33e893def3e529d99c2e68e4292f6cd9095d128ee91d24957e305a73c64bb564 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 07:25

Sharing

Report Analysis Logs

General

Target

66a6c556042e662f5334cbad91d83461_JaffaCakes118.dll
Size

2KB
MD5

66a6c556042e662f5334cbad91d83461
SHA1

bf33cfb3dc104a27cb548c16cfcdff949f5ff640
SHA256

33e893def3e529d99c2e68e4292f6cd9095d128ee91d24957e305a73c64bb564
SHA512

7a7f26826debc5751ac23121c805d163c60317af54cac2fb23d04b9dcc254559ca3f07b59d5a7477a343039d63d1d591fd8db863be50257286a55678b316f9a7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2396	2408	rundll32.exe	30
PID 2408 wrote to memory of 2396	2408	rundll32.exe	30
PID 2408 wrote to memory of 2396	2408	rundll32.exe	30
PID 2408 wrote to memory of 2396	2408	rundll32.exe	30
PID 2408 wrote to memory of 2396	2408	rundll32.exe	30
PID 2408 wrote to memory of 2396	2408	rundll32.exe	30
PID 2408 wrote to memory of 2396	2408	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66a6c556042e662f5334cbad91d83461_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\66a6c556042e662f5334cbad91d83461_JaffaCakes118.dll,#1
  2⤵
  PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2396-0-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download
memory/2396-1-0x0000000010001000-0x0000000010002000-memory.dmp

Filesize
4KB

Download