Analysis
-
max time kernel
95s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 00:26
Static task
static1
Behavioral task
behavioral1
Sample
329950ac8a276fa0008681a34d4422df_JaffaCakes118.dll
Resource
win7-20240705-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
329950ac8a276fa0008681a34d4422df_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
329950ac8a276fa0008681a34d4422df_JaffaCakes118.dll
-
Size
346KB
-
MD5
329950ac8a276fa0008681a34d4422df
-
SHA1
9b7a8bbfac15876628d1961ffd1809d16055612d
-
SHA256
77f5c75f36f75ff3e6d15da0a6a97b9b481023c67bbaa3d92f1497fde74cf2a6
-
SHA512
6ed1970177d362ca5aa78c634674ada0479316df87237019d8755f3ad3042a353f640464e72ef17eb4a6228690c70aea2d64fe752cde566d414a81325a57f712
-
SSDEEP
3072:X82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:s2L7HN7Kl/jLA90QECrYRpj
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1324 wrote to memory of 636 1324 rundll32.exe rundll32.exe PID 1324 wrote to memory of 636 1324 rundll32.exe rundll32.exe PID 1324 wrote to memory of 636 1324 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\329950ac8a276fa0008681a34d4422df_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1324 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\329950ac8a276fa0008681a34d4422df_JaffaCakes118.dll,#12⤵PID:636