b68a201e386c5f89b8a7857a31c665df7cbbb8b1f904d87dab909aa9cf8578db | Triage

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 01:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

01b05094bc9c14032c86defe2c9eed78_JaffaCakes118.dll
Size

13KB
MD5

01b05094bc9c14032c86defe2c9eed78
SHA1

af298bc29427833834c40789876cf636a40ee908
SHA256

b68a201e386c5f89b8a7857a31c665df7cbbb8b1f904d87dab909aa9cf8578db
SHA512

6a6a962186984542f8e653dae95b9e497a9c5705deae77da95ba21b39c3e1e92165c12c936f8e3febee524d927a63d9b7410d8fe55b79f534c0bedb361a0eeff
SSDEEP

384:bPwIWoXbUamlTZiSw89Lqb61lrRPvxW0IWb:cItXb1Zq9PpJ

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3344	rundll32.exe
3344	rundll32.exe
3344	rundll32.exe
3344	rundll32.exe
3344	rundll32.exe
3344	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 3344	3624	rundll32.exe	82
PID 3624 wrote to memory of 3344	3624	rundll32.exe	82
PID 3624 wrote to memory of 3344	3624	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\01b05094bc9c14032c86defe2c9eed78_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\01b05094bc9c14032c86defe2c9eed78_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3344-0-0x00000000007E0000-0x00000000007ED000-memory.dmp

Filesize
52KB

Download
memory/3344-1-0x00000000007E0000-0x00000000007ED000-memory.dmp

Filesize
52KB

Download