c25f69c174f6c643241a03af2b3fac3cead42ad2bf9ab678e6d9e05ca904f505 | Triage

Analysis

max time kernel
0s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 06:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f2e93110fa68f59507c8dc29e72b0323_JaffaCakes118.dll
Size

550KB
MD5

f2e93110fa68f59507c8dc29e72b0323
SHA1

96c1e6f6f9c0a63ce8468c5a3c37c92c5255b548
SHA256

c25f69c174f6c643241a03af2b3fac3cead42ad2bf9ab678e6d9e05ca904f505
SHA512

ccb9038c88c14dc136fdf0987c20534729c4ad3177d277b844c03800838bc4c576d38b2a2c5270d3389d0f211c715d967c57b5eb37a6458e2e62c0bd133ff50c
SSDEEP

12288:/juvsGjuvjuvZkuvjuvjuvWBVuvjuvjuX:LOYQ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 4296	4648	rundll32.exe	84
PID 4648 wrote to memory of 4296	4648	rundll32.exe	84
PID 4648 wrote to memory of 4296	4648	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2e93110fa68f59507c8dc29e72b0323_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2e93110fa68f59507c8dc29e72b0323_JaffaCakes118.dll,#1
  2⤵
  PID:4296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4296-0-0x0000000000010000-0x0000000000029000-memory.dmp

Filesize
100KB

Download