5131ec6461a9895b19d2d178f6b0af86aa95eaefae5e5c21006f169baf404151 | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 12:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

792f3f6448764dbac296537f5e0309c8_JaffaCakes118.dll
Size

31KB
MD5

792f3f6448764dbac296537f5e0309c8
SHA1

29ae6c8d9b2e4a8fc1260a6f2c32646d751fbec9
SHA256

5131ec6461a9895b19d2d178f6b0af86aa95eaefae5e5c21006f169baf404151
SHA512

d3cf8f516a935965e5c7859c89681d40c9de6485d2683f813ed0cae993dbf75eadca96089f29d19f850fec2ff66b85b40f594879ea6dec3d4367e6ad3841dce6
SSDEEP

768:oHfKGXNgSN0i1zJn25w64tMgNtICo6m9:yig0i1x2MNtf1m

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2272	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2272	2772	rundll32.exe	28
PID 2772 wrote to memory of 2272	2772	rundll32.exe	28
PID 2772 wrote to memory of 2272	2772	rundll32.exe	28
PID 2772 wrote to memory of 2272	2772	rundll32.exe	28
PID 2772 wrote to memory of 2272	2772	rundll32.exe	28
PID 2772 wrote to memory of 2272	2772	rundll32.exe	28
PID 2772 wrote to memory of 2272	2772	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\792f3f6448764dbac296537f5e0309c8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\792f3f6448764dbac296537f5e0309c8_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads