Analysis
-
max time kernel
92s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01-06-2024 17:34
Behavioral task
behavioral1
Sample
8b3657f398adeaf405f74dded8e32ae7_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8b3657f398adeaf405f74dded8e32ae7_JaffaCakes118.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
8b3657f398adeaf405f74dded8e32ae7_JaffaCakes118.dll
-
Size
1.0MB
-
MD5
8b3657f398adeaf405f74dded8e32ae7
-
SHA1
dd32a8b5d15d834a710cbe4fbebc1d764cf3f6a7
-
SHA256
162fc2000d30562028b940b07e030df3870d00d8c84360321b3d19572e689df7
-
SHA512
80082e3ed8de68fd72244ba17c4da68e52cdceaee6838d17de0777d69d93a66904603f6bd579d506668420285438fb5110dbef64023ef6e4f22fd280d7fee3da
-
SSDEEP
24576:fIpTbxAeXaG8/ZkSpjSDtCadGQrV1cC2gVRz3TAsSH3Jav1+:fwCcaGOZdMD4UGMCdez3ZSAg
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1096 wrote to memory of 1460 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1460 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1460 1096 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8b3657f398adeaf405f74dded8e32ae7_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8b3657f398adeaf405f74dded8e32ae7_JaffaCakes118.dll,#12⤵PID:1460