cf3ff9cf04fe2398787c05185fb38f75fdc8c6fef4f47502d54f9087b04532a5 | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 12:51

Sharing

Report Analysis Logs

General

Target

392fa0e199da2ab3a16aa98966e3dcae_JaffaCakes118.dll
Size

3KB
MD5

392fa0e199da2ab3a16aa98966e3dcae
SHA1

64a65b48d6ee8104062c9398da25793487a0a412
SHA256

cf3ff9cf04fe2398787c05185fb38f75fdc8c6fef4f47502d54f9087b04532a5
SHA512

33014d83a546d87f64b248f5c8999073c086c3ae084a8b0eda07ea1ea2241c874482b1d47ed8231c32af5db2b5d6da991dc16e4f53dea92ea3585a951be97136

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2656	2632	rundll32.exe	30
PID 2632 wrote to memory of 2656	2632	rundll32.exe	30
PID 2632 wrote to memory of 2656	2632	rundll32.exe	30
PID 2632 wrote to memory of 2656	2632	rundll32.exe	30
PID 2632 wrote to memory of 2656	2632	rundll32.exe	30
PID 2632 wrote to memory of 2656	2632	rundll32.exe	30
PID 2632 wrote to memory of 2656	2632	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\392fa0e199da2ab3a16aa98966e3dcae_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\392fa0e199da2ab3a16aa98966e3dcae_JaffaCakes118.dll,#1
  2⤵
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads