Analysis
-
max time kernel
95s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 08:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
33edccca90f927300d0b75b0cdab45ed_JaffaCakes118.dll
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
33edccca90f927300d0b75b0cdab45ed_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
33edccca90f927300d0b75b0cdab45ed_JaffaCakes118.dll
-
Size
103KB
-
MD5
33edccca90f927300d0b75b0cdab45ed
-
SHA1
bb4bfbe2d9331c279324074fbc4fa7c4ce735c59
-
SHA256
92b7b6d98b8ecb7f5195fc3d4737ee48cc34ffb31fcbb19f52116ae68ee6ac17
-
SHA512
847ee3d5d84370c9e8f131becc6f5e6f65dc6ceb096fdfb189e305a2d295549f7060dafe61e735d5e6b5705152c7c3a5520a4b30ebb76e5a24524f204131f2a0
-
SSDEEP
1536:rPjXQ3xawGfOcnJxn89Iz4BjucXrK4pZ5:7jmIwFWJx8K0BvpZ5
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3568 2836 WerFault.exe 82 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5040 wrote to memory of 2836 5040 rundll32.exe 82 PID 5040 wrote to memory of 2836 5040 rundll32.exe 82 PID 5040 wrote to memory of 2836 5040 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\33edccca90f927300d0b75b0cdab45ed_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\33edccca90f927300d0b75b0cdab45ed_JaffaCakes118.dll,#12⤵PID:2836
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 5603⤵
- Program crash
PID:3568
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2836 -ip 28361⤵PID:2936