a518e941a1a34393934afc65f1785ee47a3df75ef824919a711855c7bd680337 | Triage

Analysis

max time kernel
92s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 11:09

Sharing

Report Analysis Logs

General

Target

458dd7c69bcfd13d1b730cf905949bbc_JaffaCakes118.dll
Size

26KB
MD5

458dd7c69bcfd13d1b730cf905949bbc
SHA1

861db0a0090755f3fb7783fe23806e38e1b35262
SHA256

a518e941a1a34393934afc65f1785ee47a3df75ef824919a711855c7bd680337
SHA512

a077edd2e4c38e4586b2f68c8f15bb9b2dece918edcb5bfa17e9d929f06fc96e2b883329fc22ccfa899b12fe262b7f3c02d619180175cf6bb4bfcdec4b0c5399
SSDEEP

768:LPAowzFdyR7wayfQzn5cY/5bpzrc9+D2:LoPgj92

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 3904	2936	rundll32.exe	83
PID 2936 wrote to memory of 3904	2936	rundll32.exe	83
PID 2936 wrote to memory of 3904	2936	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\458dd7c69bcfd13d1b730cf905949bbc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\458dd7c69bcfd13d1b730cf905949bbc_JaffaCakes118.dll,#1
  2⤵
  PID:3904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads