2304b21065b7037c63ab80555315513475740025921d1b363c91a71083845041 | Triage

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 15:47

Sharing

Report Analysis Logs

General

Target

28b5f45f688b2cc7890ac118cebd2e91_JaffaCakes118.dll
Size

194KB
MD5

28b5f45f688b2cc7890ac118cebd2e91
SHA1

b9d5ca4f0d9bfbe0e29e8367a1c909354a506401
SHA256

2304b21065b7037c63ab80555315513475740025921d1b363c91a71083845041
SHA512

763958ea9d80811bd824f36f8da3d02b06a4ffd77b3c59189933eecd45a59fe8bb232c4e558a76430e5034965324c238260214ac6769f6a951079bd5778e1606
SSDEEP

6144:P+LHO6q/w7gv4TyQOI5JgpcvqNplclcfY:2Lu/iT0Iw5pw7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 3036	3948	rundll32.exe	82
PID 3948 wrote to memory of 3036	3948	rundll32.exe	82
PID 3948 wrote to memory of 3036	3948	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\28b5f45f688b2cc7890ac118cebd2e91_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\28b5f45f688b2cc7890ac118cebd2e91_JaffaCakes118.dll,#1
  2⤵
  PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3036-0-0x0000000075700000-0x00000000758AB000-memory.dmp

Filesize
1.7MB

Download