Overview

overview

3

Static

static

3

59976ca102...18.dll

windows7-x64

1

59976ca102...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/07/2024, 23:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    59976ca102144088c496b500dabc6402_JaffaCakes118.dll

  • Size

    261KB

  • MD5

    59976ca102144088c496b500dabc6402

  • SHA1

    4db9f698c83dd90f64ec52f8cb6531f519ed3590

  • SHA256

    c2a72abf1c553c4665ce8f7dadd5ba149341fb6dc4f024308c5fce281a12b9d7

  • SHA512

    a3ae30e2bb3f966a0f0db0459df21328d523c785d81bc3ee78b02cea91ad2e39ba8f6b6c75e99066411dc11ec17e427e90db6fdcbbcb408bb9bd54ca50941027

  • SSDEEP

    6144:VnZZS/5VRSzheRXReHL44nDWgRAkPsGQn8xID0DMFT/SEL61GGwxATtx7:mhRheHVR3PsGLxe0DUqEL61z3

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\59976ca102144088c496b500dabc6402_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\59976ca102144088c496b500dabc6402_JaffaCakes118.dll,#1
      2⤵
        PID:3064

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3064-0-0x0000000010000000-0x000000001004F000-memory.dmp

            Filesize

            316KB

            Download

          • memory/3064-1-0x0000000002730000-0x000000000277A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/3064-2-0x0000000002730000-0x000000000277A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/3064-5-0x00000000010C0000-0x00000000010CC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/3064-4-0x0000000000E20000-0x0000000000E30000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3064-3-0x0000000000E10000-0x0000000000E11000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3064-6-0x0000000010000000-0x000000001004F000-memory.dmp

            Filesize

            316KB

            Download

          • memory/3064-8-0x0000000002730000-0x000000000277A000-memory.dmp

            Filesize

            296KB

            Download