79a6fd24a3ca8a5e2e0c18c1413c04ef5fc728b33d338f0331a5bb14b517a7df | Triage

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 09:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

023d38d7778b263b50e661c326a12010_JaffaCakes118.dll
Size

2.2MB
MD5

023d38d7778b263b50e661c326a12010
SHA1

e43a381aabba486f461bfd9f6a832a534a5df70c
SHA256

79a6fd24a3ca8a5e2e0c18c1413c04ef5fc728b33d338f0331a5bb14b517a7df
SHA512

c4484946cac4771c0af3cdbfa12eceed6824809659f1f268eaa9577286b8ea14fe1a096d91a716f7c33525220f8cad6426e51b918d4ebe2412305cd533635a22
SSDEEP

49152:Mzijv0tDSIwzijv0tDSIIwzijv0tDSBIIwzijv0tD:caNN

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 2396	4568	rundll32.exe	84
PID 4568 wrote to memory of 2396	4568	rundll32.exe	84
PID 4568 wrote to memory of 2396	4568	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\023d38d7778b263b50e661c326a12010_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\023d38d7778b263b50e661c326a12010_JaffaCakes118.dll,#1
  2⤵
  PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads