Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2024 02:06
Static task
static1
Behavioral task
behavioral1
Sample
fbb043fa3913efacafd5b4000f5daa0b_JaffaCakes118.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
fbb043fa3913efacafd5b4000f5daa0b_JaffaCakes118.dll
Resource
win10v2004-20240412-en
General
-
Target
fbb043fa3913efacafd5b4000f5daa0b_JaffaCakes118.dll
-
Size
124KB
-
MD5
fbb043fa3913efacafd5b4000f5daa0b
-
SHA1
09e8cee71c786b6cdb8a7fd0009ba1746a332add
-
SHA256
f5aff0a5441e93f11d3a075de293d60123a0b156187f435b24bb314cc756b17c
-
SHA512
cd5219191d240ff1bf96982264d3cc054061a51c3372e15d8ca33833433ba420583ea64b45b937bc46272e35759e2ab1284982355488b0099b093d38d0942128
-
SSDEEP
1536:zQFTrStYIOvdwx71+CBHJoOYdWuWbsgTXfZzALGVAjnIqTsmaeCQtt5+R:IStxydoxtHbYdVabZaNkqWeCQtt5+R
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1364 wrote to memory of 1044 1364 rundll32.exe rundll32.exe PID 1364 wrote to memory of 1044 1364 rundll32.exe rundll32.exe PID 1364 wrote to memory of 1044 1364 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fbb043fa3913efacafd5b4000f5daa0b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fbb043fa3913efacafd5b4000f5daa0b_JaffaCakes118.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1044-0-0x0000000000780000-0x000000000078B000-memory.dmpFilesize
44KB
-
memory/1044-2-0x0000000010000000-0x000000001000A000-memory.dmpFilesize
40KB
-
memory/1044-4-0x0000000000780000-0x000000000078B000-memory.dmpFilesize
44KB
-
memory/1044-8-0x0000000000780000-0x000000000078B000-memory.dmpFilesize
44KB