ec87d8bd1fc0b405b089f96df1c684de14b72577f7f3225accf208d7aaf4721d | Triage

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 01:50

Sharing

Report Analysis Logs

General

Target

3b9028f447bde8f95fbdcba0bd37265d_JaffaCakes118.dll
Size

31KB
MD5

3b9028f447bde8f95fbdcba0bd37265d
SHA1

a91a79ab368ed1522aef1c2fb19bfd909f8b7596
SHA256

ec87d8bd1fc0b405b089f96df1c684de14b72577f7f3225accf208d7aaf4721d
SHA512

ebdf69f056e1a101266804a3632e689bfbda7fdac4bc912ec0aa2872070a7ba1b833da5932bcd9c621b27a82028e5186ca159cc45510ea1a9b8813cac1660064
SSDEEP

768:1830DuxGcqbQFZcVfXbqmk6+1i84s9lL:1qx9qbQFZ8Xj+xL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 1728	2556	rundll32.exe	29
PID 2556 wrote to memory of 1728	2556	rundll32.exe	29
PID 2556 wrote to memory of 1728	2556	rundll32.exe	29
PID 2556 wrote to memory of 1728	2556	rundll32.exe	29
PID 2556 wrote to memory of 1728	2556	rundll32.exe	29
PID 2556 wrote to memory of 1728	2556	rundll32.exe	29
PID 2556 wrote to memory of 1728	2556	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b9028f447bde8f95fbdcba0bd37265d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b9028f447bde8f95fbdcba0bd37265d_JaffaCakes118.dll,#1
  2⤵
  PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download