Analysis
-
max time kernel
51s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 22:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
00e0f83a1abdd825494f3f8225435d90_JaffaCakes118.dll
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
00e0f83a1abdd825494f3f8225435d90_JaffaCakes118.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
00e0f83a1abdd825494f3f8225435d90_JaffaCakes118.dll
-
Size
92KB
-
MD5
00e0f83a1abdd825494f3f8225435d90
-
SHA1
f6c59fd6936f554703116897b2249588f97ba82d
-
SHA256
84e814e037ce9330141f22f32e3fe19e58aa3426b8e448df1cfe3cda8e5f616d
-
SHA512
f65e168ddcbe9b5d5603a56a56fb7f758d48945bc7334b163d86e20d8520d92220d95e243222afac05b7105b5fcd54efe37231a05d476b2f264c088fb7f05471
-
SSDEEP
1536:+ID7mEVe+fsZr0ItmnKXH99P5ju7/a9Z9OF2:JD6+C0IkKTPFuDa9ZI4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2308 2024 WerFault.exe 81 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4760 wrote to memory of 2024 4760 rundll32.exe 81 PID 4760 wrote to memory of 2024 4760 rundll32.exe 81 PID 4760 wrote to memory of 2024 4760 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\00e0f83a1abdd825494f3f8225435d90_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4760 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\00e0f83a1abdd825494f3f8225435d90_JaffaCakes118.dll,#12⤵PID:2024
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 6683⤵
- Program crash
PID:2308
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2024 -ip 20241⤵PID:4764