16ead4e6b90bd12215b61a3159f8065bcc859b47794a582166183e42cad8a14a | Triage

Analysis

max time kernel
140s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 21:12

Sharing

Report Analysis Logs

General

Target

5b7e7c1527b5beb5c61e100e9f3160ac_JaffaCakes118.dll
Size

507KB
MD5

5b7e7c1527b5beb5c61e100e9f3160ac
SHA1

767312c6fcac004902023e65a4f985a4b3b870a6
SHA256

16ead4e6b90bd12215b61a3159f8065bcc859b47794a582166183e42cad8a14a
SHA512

30a68563d8b750689c158c7fd19c0d55aa9dda2e13e57dc3bd73b98c323c8b030c6c8d49287752605e120fbbfe15a43e59d192d655269dd29063c4a752712b3f
SSDEEP

12288:+OlmoCBBPujFVygLw87Gtkpc9KfcVZtRINx:+gj/y6wKLv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 1472	5116	rundll32.exe	82
PID 5116 wrote to memory of 1472	5116	rundll32.exe	82
PID 5116 wrote to memory of 1472	5116	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b7e7c1527b5beb5c61e100e9f3160ac_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b7e7c1527b5beb5c61e100e9f3160ac_JaffaCakes118.dll,#1
  2⤵
  PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads