Analysis
-
max time kernel
94s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
05/07/2024, 11:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
26e126a3bbb030169c9df566510a0144_JaffaCakes118.dll
Resource
win7-20240705-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
26e126a3bbb030169c9df566510a0144_JaffaCakes118.dll
Resource
win10v2004-20240704-en
2 signatures
150 seconds
General
-
Target
26e126a3bbb030169c9df566510a0144_JaffaCakes118.dll
-
Size
23KB
-
MD5
26e126a3bbb030169c9df566510a0144
-
SHA1
0ef90b340fcce51bfc29cd356f3dfacf98e259bf
-
SHA256
3794049172a474ac21ac7a74d19403d8d2e45074d248a8539fb5a626d3e0050e
-
SHA512
f81f88643d884a5b40e2a0479ef127574f59c887956357b1128580f7b6f9ce2c2f35b624f077f0d42e7bea644cdd3f55bce0e4b9beeac12a38d849540ada36ba
-
SSDEEP
384:d3jsZpyIVClxC8jpHZEc8hcanshP2mZ9d6GiZXPlWZi1PWSBV5EphNxpG:d3gZ8PK8kc8htmwGiHbPR8pP
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2868 3308 WerFault.exe 80 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3928 wrote to memory of 3308 3928 rundll32.exe 80 PID 3928 wrote to memory of 3308 3928 rundll32.exe 80 PID 3928 wrote to memory of 3308 3928 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\26e126a3bbb030169c9df566510a0144_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3928 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\26e126a3bbb030169c9df566510a0144_JaffaCakes118.dll,#12⤵PID:3308
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 5683⤵
- Program crash
PID:2868
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3308 -ip 33081⤵PID:4424