Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
01-07-2024 11:01
General
-
Target
1b0a851709ab4191925076494e6d5bbc_JaffaCakes118.dll
-
Size
836KB
-
MD5
1b0a851709ab4191925076494e6d5bbc
-
SHA1
00eaf796b9c28193d10244c1a0150a1dbedb32ee
-
SHA256
977d814b16ae509ae7ac801419a51a948a59c34f8b744cb44d7738358776e974
-
SHA512
561bbada133c11d51dede515136b794874357d901062e22d35a4e26fed445483db7170ee4036c789132e9f98d8dd4bbb6a7639c4c785a9a5250a9718a2e7432f
-
SSDEEP
12288:LpcKfWjah3UyB999tFFlF77Tg0lq1SPf4IPkUdoAvGEqhurl/XlKfRnlm66ctn:L+KLjNFlJPgABBPkUdoRBS/QW66ctn
Score
7/10
Malware Config
Signatures
-
VMProtect packed file 4 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b0a851709ab4191925076494e6d5bbc_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b0a851709ab4191925076494e6d5bbc_JaffaCakes118.dll,#12⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1784-3-0x0000000010000000-0x000000001022B000-memory.dmpFilesize
2.2MB
-
memory/1784-1-0x0000000010000000-0x000000001022B000-memory.dmpFilesize
2.2MB
-
memory/1784-0-0x0000000010000000-0x000000001022B000-memory.dmpFilesize
2.2MB
-
memory/1784-2-0x0000000010000000-0x000000001022B000-memory.dmpFilesize
2.2MB