43eb9e73fea24820916335335c9179f0958405ef00194b6e35ebab503feac05e | Triage

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 08:19

Sharing

Report Analysis Logs

General

Target

a0019212caef1bb383b1b0e79ccf5ae5_JaffaCakes118.dll
Size

191KB
MD5

a0019212caef1bb383b1b0e79ccf5ae5
SHA1

2a12494f18613d338b508aaaa6d8de384166d1e8
SHA256

43eb9e73fea24820916335335c9179f0958405ef00194b6e35ebab503feac05e
SHA512

548baccf56cea00104f240bf22ad37a486304a55a51036832314098d20bf82c39e1d1a9d62fcbfb9ed77178226846de4fa458a79418e7dec01f989bdc1db36bc
SSDEEP

3072:ayVtGgN+f/28wTaZp2WOD+ZulRl/8DKi:aOmOPam/10Wi

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1044	1672	rundll32.exe	28
PID 1672 wrote to memory of 1044	1672	rundll32.exe	28
PID 1672 wrote to memory of 1044	1672	rundll32.exe	28
PID 1672 wrote to memory of 1044	1672	rundll32.exe	28
PID 1672 wrote to memory of 1044	1672	rundll32.exe	28
PID 1672 wrote to memory of 1044	1672	rundll32.exe	28
PID 1672 wrote to memory of 1044	1672	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0019212caef1bb383b1b0e79ccf5ae5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0019212caef1bb383b1b0e79ccf5ae5_JaffaCakes118.dll,#1
  2⤵
  PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads