fe47c5e3377859caebf9b1c9e8425e72561656141d25089824e85d48e94dcfa2 | Triage

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 19:28

Sharing

Report Analysis Logs

General

Target

3e9736ff9956f4a7f6f21d71ebd5a903_JaffaCakes118.dll
Size

26KB
MD5

3e9736ff9956f4a7f6f21d71ebd5a903
SHA1

4b5231edd7cd92543c8f481ee509b0af5413a1b8
SHA256

fe47c5e3377859caebf9b1c9e8425e72561656141d25089824e85d48e94dcfa2
SHA512

43dfdc5f6d0fb2feb7bba57c4209e64d8ff541193717a6bc13954064dc7fabbb2a2b9fee9c389d93504f731e4c1f9909fb71f7f50a772535cc906c964cc808df
SSDEEP

768:Nk6wUXUvjpBgP5EhHFhj+Nub9Wo8TAqH:NPwUEYxfsneAq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 3716	3544	rundll32.exe	83
PID 3544 wrote to memory of 3716	3544	rundll32.exe	83
PID 3544 wrote to memory of 3716	3544	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e9736ff9956f4a7f6f21d71ebd5a903_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e9736ff9956f4a7f6f21d71ebd5a903_JaffaCakes118.dll,#1
  2⤵
  PID:3716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3716-0-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/3716-1-0x00000000003E0000-0x00000000003E5000-memory.dmp

Filesize
20KB

Download
memory/3716-2-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/3716-3-0x00000000003E0000-0x00000000003E5000-memory.dmp

Filesize
20KB

Download