11afef73c277b21162e5f49048748d8301433b324c10629f5d29b5afbfac7f95 | Triage

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 19:26

Sharing

Report Analysis Logs

General

Target

f1be3b86e81aebc7fd9ea2160fcb284c_JaffaCakes118.dll
Size

31KB
MD5

f1be3b86e81aebc7fd9ea2160fcb284c
SHA1

339cce7ee5cdbcf65350882bcaa6d079d10c7f53
SHA256

11afef73c277b21162e5f49048748d8301433b324c10629f5d29b5afbfac7f95
SHA512

e8c3432c0b3b9e7816de2bc98c95077c1fe30ccd7a1bcbdc7415e34c7b43f0796e5573052f035ecf52aef5393237923a631637d966eb396156b6c4f80dc59146
SSDEEP

768:otQaW69MIUSNEy1zQAgcnl6mJtMgNtLkFjr:QNXJEyVBlzNt

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3196	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 3196	224	rundll32.exe	82
PID 224 wrote to memory of 3196	224	rundll32.exe	82
PID 224 wrote to memory of 3196	224	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1be3b86e81aebc7fd9ea2160fcb284c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1be3b86e81aebc7fd9ea2160fcb284c_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads