Analysis
-
max time kernel
98s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 06:48
Behavioral task
behavioral1
Sample
f9bcc58d13fcfc592a6cabb23520a6fb_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
f9bcc58d13fcfc592a6cabb23520a6fb_JaffaCakes118.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
f9bcc58d13fcfc592a6cabb23520a6fb_JaffaCakes118.dll
-
Size
210KB
-
MD5
f9bcc58d13fcfc592a6cabb23520a6fb
-
SHA1
727fdd435c208ef2bf140cabb26fb1b2026b625f
-
SHA256
5b81e2314a4d0a7483f008dece6a5b0296d400ab494cf3bdd8e741cbbf0e867c
-
SHA512
9eb23107f5667e88eb00f6b02d8d3e007f65014b214f5abeefa50534a7be1de1eb82d55b8d90fa6fdd79d749dbaf969294b098ba6613260bc061f71c913c1766
-
SSDEEP
3072:6WjM4tenQB7H4T5UO6ecXRrfjnSn3B3wa//QOh9kdkiQn6ap8Mzc4yC4QsYIR85t:84clx6tRr7Gf/fkdkiQF/g4rPIR85t
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4712-0-0x0000000000400000-0x0000000000457000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4916 4712 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4256 wrote to memory of 4712 4256 rundll32.exe rundll32.exe PID 4256 wrote to memory of 4712 4256 rundll32.exe rundll32.exe PID 4256 wrote to memory of 4712 4256 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9bcc58d13fcfc592a6cabb23520a6fb_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9bcc58d13fcfc592a6cabb23520a6fb_JaffaCakes118.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 5683⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4712 -ip 47121⤵