df91efa46320b0e54a05f66ebe32d6e5bae4581cd7104a55d630290b0b1669d1 | Triage

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 02:20

Sharing

Report Analysis Logs

General

Target

5a12ead5f91c702e36f922ceaed456f8_JaffaCakes118.dll
Size

3KB
MD5

5a12ead5f91c702e36f922ceaed456f8
SHA1

4bba1d57c0b0ea8772ecccc8407e55626dbdbea9
SHA256

df91efa46320b0e54a05f66ebe32d6e5bae4581cd7104a55d630290b0b1669d1
SHA512

5c17f74a205af52ca7d4bde8194e8a4c5468ce49eb7bc21a91720159b33baa3aa4ae8d6752ba75eccb6a70aeacca89f9dc3652ba97f53f5282fd9955f4ddc36d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 740	2084	rundll32.exe	84
PID 2084 wrote to memory of 740	2084	rundll32.exe	84
PID 2084 wrote to memory of 740	2084	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a12ead5f91c702e36f922ceaed456f8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a12ead5f91c702e36f922ceaed456f8_JaffaCakes118.dll,#1
  2⤵
  PID:740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads