dd3e2e8b152ee2ee3883a617e1e738afb63ea4aa7aaef03b484ea78436e20c0b | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 16:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4693de767618d05dc15a5f10fa0856e7_JaffaCakes118.dll
Size

30KB
MD5

4693de767618d05dc15a5f10fa0856e7
SHA1

3af1a35c01e267086644feacf7ca74c602cf4348
SHA256

dd3e2e8b152ee2ee3883a617e1e738afb63ea4aa7aaef03b484ea78436e20c0b
SHA512

76252b8185aa884e15176e7b294610919d449b04b82ec1ac6b7551526c76b0f80fce0c3cc4f510c92e2c9a9f1f33baba1fb718cae00f7e7b3b2db2f00d8ab32f
SSDEEP

768:lWIN+bVFfD85Z2nQr6ae9z3PgqhAkBf2Hzhn:lRW7CrDeFpAT9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2244	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2244	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2244	2700	rundll32.exe	31
PID 2700 wrote to memory of 2244	2700	rundll32.exe	31
PID 2700 wrote to memory of 2244	2700	rundll32.exe	31
PID 2700 wrote to memory of 2244	2700	rundll32.exe	31
PID 2700 wrote to memory of 2244	2700	rundll32.exe	31
PID 2700 wrote to memory of 2244	2700	rundll32.exe	31
PID 2700 wrote to memory of 2244	2700	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4693de767618d05dc15a5f10fa0856e7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4693de767618d05dc15a5f10fa0856e7_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads