Analysis
-
max time kernel
92s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 05:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f996e58393da72d1d54124e1f98f375b_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
f996e58393da72d1d54124e1f98f375b_JaffaCakes118.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
f996e58393da72d1d54124e1f98f375b_JaffaCakes118.dll
-
Size
54KB
-
MD5
f996e58393da72d1d54124e1f98f375b
-
SHA1
df99b5a0d59f5e21dacc20bf1a6b1a157a55dfbc
-
SHA256
5137c584d4f1a5caf62f8c003c131107bbc181a14cf7f625485123313a77ea12
-
SHA512
53da512375058455821e2c31820caab2c9d158b27e0fdfd44746939d0f5bbe4f2feed3143584c94c58d42f1019d0f965b6d7e5ac3737a9f97527cc2a6f107157
-
SSDEEP
768:dni4Qe1vZl2qsmjZ92C1wp2J14wzyqG6J7wIPnLNuiaIyasi8rR:smf8+juoG2J14wFG6RFPLQIya4
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1140 wrote to memory of 2760 1140 rundll32.exe rundll32.exe PID 1140 wrote to memory of 2760 1140 rundll32.exe rundll32.exe PID 1140 wrote to memory of 2760 1140 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f996e58393da72d1d54124e1f98f375b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f996e58393da72d1d54124e1f98f375b_JaffaCakes118.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2760-0-0x00000000029A0000-0x00000000029A9000-memory.dmpFilesize
36KB