aafede0ba21b5381668368e1dc70b7bf497cab6a53c30b39ea9a3bf2cc399078 | Triage

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 08:08

Sharing

Report Analysis Logs

General

Target

27d7b76e4aa804e6025f719c0d490c36_JaffaCakes118.dll
Size

968KB
MD5

27d7b76e4aa804e6025f719c0d490c36
SHA1

5fca39fb28e6587cc4fc2189f60154af3007689b
SHA256

aafede0ba21b5381668368e1dc70b7bf497cab6a53c30b39ea9a3bf2cc399078
SHA512

1ac65d0a497e0f794f73202fc36012ca31a11029c03d4c2dd27fdf9f460d40c24d36fe33cde13a7e49041fe527aad40858802a9b085cb9715b1c02494df2b7d1
SSDEEP

12288:LeK0163am4ueS6/4yMHktfLAPnzLgrjao:Sjl4/HSILg/a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 4060	5092	rundll32.exe	82
PID 5092 wrote to memory of 4060	5092	rundll32.exe	82
PID 5092 wrote to memory of 4060	5092	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27d7b76e4aa804e6025f719c0d490c36_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27d7b76e4aa804e6025f719c0d490c36_JaffaCakes118.dll,#1
  2⤵
  PID:4060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4060-0-0x000000007C800000-0x000000007C8F6000-memory.dmp

Filesize
984KB

Download