219751c03f0ba60d65d1e27eba092fff11af0b03946d5412582bfa5006aab07b | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 11:29

Sharing

Report Analysis Logs

General

Target

e26ffcff7252b8284a4c296354b5f64e_JaffaCakes118.dll
Size

30KB
MD5

e26ffcff7252b8284a4c296354b5f64e
SHA1

f5772d842ab7d4cfa072786730b069629bb9557f
SHA256

219751c03f0ba60d65d1e27eba092fff11af0b03946d5412582bfa5006aab07b
SHA512

f1c5b018aa8ea45d3074b7ff9e3086c133e0e7c036d1b3422b624129ea71035bd32b342cfaf7c4c57322db137df6b6114635069b24db9f03015064eaf471f9ef
SSDEEP

768:V+QhqMOlXGkWMhS3Ysy4qsAOZhdVmPCc:VNrKXGOS3Y3OZ57c

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2708	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2708	2512	rundll32.exe	28
PID 2512 wrote to memory of 2708	2512	rundll32.exe	28
PID 2512 wrote to memory of 2708	2512	rundll32.exe	28
PID 2512 wrote to memory of 2708	2512	rundll32.exe	28
PID 2512 wrote to memory of 2708	2512	rundll32.exe	28
PID 2512 wrote to memory of 2708	2512	rundll32.exe	28
PID 2512 wrote to memory of 2708	2512	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e26ffcff7252b8284a4c296354b5f64e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e26ffcff7252b8284a4c296354b5f64e_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads