Analysis
-
max time kernel
95s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 00:55
Static task
static1
Behavioral task
behavioral1
Sample
32af4db8c4df66fcbf4f587be33c4bbb_JaffaCakes118.dll
Resource
win7-20240708-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
32af4db8c4df66fcbf4f587be33c4bbb_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
32af4db8c4df66fcbf4f587be33c4bbb_JaffaCakes118.dll
-
Size
346KB
-
MD5
32af4db8c4df66fcbf4f587be33c4bbb
-
SHA1
f23f2c79af6296091d807ed82a4f4a48b7653c4e
-
SHA256
b4cf2d352e37150afeb6b2e8aade964144a1689776b54e114590eaefce62ab5e
-
SHA512
12979ba5665b7b4a8f76fdc871735ec28d35afefec6c38b5dffe3e24ff47f9208bbe1f79090ab01d659dab3ee9b939672d41fde5bca6a765689b541d2400681b
-
SSDEEP
3072:T82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:w2L7HN7Kl/jLA90QECrYRpj
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1348 wrote to memory of 3816 1348 rundll32.exe rundll32.exe PID 1348 wrote to memory of 3816 1348 rundll32.exe rundll32.exe PID 1348 wrote to memory of 3816 1348 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32af4db8c4df66fcbf4f587be33c4bbb_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1348 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32af4db8c4df66fcbf4f587be33c4bbb_JaffaCakes118.dll,#12⤵PID:3816