Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2024 21:10

General

  • Target

    366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll

  • Size

    91KB

  • MD5

    366508fbcaec3b8604a34bfe350b348c

  • SHA1

    2d0ea3bac134b8dd81b72e923f42919278929d9b

  • SHA256

    3b431a0e63f9edb5edb6e0d419b309487833bbcff467c8a075d90702d3884ec7

  • SHA512

    1600056b17265a4b412526cfb36b55c426532cc17334ae25fc7482987dfccfc0ee7df35c3b85a23826fa7875d581605d60de681e30b8765145e5267bd32ac1fe

  • SSDEEP

    1536:jpSyrn1CZZV1ErUuXippOn/gtbzMaofbuPgpjIti9wVaPQvC6X91eL:gyLSzErUuy6n/W6lpjIE9w0E1+

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3860
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll,#1
      2⤵
        PID:2960

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2960-0-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB