Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 07:56
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9106b91a55a104134979dc03b5602a6e_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
9106b91a55a104134979dc03b5602a6e_JaffaCakes118.dll
-
Size
63KB
-
MD5
9106b91a55a104134979dc03b5602a6e
-
SHA1
f9f6c9e9c289451f9a58bf1349c6b82abb105e9e
-
SHA256
1191da6af7d142a7773a1af615e176049c94bcc7e8218da7397e193e3c7130ac
-
SHA512
b25cd405a5a2d5c611731122c289b4ad86c2a78606934ebb16d45f3a7cf5fe0ee080c6e222db2d0fbd7b6f966695534a9686d99b5c8639fc8fdc96b43f21fd53
-
SSDEEP
1536:KA+6Sh1b/KGTVJigakY+F7q3z5q2oKFKtBQoqOra65kOAQY:KAoh1b/j5Qkhq3zDoKgI0lUQY
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2612 2212 rundll32.exe 82 PID 2212 wrote to memory of 2612 2212 rundll32.exe 82 PID 2212 wrote to memory of 2612 2212 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9106b91a55a104134979dc03b5602a6e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9106b91a55a104134979dc03b5602a6e_JaffaCakes118.dll,#12⤵PID:2612
-