c5694b476c7ca5b4dceb39d1770fac687bcab35a05087fc6281e824f3b161512 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 18:39

Sharing

Report Analysis Logs

General

Target

08b96e5fb38d942b2ba21618211a1ae0_JaffaCakes118.dll
Size

3KB
MD5

08b96e5fb38d942b2ba21618211a1ae0
SHA1

c35a67139b5b1f4a3c66e7fe4d49ddea2b9bc923
SHA256

c5694b476c7ca5b4dceb39d1770fac687bcab35a05087fc6281e824f3b161512
SHA512

e5887029c405ee2b22547a205bae6d7a6cf05f27e81a5cea1e23a2879fec49477ef6db15176b352a1febe1c9284a76ab0110238423854adeace4f74439a89785

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2236	2180	rundll32.exe	28
PID 2180 wrote to memory of 2236	2180	rundll32.exe	28
PID 2180 wrote to memory of 2236	2180	rundll32.exe	28
PID 2180 wrote to memory of 2236	2180	rundll32.exe	28
PID 2180 wrote to memory of 2236	2180	rundll32.exe	28
PID 2180 wrote to memory of 2236	2180	rundll32.exe	28
PID 2180 wrote to memory of 2236	2180	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08b96e5fb38d942b2ba21618211a1ae0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\08b96e5fb38d942b2ba21618211a1ae0_JaffaCakes118.dll,#1
  2⤵
  PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads