e397153820c1ad0a9582973985476e5e7d9c853664644015ba94e1b75efbb22d

Analysis

max time kernel
96s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 08:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

27e697f7a2162f3edebadee320b9f6ee_JaffaCakes118.dll
Size

14KB
MD5

27e697f7a2162f3edebadee320b9f6ee
SHA1

7f096e321aa8dcfbff5273f217462c1ae908baa4
SHA256

e397153820c1ad0a9582973985476e5e7d9c853664644015ba94e1b75efbb22d
SHA512

5099c4034b30e3d4fe256adbbdebeaf4ae0cf82f27338bbdb7ad085dca105a5790406fe0f003f3cbbaaa4a9c2b926db2c676ee7e7750fca24cfd0c6b18cda47d
SSDEEP

192:hnfx6Rejn6g78cN8XdC+1cMNUTh4X/jIIObESbbFOK5PhiaeIa3ek1x+aReysFti:Faeu9cN8BhqMOll55ChOkReysFa

Score

8^/10

persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
persistence privilege_escalation

AppInit DLLs
T1546.010

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 1132	3588	rundll32.exe	82
PID 3588 wrote to memory of 1132	3588	rundll32.exe	82
PID 3588 wrote to memory of 1132	3588	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27e697f7a2162f3edebadee320b9f6ee_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27e697f7a2162f3edebadee320b9f6ee_JaffaCakes118.dll,#1
  2⤵
  PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Privilege Escalation

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1132-0-0x0000000000F00000-0x0000000000F06000-memory.dmp

Filesize
24KB

Download
memory/1132-1-0x00000000032D0000-0x00000000032D6000-memory.dmp

Filesize
24KB

Download