Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 10:02
Behavioral task
behavioral1
Sample
119bacfe95f0feb922e5d94127b285d1_JaffaCakes118.dll
Resource
win7-20240611-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
119bacfe95f0feb922e5d94127b285d1_JaffaCakes118.dll
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
119bacfe95f0feb922e5d94127b285d1_JaffaCakes118.dll
-
Size
456KB
-
MD5
119bacfe95f0feb922e5d94127b285d1
-
SHA1
bcfe88ad805f085904d8e159a881180836977d8c
-
SHA256
92761fa10b905bd5dbd9d8e25f5de5c1288a2c6ebbd1c7347d36aae7f31342d8
-
SHA512
21c6969994d75e79d42fdfe3e27f5d7ce7daf8b23c932447ebecd2a5f67c9bd1593aa7942643a781480a51323c182830c1bca9946ee9e99f9bd41a2d5be1cbf2
-
SSDEEP
6144:8CMTahs6zHBFBjJxCaaMwswSAg/D8hyUd/c1X/UH+RJEfvVS1c/v0tZGzYNa2s1h:nBs6jBFBdaMw8AgUd4vLMEcEPGWH
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4608-0-0x0000000010000000-0x00000000100DE000-memory.dmp vmprotect behavioral2/memory/4608-1-0x0000000010000000-0x00000000100DE000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4228 wrote to memory of 4608 4228 rundll32.exe 81 PID 4228 wrote to memory of 4608 4228 rundll32.exe 81 PID 4228 wrote to memory of 4608 4228 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\119bacfe95f0feb922e5d94127b285d1_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\119bacfe95f0feb922e5d94127b285d1_JaffaCakes118.dll,#12⤵PID:4608
-