d8597bf0232c30905627eead3887c2c482a45fde792dd5ea502c1750c87aee99 | Triage

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 07:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

48ce463a44d600aead4df0e73498b5f6_JaffaCakes118.dll
Size

3KB
MD5

48ce463a44d600aead4df0e73498b5f6
SHA1

0e57c55841791ea20fcb34e657601dbba3d2ce6c
SHA256

d8597bf0232c30905627eead3887c2c482a45fde792dd5ea502c1750c87aee99
SHA512

934274f79b9141b8eb23609b8d0a11fd6d8ed7f4233d8cf1ffb2e9d72e0699fe8d05c437b906ff0b9b9d52b8da05a1b70c53856aeb895c61185cefed6efb73aa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 2256	1052	rundll32.exe	29
PID 1052 wrote to memory of 2256	1052	rundll32.exe	29
PID 1052 wrote to memory of 2256	1052	rundll32.exe	29
PID 1052 wrote to memory of 2256	1052	rundll32.exe	29
PID 1052 wrote to memory of 2256	1052	rundll32.exe	29
PID 1052 wrote to memory of 2256	1052	rundll32.exe	29
PID 1052 wrote to memory of 2256	1052	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48ce463a44d600aead4df0e73498b5f6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48ce463a44d600aead4df0e73498b5f6_JaffaCakes118.dll,#1
  2⤵
  PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads