fbe80359c986a8ea4b208d512716fd24cf21aab93cbc6a9e42b51feb47896241 | Triage

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 18:14

Sharing

Report Analysis Logs

General

Target

42cbec1836267f694a999605fff0a65d_JaffaCakes118.dll
Size

31KB
MD5

42cbec1836267f694a999605fff0a65d
SHA1

9ed1b42315ef74bb2eaec5a4cfa5b1e261db4a1a
SHA256

fbe80359c986a8ea4b208d512716fd24cf21aab93cbc6a9e42b51feb47896241
SHA512

97793c243e9caa8ce4be0570c844400c96fe2552071cd09203053e0adc2d99965d2b9297844a7c78225d0034257adc4f8ec0e64ce90fdfda2f6e15e5ea8b93eb
SSDEEP

768:fAMKaHVV5DRfYblCfixklLK8yzBkrIvWE:fAFaH3AlCKPvWryW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 2368	464	rundll32.exe	30
PID 464 wrote to memory of 2368	464	rundll32.exe	30
PID 464 wrote to memory of 2368	464	rundll32.exe	30
PID 464 wrote to memory of 2368	464	rundll32.exe	30
PID 464 wrote to memory of 2368	464	rundll32.exe	30
PID 464 wrote to memory of 2368	464	rundll32.exe	30
PID 464 wrote to memory of 2368	464	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42cbec1836267f694a999605fff0a65d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42cbec1836267f694a999605fff0a65d_JaffaCakes118.dll,#1
  2⤵
  PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2368-1-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download
memory/2368-2-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download
memory/2368-0-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download