366ab1a16203cb9775b3b215bcf371e75d3cd2f8ba8d7916e7c5f9efb84f716c | Triage

Analysis

max time kernel
126s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 13:35

Sharing

Report Analysis Logs

General

Target

0e4483c5ab4e25994eab458579016d46_JaffaCakes118.dll
Size

3KB
MD5

0e4483c5ab4e25994eab458579016d46
SHA1

db24b4592603432ef5939db7efd42f3e8f19c8d5
SHA256

366ab1a16203cb9775b3b215bcf371e75d3cd2f8ba8d7916e7c5f9efb84f716c
SHA512

9d604a8c244dec08903af2128b5288bf4380576decce2927666a631b1391b10226923dff0bd54682ee8d72b7ea250e7c04fb7a64bbd6741961293992776bad02

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 736	4664	rundll32.exe	88
PID 4664 wrote to memory of 736	4664	rundll32.exe	88
PID 4664 wrote to memory of 736	4664	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e4483c5ab4e25994eab458579016d46_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e4483c5ab4e25994eab458579016d46_JaffaCakes118.dll,#1
  2⤵
  PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1280,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8
1⤵
PID:4036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads