bdf121f921bf1a94af9a06cf4b7755b1d9a291de3e27cc111243591d85c5e2d6

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a59d3a7976e46884d5e80c780598f03_JaffaCakes118.dll
Size

25KB
MD5

4a59d3a7976e46884d5e80c780598f03
SHA1

6fb43e2ae838e065e91c01fae04bfaa35e02ad5f
SHA256

bdf121f921bf1a94af9a06cf4b7755b1d9a291de3e27cc111243591d85c5e2d6
SHA512

b1d401bc0b8604297c4ff7bf2a372f6f9889052d8b5ddf1c7d0bfad3ee607b31d972ae8bc013d66378beae0a38be404c59e096ce36c0f577b1d4b9234912e492
SSDEEP

384:6Fq8kSCOk7cRodTeC1ZkefDKXl87JHgxS4T1+:Qq8MZndTeC9KVqJHgxB1+

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
828	javaws.exe
828	javaws.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 4828	1008	rundll32.exe	83
PID 1008 wrote to memory of 4828	1008	rundll32.exe	83
PID 1008 wrote to memory of 4828	1008	rundll32.exe	83
PID 4828 wrote to memory of 3680	4828	rundll32.exe	85
PID 4828 wrote to memory of 3680	4828	rundll32.exe	85
PID 3680 wrote to memory of 828	3680	javaws.exe	87
PID 3680 wrote to memory of 828	3680	javaws.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a59d3a7976e46884d5e80c780598f03_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a59d3a7976e46884d5e80c780598f03_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4828
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe
    javaws https://www.edrewe.de/rewe-client/app/etax.jnlp?de.eurodata.reduced.anlagenbuchfuehrung=true&de.eurodata.telecontrol.start=true&de.eurodata.telecontrol.showmandanten=false&registryport=8001&httpport=8002&no-jardiff
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3680
  - - C:\Program Files\Java\jre-1.8\bin\javaws.exe
      javaws https://www.edrewe.de/rewe-client/app/etax.jnlp?de.eurodata.reduced.anlagenbuchfuehrung=true&de.eurodata.telecontrol.start=true&de.eurodata.telecontrol.showmandanten=false&registryport=8001&httpport=8002&no-jardiff
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4828-1-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-3-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-5-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-7-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-9-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-11-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-14-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-17-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-19-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-22-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-21-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-24-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-25-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-27-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-29-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-31-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-32-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-34-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-35-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-37-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-38-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-40-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-41-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-43-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-44-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-46-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-47-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-49-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-50-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-52-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-53-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-55-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-56-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-58-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-59-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-61-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-62-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-64-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-66-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-67-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-69-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-70-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-72-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-74-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-76-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-78-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-80-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-82-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-84-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-86-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-88-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-90-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-92-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-94-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-96-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-98-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-100-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-102-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-103-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-105-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-107-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-109-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-111-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-113-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-115-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-117-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-119-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-121-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-124-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-126-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-128-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-130-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-132-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-134-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-136-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-138-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-140-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-142-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-143-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-145-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-147-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-149-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-151-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-153-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-155-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-157-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-159-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-161-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-163-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-165-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-167-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-169-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-171-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-173-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-175-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-177-0x0000000000770000-0x00000000007B0000-memory.dmp

Filesize
256KB

Download
memory/4828-195-0x0000000065C80000-0x0000000065C8D000-memory.dmp

Filesize
52KB

Download