Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09-07-2024 08:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2f9dd880d2971c3c70a510f3cdd94b7c_JaffaCakes118.dll
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2f9dd880d2971c3c70a510f3cdd94b7c_JaffaCakes118.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2f9dd880d2971c3c70a510f3cdd94b7c_JaffaCakes118.dll
-
Size
588KB
-
MD5
2f9dd880d2971c3c70a510f3cdd94b7c
-
SHA1
a2820027529fb0ac43251da33e0fd7bc975945bc
-
SHA256
698b72336169db3151308e2860c1335d6bb39d1dc80b8a79502357a61724daec
-
SHA512
bb0d0e88943864f79ed0c6ebf9ce8b99c50f872cfb06585da0d0160819233033794faa3b375170f04cdae8c8196e265fe9c99775288cac81d4b47a8b0333e259
-
SSDEEP
12288:h5CMcrKjHG7CS6+Wv6gsF6RsJDkxjIq7nCQVckcDrFAGTAcl4+AFYOvAVT2b8:h5C1iHG7CS6+Wv6gyXJaZP2zhHTAP+AA
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4316 wrote to memory of 4856 4316 rundll32.exe 82 PID 4316 wrote to memory of 4856 4316 rundll32.exe 82 PID 4316 wrote to memory of 4856 4316 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2f9dd880d2971c3c70a510f3cdd94b7c_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4316 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2f9dd880d2971c3c70a510f3cdd94b7c_JaffaCakes118.dll,#12⤵PID:4856
-