Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 11:54

General

  • Target

    6321a9beebe63d70389c17e22039f903_JaffaCakes118.dll

  • Size

    107KB

  • MD5

    6321a9beebe63d70389c17e22039f903

  • SHA1

    9bc6741b6f97ad3b3e15f427178ba87b8959b798

  • SHA256

    e271fd297f57c0931e6cc43b0c69d4a1cf2f9545a7169ea377af041a7db90475

  • SHA512

    22177dc2d6e357ddc74309b4d94a9aa14f9c8ad1abad08c995b864023a015804a0d3064f95227cb8774dd7cce991209f7d930ce4545c79ba86579e7a51c0cf99

  • SSDEEP

    1536:Mpsox7IB+zcZqFiUbP8pFn3LgGRYHojqu29qgKdpL2wJxMWb/0Mujx:MOn+zGnUr8T3LgSYHoudZKTqwJxMq0MG

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6321a9beebe63d70389c17e22039f903_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\6321a9beebe63d70389c17e22039f903_JaffaCakes118.dll,#1
      2⤵
        PID:1924

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1924-3-0x0000000010000000-0x000000001000E000-memory.dmp

            Filesize

            56KB

          • memory/1924-2-0x0000000010000000-0x000000001000E000-memory.dmp

            Filesize

            56KB

          • memory/1924-1-0x0000000010000000-0x000000001000E000-memory.dmp

            Filesize

            56KB

          • memory/1924-0-0x0000000010000000-0x000000001000E000-memory.dmp

            Filesize

            56KB