Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
01-05-2024 19:05
Behavioral task
behavioral1
Sample
0c9bef0496980f1304a14e3fa7737146_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
0c9bef0496980f1304a14e3fa7737146_JaffaCakes118.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
0c9bef0496980f1304a14e3fa7737146_JaffaCakes118.dll
-
Size
167KB
-
MD5
0c9bef0496980f1304a14e3fa7737146
-
SHA1
4a40d0bbe792271c0911c09c5cdd577d7e38a399
-
SHA256
52321edc0c5a3fcb824d591c730e7783194ec5e1c0f617b40ffe760a876924eb
-
SHA512
a910b0db163f6cec3914096b3b5a05503a3e92cec82fe60e900157a173bdc154c7376bb229b01612b05eb084427ea3820291d66714b00fd9bec7098972aef916
-
SSDEEP
3072:WAOoSg75OpGZlF9HX2okHlmzCSkiNi1ai2SHs1XveZCU:WAOoDMpGZz9GuCEkavSH2eZ7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4388 wrote to memory of 3704 4388 rundll32.exe rundll32.exe PID 4388 wrote to memory of 3704 4388 rundll32.exe rundll32.exe PID 4388 wrote to memory of 3704 4388 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0c9bef0496980f1304a14e3fa7737146_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0c9bef0496980f1304a14e3fa7737146_JaffaCakes118.dll,#12⤵