Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
19-05-2024 05:12
Behavioral task
behavioral1
Sample
58b71252bf2d489141518620d297be2a_JaffaCakes118.dll
Resource
win7-20240215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
58b71252bf2d489141518620d297be2a_JaffaCakes118.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
58b71252bf2d489141518620d297be2a_JaffaCakes118.dll
-
Size
378KB
-
MD5
58b71252bf2d489141518620d297be2a
-
SHA1
a7f554a1b9fba7880ba80f3138a2e31aab899263
-
SHA256
16b90a2a33eb0ee77808dc95ba87fc08f8b76ca4c4cbfdfc2ec65121f0b2c654
-
SHA512
90ef7413a3158d1ea2a150cd333d234c8b247c7d1698950a62f1d4df89342d953a679bd30172119bab7e8b9c8f5ea8c521c8dc7c22dc46d6741465e504f76c4b
-
SSDEEP
6144:KojzIWmeMy+048lqjO4vGTCraVmZgmfLaafxChizK6VWxtoloBj5rbx:KojsWKy+KlqC4+WrumfXfxxvVJ6Bj5r1
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4960 wrote to memory of 3412 4960 rundll32.exe rundll32.exe PID 4960 wrote to memory of 3412 4960 rundll32.exe rundll32.exe PID 4960 wrote to memory of 3412 4960 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\58b71252bf2d489141518620d297be2a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\58b71252bf2d489141518620d297be2a_JaffaCakes118.dll,#12⤵