Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2024 11:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
fc9b8ef801fa8535c91991dcc97383b6_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
fc9b8ef801fa8535c91991dcc97383b6_JaffaCakes118.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
fc9b8ef801fa8535c91991dcc97383b6_JaffaCakes118.dll
-
Size
84KB
-
MD5
fc9b8ef801fa8535c91991dcc97383b6
-
SHA1
45d82f3a6fa8862a64da8552a6f7ca921ecd02f9
-
SHA256
c177d55025369d9f77ed441aa31fe96e3c06a4557ef94e2e63b26757b2db72f1
-
SHA512
bfd8e627159891bc8369236350d75ec02d64cb83d0a6c4df492b0d8e93777356bef1850504a8250fb8692f9b5db272df32d779242aa4ee812d42714071bb3c6f
-
SSDEEP
1536:vHEkhVjF6SR6r/ISOraiKj6k/v8Vui9moz7DALpBoT1:vHEkhVjF96b0oj6kcVdcE7D8c1
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3476 wrote to memory of 1332 3476 rundll32.exe rundll32.exe PID 3476 wrote to memory of 1332 3476 rundll32.exe rundll32.exe PID 3476 wrote to memory of 1332 3476 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fc9b8ef801fa8535c91991dcc97383b6_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fc9b8ef801fa8535c91991dcc97383b6_JaffaCakes118.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1332-0-0x0000000000EB0000-0x0000000000EB9000-memory.dmpFilesize
36KB