Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
09-07-2024 20:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
31d4683b3da5645a1a1b3d07d99bc0a4_JaffaCakes118.dll
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
31d4683b3da5645a1a1b3d07d99bc0a4_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
31d4683b3da5645a1a1b3d07d99bc0a4_JaffaCakes118.dll
-
Size
3.0MB
-
MD5
31d4683b3da5645a1a1b3d07d99bc0a4
-
SHA1
042f806d5a31644bc8453c0e5c977961fafdce1c
-
SHA256
8c37176f136cf83f3d8cfce81537f141431e436a5b7f0b73d88c04ffabad148e
-
SHA512
7c75cc7f84c8222371883a5bdfc0c15126e407f57308b3464fea91fed8e583d60d5d2956c5d135e500eb47fb56693e2f475ebf41c00f038047c18e3b2df9f09f
-
SSDEEP
49152:wBLYMwj0fChh4SfVvD4mSAy27uMTCwvCHOa/98:wBsjEMdy27uPwvC
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4852 wrote to memory of 4372 4852 rundll32.exe 82 PID 4852 wrote to memory of 4372 4852 rundll32.exe 82 PID 4852 wrote to memory of 4372 4852 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\31d4683b3da5645a1a1b3d07d99bc0a4_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4852 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\31d4683b3da5645a1a1b3d07d99bc0a4_JaffaCakes118.dll,#12⤵PID:4372
-