Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
912e99f4512b510e783e3bf51d090b81_JaffaCakes118.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
912e99f4512b510e783e3bf51d090b81_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
912e99f4512b510e783e3bf51d090b81_JaffaCakes118.dll
-
Size
140KB
-
MD5
912e99f4512b510e783e3bf51d090b81
-
SHA1
a70220f4e72507cd677690ebe6ef94c4dd4763f6
-
SHA256
0706a4c76f3b54271107acefaeafad7ea012068e3a511f0da39ddefc782e2952
-
SHA512
997377cdaaa1ce503b6f5270752be7435256e1587de41e3ef63220031918ccd58ee247e64f76cf670f210b9265ca33a2fdcdaba32964f9b27bbfc0e6fc588f88
-
SSDEEP
3072:JiUIYFTCW6sKFEojGylYCE2Iu2jGLF5A9bE8LUeTcjP:29JsqtGgYCE2L1F5A9bEGUew
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5104 wrote to memory of 820 5104 rundll32.exe 82 PID 5104 wrote to memory of 820 5104 rundll32.exe 82 PID 5104 wrote to memory of 820 5104 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\912e99f4512b510e783e3bf51d090b81_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\912e99f4512b510e783e3bf51d090b81_JaffaCakes118.dll,#12⤵PID:820
-