Overview

overview

3

Static

static

3

410cef29d9...18.dll

windows7-x64

1

410cef29d9...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    95s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 09:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    410cef29d972cbc3e53177626011c6e3_JaffaCakes118.dll

  • Size

    11KB

  • MD5

    410cef29d972cbc3e53177626011c6e3

  • SHA1

    fb568e168fb8659962235c61d8c1b8819a276b8f

  • SHA256

    67ec9f5e828d50524ab4da1460bdcfdbe5986b03f6103f5cd504b353408798cb

  • SHA512

    26f3c1eec6a1e792de36d5c2555115d27a4d726bce2ea187db7af7f7f371b3d4a993ef8be3a964db6a238893a3edde43af46a583f2445e079c230683d93b7caf

  • SSDEEP

    192:j7L92z+wz0NN/3nrMjFI3JwMapfKyHlgWSFKPmwEizM6+dEhos/9:bK+GAN/3nrQu3OMa/71uYzM/Sh1/9

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\410cef29d972cbc3e53177626011c6e3_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5060
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\410cef29d972cbc3e53177626011c6e3_JaffaCakes118.dll,#1
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4048

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads