Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 17:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
fad05b29cb610145e6b83e781e4eb044_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
fad05b29cb610145e6b83e781e4eb044_JaffaCakes118.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
fad05b29cb610145e6b83e781e4eb044_JaffaCakes118.dll
-
Size
116KB
-
MD5
fad05b29cb610145e6b83e781e4eb044
-
SHA1
ef7ad0f593d38ef93111b289b5e3537a5227dde5
-
SHA256
dcadcc285e7262d2f9f138e7c3ff0fa1ceca1d06d9e15c151f38eaa4f0a60eed
-
SHA512
2f77d320f5f38e820dfc29da9b977447f6809c840c33fbed3d11ce46c96d520e64789ce6b35978b375b3cf1711dd2644b8142c72a07874afcfa0d57f2a0875ea
-
SSDEEP
1536:qcU+ec3KbmYT3R1vS42Tne/xRjvlZagwM3HD:qN+ec3KbmYbPV2TnephvlZagf
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2804 wrote to memory of 3924 2804 rundll32.exe rundll32.exe PID 2804 wrote to memory of 3924 2804 rundll32.exe rundll32.exe PID 2804 wrote to memory of 3924 2804 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fad05b29cb610145e6b83e781e4eb044_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fad05b29cb610145e6b83e781e4eb044_JaffaCakes118.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3924-0-0x00000000005F0000-0x00000000005F9000-memory.dmpFilesize
36KB