Overview

overview

5

Static

static

3

36f857084b...18.dll

windows7-x64

5

36f857084b...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    95s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-07-2024 00:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36f857084badb877038fca24a059a705_JaffaCakes118.dll

  • Size

    18KB

  • MD5

    36f857084badb877038fca24a059a705

  • SHA1

    8b946734f7954265160caefda3c0330a8fa9e3c8

  • SHA256

    2e8644302a0fb24e0a2721a3fa7548e0cfce2c5d6fac918440733a457b977176

  • SHA512

    e74aa0e35885924f66cad8c495c119a1c20b0b0e3529e7ec6c70ab789783480a8c2c87ea4b245b20e66320abb6c709235a5835209e94b5782b7eb32c171ca7a6

  • SSDEEP

    384:nI+pajRhnvTYueJdof47qOjQ8gU2/TpDAN7/hk:HOnbYuIyqjSU6TpDg/

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\36f857084badb877038fca24a059a705_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3264
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\36f857084badb877038fca24a059a705_JaffaCakes118.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:644
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 648
        3⤵
        • Program crash
        PID:3764
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 644 -ip 644
    1⤵
      PID:4256

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/644-0-0x0000000010000000-0x000000001000F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/644-1-0x00000000005E0000-0x00000000005E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/644-4-0x0000000010000000-0x000000001000F000-memory.dmp

      Filesize

      60KB

      Download