ce76abc91280f0d766541b149afba48678c784a30edb6e56b2d56ba8542d11b7 | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 00:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b905cb0c69088853a570cff6bd01662_JaffaCakes118.dll
Size

8KB
MD5

0b905cb0c69088853a570cff6bd01662
SHA1

31daa7b5fd8a0554882c606efde989f703966e96
SHA256

ce76abc91280f0d766541b149afba48678c784a30edb6e56b2d56ba8542d11b7
SHA512

4979aeb09da482839bc986905f3bc0b1167145d1aa33a1380de78c241c63ab496fa5eb59e97ddfae0bd715f07e0e678d11be8d49859c79baca64a9e453efb52e
SSDEEP

192:eaBJqH//KlEEr9brOYczWUwRhTUQrNLhyPDXs:KgDgWU8ZUoJUg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2424	2436	rundll32.exe	28
PID 2436 wrote to memory of 2424	2436	rundll32.exe	28
PID 2436 wrote to memory of 2424	2436	rundll32.exe	28
PID 2436 wrote to memory of 2424	2436	rundll32.exe	28
PID 2436 wrote to memory of 2424	2436	rundll32.exe	28
PID 2436 wrote to memory of 2424	2436	rundll32.exe	28
PID 2436 wrote to memory of 2424	2436	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b905cb0c69088853a570cff6bd01662_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b905cb0c69088853a570cff6bd01662_JaffaCakes118.dll,#1
  2⤵
  PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2424-1-0x0000000038009000-0x000000003800A000-memory.dmp

Filesize
4KB

Download
memory/2424-2-0x0000000038000000-0x000000003800A000-memory.dmp

Filesize
40KB

Download
memory/2424-0-0x0000000038000000-0x000000003800A000-memory.dmp

Filesize
40KB

Download