Analysis
-
max time kernel
95s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 02:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll
Resource
win7-20240705-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll
Resource
win10v2004-20240704-en
1 signatures
150 seconds
General
-
Target
2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll
-
Size
78KB
-
MD5
2ea5f29707700ac723e253f8309efa19
-
SHA1
b7f1c03688e980324052136221c847f3b11a89eb
-
SHA256
ce4f4e46994b2771e947be047b989433f9428299ac508d3a960db1b92a395961
-
SHA512
beaa8d4959e425ff42cb35b943eeb7ebc1218e81fe7391ce476fb28b94b711de2bf87ce1cf500517fbc6e043275797dbd44b4efa343410fa7a6fd09e6e4986da
-
SSDEEP
1536:oIKi2LjukMhQFk5mUgL3qcvfAKw1K0y3kVFPP4ZetS5mZEY:wLw6FLdAx008kT6glZEY
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1664 wrote to memory of 4800 1664 rundll32.exe 81 PID 1664 wrote to memory of 4800 1664 rundll32.exe 81 PID 1664 wrote to memory of 4800 1664 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1664 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll,#12⤵PID:4800
-