Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
09-07-2024 21:59
Static task
static1
Behavioral task
behavioral1
Sample
3221f8c881bb67428e6e8e5f557a797a_JaffaCakes118.dll
Resource
win7-20240708-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
3221f8c881bb67428e6e8e5f557a797a_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
3221f8c881bb67428e6e8e5f557a797a_JaffaCakes118.dll
-
Size
346KB
-
MD5
3221f8c881bb67428e6e8e5f557a797a
-
SHA1
515933f0234a803eb776218425ec155556606f72
-
SHA256
3880ea2e00ecbddfd0377047d5e538b3aa7db05c64b10c817580956909b15372
-
SHA512
458fc680d05f39e8e777425a867f035ae4cc877281e91718a2ddf3041b1d8af89f467f982f2cdadb617ab94bf3e50741edf7ace8a7a1666520ae9e74b9d3404f
-
SSDEEP
3072:S82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:Z2L7HN7Kl/jLA90QECrYRpj
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4756 wrote to memory of 2800 4756 rundll32.exe rundll32.exe PID 4756 wrote to memory of 2800 4756 rundll32.exe rundll32.exe PID 4756 wrote to memory of 2800 4756 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3221f8c881bb67428e6e8e5f557a797a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4756 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3221f8c881bb67428e6e8e5f557a797a_JaffaCakes118.dll,#12⤵PID:2800