69a0056ba40acdeb2c59c8da86f53f77f1c3fc503d3f26f4e58f9334626f884e | Triage

Analysis

max time kernel
66s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 23:01

Sharing

Report Analysis Logs

General

Target

03d34c0192e3dc2f1a5276a8f811222d_JaffaCakes118.dll
Size

1.0MB
MD5

03d34c0192e3dc2f1a5276a8f811222d
SHA1

d9cd5b28f4c7fc908dc001f5c04fb4f729174fa4
SHA256

69a0056ba40acdeb2c59c8da86f53f77f1c3fc503d3f26f4e58f9334626f884e
SHA512

4cb36c04df9a9b4b02c0df16dae0ed1e7b03ad2014416dba6317e35aee9afe62c467587ff9d4c3b15eed7faa56940eaa75554c9716d212537cbae6d4c021a68e
SSDEEP

24576:72BYUOT3+Bo/pSSm0I8png5nrseU7xdeu:ywuBo1UVrs1Wu

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2812 wrote to memory of 1204	2812	rundll32.exe	rundll32.exe
PID 2812 wrote to memory of 1204	2812	rundll32.exe	rundll32.exe
PID 2812 wrote to memory of 1204	2812	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03d34c0192e3dc2f1a5276a8f811222d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\03d34c0192e3dc2f1a5276a8f811222d_JaffaCakes118.dll,#1
  2⤵
  PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads