Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
04-07-2024 23:31
Behavioral task
behavioral1
Sample
26a39d0134a6a0cf7cc04e45944cf632_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
26a39d0134a6a0cf7cc04e45944cf632_JaffaCakes118.dll
Resource
win10v2004-20240704-en
General
-
Target
26a39d0134a6a0cf7cc04e45944cf632_JaffaCakes118.dll
-
Size
433KB
-
MD5
26a39d0134a6a0cf7cc04e45944cf632
-
SHA1
a0701990d6096a35c665b90c1bd05d304ab221e3
-
SHA256
64a4f5c36756a77895b7293cd29993d15e681c3235dfbfe18a4effe1095c9d80
-
SHA512
0780b5855c8fd839d0cd6be0a93ff4871e1310bc6f074e9e245899da6c04802fe975587d91e63ae92201fabb149769e1aea31b36232a7a3e268e6439b64fe7d1
-
SSDEEP
6144:vIxv11OXWGod2s5k/qF8Rht5+bzo+1cNwPLvoqg0R2VhPefm0TozUS87s5FEpy8A:uiRmkiWRht5wzo+1c2obY7QzcU8CKXy
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4620 wrote to memory of 1300 4620 rundll32.exe rundll32.exe PID 4620 wrote to memory of 1300 4620 rundll32.exe rundll32.exe PID 4620 wrote to memory of 1300 4620 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\26a39d0134a6a0cf7cc04e45944cf632_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\26a39d0134a6a0cf7cc04e45944cf632_JaffaCakes118.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1300-0-0x0000000059D70000-0x0000000059F58000-memory.dmpFilesize
1.9MB
-
memory/1300-24-0x00000000035E0000-0x00000000035E1000-memory.dmpFilesize
4KB
-
memory/1300-28-0x00000000011B0000-0x00000000011B1000-memory.dmpFilesize
4KB
-
memory/1300-27-0x0000000001370000-0x00000000013C0000-memory.dmpFilesize
320KB
-
memory/1300-26-0x00000000035C0000-0x00000000035C1000-memory.dmpFilesize
4KB
-
memory/1300-25-0x00000000035D0000-0x00000000035D1000-memory.dmpFilesize
4KB
-
memory/1300-22-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-21-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-20-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-19-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-18-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-23-0x00000000011C0000-0x00000000011C1000-memory.dmpFilesize
4KB
-
memory/1300-17-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-16-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-15-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-14-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-13-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-12-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-11-0x00000000035F0000-0x00000000035F1000-memory.dmpFilesize
4KB
-
memory/1300-10-0x00000000035B0000-0x00000000035B1000-memory.dmpFilesize
4KB
-
memory/1300-6-0x0000000002DA0000-0x0000000002DA1000-memory.dmpFilesize
4KB
-
memory/1300-5-0x0000000002D50000-0x0000000002D51000-memory.dmpFilesize
4KB
-
memory/1300-4-0x0000000002D40000-0x0000000002D41000-memory.dmpFilesize
4KB
-
memory/1300-3-0x0000000002D00000-0x0000000002D01000-memory.dmpFilesize
4KB
-
memory/1300-2-0x0000000002D10000-0x0000000002D11000-memory.dmpFilesize
4KB
-
memory/1300-1-0x0000000002D90000-0x0000000002D91000-memory.dmpFilesize
4KB
-
memory/1300-8-0x0000000002D20000-0x0000000002D21000-memory.dmpFilesize
4KB
-
memory/1300-9-0x00000000035A0000-0x00000000035A1000-memory.dmpFilesize
4KB
-
memory/1300-7-0x0000000002D70000-0x0000000002D71000-memory.dmpFilesize
4KB