02d71c2d99ff09168bce9b43bba9151188a0ec583f5d534ff595b12c23d5ad5d | Triage

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 06:22

Sharing

Report Analysis Logs

General

Target

2f49b338b5893aed51eaa798d8a86fd2_JaffaCakes118.dll
Size

39KB
MD5

2f49b338b5893aed51eaa798d8a86fd2
SHA1

bdf31fbc8cf42137f7dd4d5de0d06935802bc5e9
SHA256

02d71c2d99ff09168bce9b43bba9151188a0ec583f5d534ff595b12c23d5ad5d
SHA512

1636ca18b9ee815df1a629ddd05ef26092c95e0b020acb90f6dfc1fe08723ccfb73a1afc26faaf103a1516199f4ce6db4fa1b7fbaa6840227a334a068542e946
SSDEEP

768:firVdDjSxFV5vSGD6GeIJ65vkwV19sl284T:fejSPJDja797/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2212	1684	rundll32.exe	30
PID 1684 wrote to memory of 2212	1684	rundll32.exe	30
PID 1684 wrote to memory of 2212	1684	rundll32.exe	30
PID 1684 wrote to memory of 2212	1684	rundll32.exe	30
PID 1684 wrote to memory of 2212	1684	rundll32.exe	30
PID 1684 wrote to memory of 2212	1684	rundll32.exe	30
PID 1684 wrote to memory of 2212	1684	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f49b338b5893aed51eaa798d8a86fd2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f49b338b5893aed51eaa798d8a86fd2_JaffaCakes118.dll,#1
  2⤵
  PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads