Analysis
-
max time kernel
144s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15-04-2024 09:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f0c5f1eb3a797c2a04508f1c4bc7f3ce_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
f0c5f1eb3a797c2a04508f1c4bc7f3ce_JaffaCakes118.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
f0c5f1eb3a797c2a04508f1c4bc7f3ce_JaffaCakes118.dll
-
Size
93KB
-
MD5
f0c5f1eb3a797c2a04508f1c4bc7f3ce
-
SHA1
8d669a6d66f749ea43748f9affd1355798e3216d
-
SHA256
bc92744d3722e34bc6813ab9017487a5447a6d019031f7816e36cf4f4f1b1056
-
SHA512
eb9294a09245b6051a48b7b0425c123fb307a473774788f12da9c5a7d95801c6353acf374ae501c8892913c3ec8243b84dc8f4061e3bd2d889fd0acb2173cd02
-
SSDEEP
1536:W44nAKig36C6gDqQkCdQwHjhB2RJMJu44Q7HChUDJasRGBENF6BDVeFpAjNtxnZk:WznRlgjQ9DHlB2/3+LYpBENsQF6jbxny
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1956 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4480 wrote to memory of 1956 4480 rundll32.exe 92 PID 4480 wrote to memory of 1956 4480 rundll32.exe 92 PID 4480 wrote to memory of 1956 4480 rundll32.exe 92
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f0c5f1eb3a797c2a04508f1c4bc7f3ce_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4480 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f0c5f1eb3a797c2a04508f1c4bc7f3ce_JaffaCakes118.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3180 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:81⤵PID:3660