219751c03f0ba60d65d1e27eba092fff11af0b03946d5412582bfa5006aab07b | Triage

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2024 11:29

Sharing

Report Analysis Logs

General

Target

e26ffcff7252b8284a4c296354b5f64e_JaffaCakes118.dll
Size

30KB
MD5

e26ffcff7252b8284a4c296354b5f64e
SHA1

f5772d842ab7d4cfa072786730b069629bb9557f
SHA256

219751c03f0ba60d65d1e27eba092fff11af0b03946d5412582bfa5006aab07b
SHA512

f1c5b018aa8ea45d3074b7ff9e3086c133e0e7c036d1b3422b624129ea71035bd32b342cfaf7c4c57322db137df6b6114635069b24db9f03015064eaf471f9ef
SSDEEP

768:V+QhqMOlXGkWMhS3Ysy4qsAOZhdVmPCc:VNrKXGOS3Y3OZ57c

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3516	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3076 wrote to memory of 3516	3076	rundll32.exe	87
PID 3076 wrote to memory of 3516	3076	rundll32.exe	87
PID 3076 wrote to memory of 3516	3076	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e26ffcff7252b8284a4c296354b5f64e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e26ffcff7252b8284a4c296354b5f64e_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads