Analysis
-
max time kernel
128s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05-05-2024 00:20
Behavioral task
behavioral1
Sample
152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll
-
Size
2.4MB
-
MD5
152294cc4a2b5c86ad99fd1f9263ecb2
-
SHA1
a5a39532c7d155bf3e74429c1a5016c7576c34f5
-
SHA256
fe9369606665edde73e2bb27fb2120f0fcc7de5406da3cfcc4b195df54bf4620
-
SHA512
591bc2b4acdc10f9561ae1e78a20df40a808985d950ae6c30f604757ad70974dadaa6d1e3e24a2ba02dfe41d1f878de783c5974d2de8e67faad817fe306dc7dd
-
SSDEEP
49152:vig6MHCT4Cgzcubg5kYLSzPHpES1fV2c61xqh0NBdenH1:P6Mv70kYLYHpESOT1xqCdeV
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4284 wrote to memory of 2544 4284 rundll32.exe rundll32.exe PID 4284 wrote to memory of 2544 4284 rundll32.exe rundll32.exe PID 4284 wrote to memory of 2544 4284 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4284 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll,#12⤵PID:2544