a9873d4025b48dd7fc7596da87f72d8a5f42a920560894bfeaee5689444567a7 | Triage

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 18:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e7cdcedb38526e2c61489aae988e28e_JaffaCakes118.dll
Size

5KB
MD5

3e7cdcedb38526e2c61489aae988e28e
SHA1

1538550dee34d948be148a7fd6db47c82395fe72
SHA256

a9873d4025b48dd7fc7596da87f72d8a5f42a920560894bfeaee5689444567a7
SHA512

49e358ed9fd68ba87e15c749f452863b1d34e3745b9c87fd4a2c7138fe3942cadd620dc4b08e54047fe236c41563c0a8f5578cf245d5356ab1f509ed75ffbe6c
SSDEEP

96:Z1bZk1VcHK9Cc5Unb3tolhjnlcxLWgwv:21Vcq9Cc583ClhJ8I

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4408	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 4408	396	rundll32.exe	83
PID 396 wrote to memory of 4408	396	rundll32.exe	83
PID 396 wrote to memory of 4408	396	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e7cdcedb38526e2c61489aae988e28e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:396
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e7cdcedb38526e2c61489aae988e28e_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4408-0-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download