Analysis
-
max time kernel
140s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06/07/2024, 09:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
280adb04b227f0411a4f2f312cab2cab_JaffaCakes118.dll
Resource
win7-20240221-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
280adb04b227f0411a4f2f312cab2cab_JaffaCakes118.dll
Resource
win10v2004-20240704-en
1 signatures
150 seconds
General
-
Target
280adb04b227f0411a4f2f312cab2cab_JaffaCakes118.dll
-
Size
156KB
-
MD5
280adb04b227f0411a4f2f312cab2cab
-
SHA1
7f9f5da929cf205592b5bf3fcbc824d1a92a157f
-
SHA256
8dd82c43ba97cc560443015719be8d04ae5ae5b0b37a6d8a19c12010400f9391
-
SHA512
55a77315c1d3c2decb8e469d37f975c42cc49c028f714b3d80d4bd33a9c1e3b0fe0d2052620b059f6063963ed4224d00829003bed51fd6484bbdb8cd8382b8d5
-
SSDEEP
3072:BXjJOslnKFFE8U5s8t6REfTKOXpjnMOUBuyNEzPjJQMh6Owb+77:VJOwj858tFTKO4OUBgJlmba
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3744 wrote to memory of 4600 3744 rundll32.exe 82 PID 3744 wrote to memory of 4600 3744 rundll32.exe 82 PID 3744 wrote to memory of 4600 3744 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\280adb04b227f0411a4f2f312cab2cab_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3744 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\280adb04b227f0411a4f2f312cab2cab_JaffaCakes118.dll,#12⤵PID:4600
-