Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20/04/2024, 15:14
Behavioral task
behavioral1
Sample
fd0d050622e4454448c3200cedb5e8a9_JaffaCakes118.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
fd0d050622e4454448c3200cedb5e8a9_JaffaCakes118.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
fd0d050622e4454448c3200cedb5e8a9_JaffaCakes118.dll
-
Size
743KB
-
MD5
fd0d050622e4454448c3200cedb5e8a9
-
SHA1
c44b35665179a82f8909fcc5880b756a5bd4aa16
-
SHA256
717017af9609e442028d0b360e5238769668de001bfa0372e02e49c9bab911ec
-
SHA512
cb88edebdf6980390fd237c349e5c56b8d2ddc28d268cfae154a434e804a2911805292b84b665cfd00bd80e64577a7cad3be5ae05eff88ebcafaf1fb67cc6d0e
-
SSDEEP
12288:Tf68zjnT+2a8+p0/IARbJkale360zCA9JK7LdBzSZd6Z/+rXm5AQKa8/VyFcajNp:Tjjny2a8S0/1EaleYUKn2ZY2TmAQN0Vi
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4400-0-0x0000000000400000-0x00000000005B4000-memory.dmp vmprotect behavioral2/memory/4400-1-0x0000000000400000-0x00000000005B4000-memory.dmp vmprotect behavioral2/memory/4400-2-0x0000000000400000-0x00000000005B4000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5100 wrote to memory of 4400 5100 rundll32.exe 85 PID 5100 wrote to memory of 4400 5100 rundll32.exe 85 PID 5100 wrote to memory of 4400 5100 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fd0d050622e4454448c3200cedb5e8a9_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5100 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fd0d050622e4454448c3200cedb5e8a9_JaffaCakes118.dll,#12⤵PID:4400
-