010042000-memory.dmp

            Filesize

            264KB

            Download