f5823a09c4e3a6c810a0a4ecbcc73c7f6028894a20831b3ae59a48ba8b47cdb0 | Triage

Analysis

max time kernel
94s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 02:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

375c472c4816ec35b1e879e7376ed2b3_JaffaCakes118.dll
Size

29KB
MD5

375c472c4816ec35b1e879e7376ed2b3
SHA1

045ec749f8bfa83ed580fb7dc2540d3615b77cf6
SHA256

f5823a09c4e3a6c810a0a4ecbcc73c7f6028894a20831b3ae59a48ba8b47cdb0
SHA512

a90636c3b6d1f3855404f28248e247c0dc65443c322042d073a34ede39fa1be4b2ba69d08cb51b780352414f604cae66499141aa2b6959d2cdfc36a21f1998f8
SSDEEP

768:GUw9aHZ9FecK5mbW9AYYm21DYfDONvCCY/P:GUPZ9x75YcCCY/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 2556	1092	rundll32.exe	83
PID 1092 wrote to memory of 2556	1092	rundll32.exe	83
PID 1092 wrote to memory of 2556	1092	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\375c472c4816ec35b1e879e7376ed2b3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\375c472c4816ec35b1e879e7376ed2b3_JaffaCakes118.dll,#1
  2⤵
  PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads