6df7205c341d8fb7abc825c17b0ab94f400b7a5591bca715ef90e9bcd1b46b50 | Triage

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 21:38

Sharing

Report Analysis Logs

General

Target

17a0026ddc500876567b9fc52405e2b0_JaffaCakes118.dll
Size

128KB
MD5

17a0026ddc500876567b9fc52405e2b0
SHA1

bbb63ebb77c26ae76ab6fd882c6e16724c9e7c8f
SHA256

6df7205c341d8fb7abc825c17b0ab94f400b7a5591bca715ef90e9bcd1b46b50
SHA512

29c5651e785eaab05ee24880b47bd75a17fcc1927bafccdc2a36fcad14dbdfc1cffb5c6129e543eba900834213b31742ec1894f3c2501b59231595ec6e5976dd
SSDEEP

3072:ZSL2+lfdHlEAskeGEGAmS2UhfCUfAYoPx:x+fx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 2828	1388	regsvr32.exe	81
PID 1388 wrote to memory of 2828	1388	regsvr32.exe	81
PID 1388 wrote to memory of 2828	1388	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\17a0026ddc500876567b9fc52405e2b0_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\17a0026ddc500876567b9fc52405e2b0_JaffaCakes118.dll
  2⤵
  PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2828-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download