2fe55761bc7e5f56f5ff11f0a12599166234f0c1486c1404fff6f930bead8d82 | Triage

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 08:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a887e82ca4ac84992423893e555c0a5_JaffaCakes118.dll
Size

3KB
MD5

1a887e82ca4ac84992423893e555c0a5
SHA1

f8601488a12593c1e4f9789db3dcee3beee219df
SHA256

2fe55761bc7e5f56f5ff11f0a12599166234f0c1486c1404fff6f930bead8d82
SHA512

6cfeeeacdb363a6b3fd562a53ee748d43cf336eedaf6611bb29652ed348d2500e4f2cb529fbf0d741effbfc32c38df8b430a9c94b18ecfdfe981226acc701712

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 2396	4060	rundll32.exe	81
PID 4060 wrote to memory of 2396	4060	rundll32.exe	81
PID 4060 wrote to memory of 2396	4060	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a887e82ca4ac84992423893e555c0a5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a887e82ca4ac84992423893e555c0a5_JaffaCakes118.dll,#1
  2⤵
  PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads