f2d70f385f254685b97214891d89a6a5f424079b1cc997f556758c3d83a14a06 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 00:51

Sharing

Report Analysis Logs

General

Target

70586d91ad38bc0d79776833beb5ddc0_JaffaCakes118.dll
Size

4KB
MD5

70586d91ad38bc0d79776833beb5ddc0
SHA1

49657b47f26879c4e48bd6df9473c84b913cd943
SHA256

f2d70f385f254685b97214891d89a6a5f424079b1cc997f556758c3d83a14a06
SHA512

c04352806f0d12e17679cbb3e3e05b10374039c32421136c2ad0d30d97af975b209759f24fd526169404057198dccd607635b8a06e30898ab1d5d76385ccc0aa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2832	2660	rundll32.exe	28
PID 2660 wrote to memory of 2832	2660	rundll32.exe	28
PID 2660 wrote to memory of 2832	2660	rundll32.exe	28
PID 2660 wrote to memory of 2832	2660	rundll32.exe	28
PID 2660 wrote to memory of 2832	2660	rundll32.exe	28
PID 2660 wrote to memory of 2832	2660	rundll32.exe	28
PID 2660 wrote to memory of 2832	2660	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\70586d91ad38bc0d79776833beb5ddc0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\70586d91ad38bc0d79776833beb5ddc0_JaffaCakes118.dll,#1
  2⤵
  PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads