Analysis
-
max time kernel
91s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09-07-2024 13:10
Static task
static1
Behavioral task
behavioral1
Sample
308233a1480b80de71327d951f35e9f7_JaffaCakes118.dll
Resource
win7-20240704-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
308233a1480b80de71327d951f35e9f7_JaffaCakes118.dll
Resource
win10v2004-20240704-en
1 signatures
150 seconds
General
-
Target
308233a1480b80de71327d951f35e9f7_JaffaCakes118.dll
-
Size
346KB
-
MD5
308233a1480b80de71327d951f35e9f7
-
SHA1
8bdb9110f18965ee26885574e560cd886374aefa
-
SHA256
91a7bb9c46c07ed46df0ff3f8b54171cf603a7526013523f6fbd7328c4e29a19
-
SHA512
bfe94a08ae5db2b57e108ba4afd720b6b2a3a63cb03da8851a34c891b4c828c65cd4e19c733b73fef6da2a2c2ae3aac7e55cb35a6042bf868bcc01aa056e8db3
-
SSDEEP
3072:X82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:s2L7HN7Kl/jLA90QECrYRpj
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2448 wrote to memory of 3788 2448 rundll32.exe rundll32.exe PID 2448 wrote to memory of 3788 2448 rundll32.exe rundll32.exe PID 2448 wrote to memory of 3788 2448 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\308233a1480b80de71327d951f35e9f7_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\308233a1480b80de71327d951f35e9f7_JaffaCakes118.dll,#12⤵PID:3788