96f644086c1ca9068d87bda1ab136c8140f6c2b74129e0e05083f7664f250ef2 | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 00:19

Sharing

Report Analysis Logs

General

Target

23fbd5ded2441e42475f7a2afc286bfc_JaffaCakes118.dll
Size

109KB
MD5

23fbd5ded2441e42475f7a2afc286bfc
SHA1

68a1155ac23249f538c6693283c91b9bbc7317e2
SHA256

96f644086c1ca9068d87bda1ab136c8140f6c2b74129e0e05083f7664f250ef2
SHA512

54a237aa73aee6f7d01e245672baceabe0ee78361535a175cd407c794f9a67d891ae2376084debd1b6f1802b20d5256d7512d9beea92ae4f9dd35865727f5161
SSDEEP

3072:p2Lf9Gj4b+XQcVc0Uci3HBBjxRd40suk:cacNThTRmr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 2224	1880	rundll32.exe	83
PID 1880 wrote to memory of 2224	1880	rundll32.exe	83
PID 1880 wrote to memory of 2224	1880	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23fbd5ded2441e42475f7a2afc286bfc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\23fbd5ded2441e42475f7a2afc286bfc_JaffaCakes118.dll,#1
  2⤵
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads