Analysis
-
max time kernel
93s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 20:16
Behavioral task
behavioral1
Sample
60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll
-
Size
202KB
-
MD5
60fd32d8c60ba3b9be0af61a83ac8c42
-
SHA1
e3046df847f1f5dc933077045875b9118d7b0719
-
SHA256
0d04607bfaf064061f5f10fb4c7335ee79d773a7eee879eee6fde48f0a37faf8
-
SHA512
2ab0136c8403e0bbdde961305b8e563c194936bd1aff81ed8ba624d1583339133c86c371db34eed514495dd68deae047815e1050b95ca150e37c3d07ee6af7e3
-
SSDEEP
3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15E:PjdFKdoSxvixTxUA
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4156 1384 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2644 wrote to memory of 1384 2644 rundll32.exe rundll32.exe PID 2644 wrote to memory of 1384 2644 rundll32.exe rundll32.exe PID 2644 wrote to memory of 1384 2644 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 6803⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1384 -ip 13841⤵