Analysis
-
max time kernel
94s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 03:48
Static task
static1
Behavioral task
behavioral1
Sample
3330492de12d1cdfa4e55b1227a34813_JaffaCakes118.dll
Resource
win7-20240705-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
3330492de12d1cdfa4e55b1227a34813_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
3330492de12d1cdfa4e55b1227a34813_JaffaCakes118.dll
-
Size
346KB
-
MD5
3330492de12d1cdfa4e55b1227a34813
-
SHA1
6a76df01c06d00068e832bea28ecbf5bcea37e9c
-
SHA256
31fbea2e1f8fbb1a6611eb70ae026f0bc7e3828a1e719bb3ed015e56ff508bfb
-
SHA512
0f6e50c63761593aa41f972cf73d3440874e6ae24b6b7d56f8c29ce9387866b0ee2105b256971cc7c23ebc8e9bb1c52fd5666dbd394e339782e14e9ff87294b5
-
SSDEEP
3072:382jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:M2L7HN7Kl/jLA90QECrYRpj
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4960 wrote to memory of 3032 4960 rundll32.exe rundll32.exe PID 4960 wrote to memory of 3032 4960 rundll32.exe rundll32.exe PID 4960 wrote to memory of 3032 4960 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3330492de12d1cdfa4e55b1227a34813_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4960 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3330492de12d1cdfa4e55b1227a34813_JaffaCakes118.dll,#12⤵PID:3032