Analysis
-
max time kernel
133s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 21:51
Static task
static1
Behavioral task
behavioral1
Sample
68c13161f04fb586fc8778b70d003e1e_JaffaCakes118.dll
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
68c13161f04fb586fc8778b70d003e1e_JaffaCakes118.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
68c13161f04fb586fc8778b70d003e1e_JaffaCakes118.dll
-
Size
142KB
-
MD5
68c13161f04fb586fc8778b70d003e1e
-
SHA1
fa018cdcc8b7329b61b6a0c28e9e1109d25e20ba
-
SHA256
0cd48f2289fdbb1cf24e61e9bd258452bcc46806965b1e51f6d69a31ef60777a
-
SHA512
b27999efe3854f2c858d7df11560ef8fa0528ddff1917f1a7c81972dacf2f20ff0e5aa8ecb99f6a1faf5cb3f80245a0735dfb986c50854078dd6447ac66a91f6
-
SSDEEP
3072:5tQul439NZiYd88+HS7SPlSUmoB7pInBGhBt:5tQul+NZiY97SPlT1iGZ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3160 wrote to memory of 3560 3160 rundll32.exe rundll32.exe PID 3160 wrote to memory of 3560 3160 rundll32.exe rundll32.exe PID 3160 wrote to memory of 3560 3160 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\68c13161f04fb586fc8778b70d003e1e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\68c13161f04fb586fc8778b70d003e1e_JaffaCakes118.dll,#12⤵