Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-06-2024 23:29
Behavioral task
behavioral1
Sample
0462367956b8e02440756eb75cf2efaa_JaffaCakes118.dll
Resource
win7-20240419-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0462367956b8e02440756eb75cf2efaa_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
0462367956b8e02440756eb75cf2efaa_JaffaCakes118.dll
-
Size
413KB
-
MD5
0462367956b8e02440756eb75cf2efaa
-
SHA1
17c661e0efd87dce7b79bcb409c6dd5abfa480db
-
SHA256
5b0d868f00be42c029d3b62406cece8c3a1b4f032e68bbbc51d4009ce07948a5
-
SHA512
68b3f746f3f407c070fa2c8858bb86e64468f5cd62140de2cd35b5db50736fe2147afdc263ef3e2b3554065dacfc3ccc4f97f97eaed18fe3e34ae9f56eed255f
-
SSDEEP
6144:n+ZIyvbAXj7UT5cI4c8bKCW3e0dZfFgCZTdsmnEliQDWf19nX5:ni30T7Kaj81dTdxGmnOhDInX5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 380 wrote to memory of 3116 380 rundll32.exe 82 PID 380 wrote to memory of 3116 380 rundll32.exe 82 PID 380 wrote to memory of 3116 380 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0462367956b8e02440756eb75cf2efaa_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0462367956b8e02440756eb75cf2efaa_JaffaCakes118.dll,#12⤵PID:3116
-