Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 16:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a1589fbd2617c38701e3afe1635d0b98_JaffaCakes118.dll
Resource
win7-20240611-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a1589fbd2617c38701e3afe1635d0b98_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
a1589fbd2617c38701e3afe1635d0b98_JaffaCakes118.dll
-
Size
89KB
-
MD5
a1589fbd2617c38701e3afe1635d0b98
-
SHA1
e2b8da1f33a7d06f43dfcf8b96ae3b3531df0dff
-
SHA256
e82daaac4ba36352cb35f1f9edb014fd1ec9a628c8f3d89b463082d1b7b588bb
-
SHA512
a882c312fe5c2aba396a93236bf80269f0ce1790ed84944887ee500935a134459fc8d77dfc04a49a869dcb70d7dacbd1b7d6777053386681992832ec78d5249f
-
SSDEEP
1536:SQgosHrp6cO16XbM9+JbtkqHj7wudeak2FSb5K3KaUQas:ngrH4qXYUJbtBQuR5Fe5PaUK
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4688 wrote to memory of 4744 4688 rundll32.exe 83 PID 4688 wrote to memory of 4744 4688 rundll32.exe 83 PID 4688 wrote to memory of 4744 4688 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1589fbd2617c38701e3afe1635d0b98_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4688 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1589fbd2617c38701e3afe1635d0b98_JaffaCakes118.dll,#12⤵PID:4744
-