Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
27-04-2024 22:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll
-
Size
11KB
-
MD5
03c0ab7de9d34a512ec128fce27277f9
-
SHA1
92e53fe59813595aeb6834a0d15bf2ea80f41d6d
-
SHA256
f79f73045a3c8c096ca6275fb72c5e5f1ca449e27a623ffd54cf675972bcb9c5
-
SHA512
07d302051edb6dc60fb1abecb5bbf9e261e9fbfd54abf9c074ca100123a00b31031627925a5e6619f656a0ce44ac24da2a6b1b8c720e721f588f6189386642f5
-
SSDEEP
192:PRuQHUj/++h5nqNMyIy49sF4A7lVlt3G4SDqr8Rcr98UYp:purjxXnqcT9sF7n3GzDHR8TYp
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 240 wrote to memory of 248 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 248 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 248 240 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/248-0-0x0000000061700000-0x000000006170F000-memory.dmpFilesize
60KB