38182ce25b89fb0e1fd35a94c94e52abc82eff0e4523f1a4841da826fe717cbf | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 12:22

Sharing

Report Analysis Logs

General

Target

34b292354e96c327bf964f2b627338cf_JaffaCakes118.dll
Size

14KB
MD5

34b292354e96c327bf964f2b627338cf
SHA1

9edfb6152dec8851c353543af924c3113046555c
SHA256

38182ce25b89fb0e1fd35a94c94e52abc82eff0e4523f1a4841da826fe717cbf
SHA512

d2705df3196a576f93f3bd6bcc635ccb46a64b1c70f7bb7935348d1f178f95fa95e7578425d6a7cb746346fa26bd99233ee9c0ce95c4c242ac1238d8bd22d889
SSDEEP

384:TJhu+wGuPzVM5WPHyRRRnx6Xgc2Sw2qr:TPhwGoVc+S9cY2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2696	2664	rundll32.exe	30
PID 2664 wrote to memory of 2696	2664	rundll32.exe	30
PID 2664 wrote to memory of 2696	2664	rundll32.exe	30
PID 2664 wrote to memory of 2696	2664	rundll32.exe	30
PID 2664 wrote to memory of 2696	2664	rundll32.exe	30
PID 2664 wrote to memory of 2696	2664	rundll32.exe	30
PID 2664 wrote to memory of 2696	2664	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\34b292354e96c327bf964f2b627338cf_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\34b292354e96c327bf964f2b627338cf_JaffaCakes118.dll,#1
  2⤵
  PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2696-1-0x000000001000E000-0x000000001000F000-memory.dmp

Filesize
4KB

Download
memory/2696-0-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download