Overview

overview

6

Static

static

3

62b14c5daf...18.dll

windows7-x64

6

62b14c5daf...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62b14c5daf27982a7c03de7d8dcbc796_JaffaCakes118.dll

  • Size

    68KB

  • MD5

    62b14c5daf27982a7c03de7d8dcbc796

  • SHA1

    32eaf1f84e403efcf62aabac6e94e3b0799a4ec8

  • SHA256

    957469d060eb51876f301d41b95c4695917a9b6faecef735e15c5ec21988c53b

  • SHA512

    a3415fe3f146f01417cc41e262c79874e9387b4fe8e1687808cbfac2b20413163def6efab5713836ef45edb56099be15815951137a8a9326c2fa867d29306e9a

  • SSDEEP

    1536:TVbaxsbn55UQ6nciY2mtMDdyJTVVjToBw96/JU82b:TVWibn55UdciY2m6DIVVhoBw9x8Y

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\62b14c5daf27982a7c03de7d8dcbc796_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1128
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\62b14c5daf27982a7c03de7d8dcbc796_JaffaCakes118.dll,#1
      2⤵
        PID:3540

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3540-0-0x0000000001290000-0x000000000129A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3540-2-0x0000000010000000-0x0000000010009000-memory.dmp

      Filesize

      36KB

      Download

    • memory/3540-4-0x0000000001290000-0x000000000129A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3540-8-0x0000000001290000-0x000000000129A000-memory.dmp

      Filesize

      40KB

      Download