Overview

overview

7

Static

static

7

429d23f553...18.dll

windows7-x64

6

429d23f553...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    95s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 17:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    429d23f5530bae033c45016feda30a4a_JaffaCakes118.dll

  • Size

    139KB

  • MD5

    429d23f5530bae033c45016feda30a4a

  • SHA1

    70355f5c2926f15edebd7ce115f3a8f3a69ad55e

  • SHA256

    b55c4a984a4e687a2850363414a3e9fada14ef0c947809f3fb1d0c3c3fbcdb8f

  • SHA512

    ebefa05ddddcc44122497551d1ef5431992907df4452240f90c63b43bdea6ee81a1ebf4c2f5260befaad50416187eb405f32d3b2e31c23434e912d58fbedcd68

  • SSDEEP

    3072:nnR20aUaFPmgRMNlPTGQQm6ytwZEsrYkK4/p:nR2b98gWNlPTGQQm6agrd/p

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\429d23f5530bae033c45016feda30a4a_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4852
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\429d23f5530bae033c45016feda30a4a_JaffaCakes118.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4680

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4680-0-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/4680-1-0x0000000002E20000-0x0000000002E63000-memory.dmp

          Filesize

          268KB

          Download

        • memory/4680-5-0x0000000002FC0000-0x0000000002FC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-12-0x0000000003050000-0x0000000003052000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4680-11-0x0000000002F90000-0x0000000002F91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-10-0x0000000003010000-0x0000000003011000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-9-0x0000000002FD0000-0x0000000002FD1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-8-0x0000000001570000-0x0000000001571000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-7-0x0000000002FA0000-0x0000000002FA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-6-0x0000000002FB0000-0x0000000002FB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-4-0x0000000001540000-0x0000000001541000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-2-0x0000000002FF0000-0x0000000002FF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-16-0x0000000003150000-0x0000000003151000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-17-0x0000000003140000-0x0000000003141000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-15-0x0000000003120000-0x0000000003121000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-14-0x0000000003130000-0x0000000003131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-13-0x0000000003040000-0x0000000003041000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4680-3-0x0000000001550000-0x0000000001551000-memory.dmp

          Filesize

          4KB

          Download