Analysis
-
max time kernel
51s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/06/2024, 13:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0e4ba3f4cced29663dd83692c8754472_JaffaCakes118.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0e4ba3f4cced29663dd83692c8754472_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
0e4ba3f4cced29663dd83692c8754472_JaffaCakes118.dll
-
Size
28KB
-
MD5
0e4ba3f4cced29663dd83692c8754472
-
SHA1
fb108b9440013ca0487906cf2cc4275f9fb7efcc
-
SHA256
5ac39685332aef454f25719ba3e3d5e4d2fb31ad2fa6e5a753089831f133fcbc
-
SHA512
49fbb714e27921c314906af91ce819acfeeda2d5e74f65e8bfca4d2d13b00a30d35ce94bfb87580309180bc354e65dcc4e79094adf356d9654ed86dd94a3eb7f
-
SSDEEP
384:OA42VFnTRCUX8KgOP/ImlHoybL3goIo99xJ:7JFnT4UsKg6/sC3JIo99x
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4568 wrote to memory of 4480 4568 rundll32.exe 81 PID 4568 wrote to memory of 4480 4568 rundll32.exe 81 PID 4568 wrote to memory of 4480 4568 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0e4ba3f4cced29663dd83692c8754472_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4568 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0e4ba3f4cced29663dd83692c8754472_JaffaCakes118.dll,#12⤵PID:4480
-