Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 07:36
Static task
static1
Behavioral task
behavioral1
Sample
33d146480a4f0b26231e689e9ad2129c_JaffaCakes118.dll
Resource
win7-20240704-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
33d146480a4f0b26231e689e9ad2129c_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
33d146480a4f0b26231e689e9ad2129c_JaffaCakes118.dll
-
Size
346KB
-
MD5
33d146480a4f0b26231e689e9ad2129c
-
SHA1
7f79316995ceaee476f04b7d4f37fbcaee9f5f9b
-
SHA256
9308779abbbe8008f6b0ca754e46f814f6e422247200ba9ffc0b9844f347b7c3
-
SHA512
cef21c1b784283b556ffc0f9a28cfc95a3c795e596dad512af7f6befa1b573d799a6dfab4179c9f10e172853d8703aaa828cb59c2f49436a039e9ae62943507b
-
SSDEEP
3072:E82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:/2L7HN7Kl/jLA90QECrYRpj
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3832 wrote to memory of 4996 3832 rundll32.exe rundll32.exe PID 3832 wrote to memory of 4996 3832 rundll32.exe rundll32.exe PID 3832 wrote to memory of 4996 3832 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\33d146480a4f0b26231e689e9ad2129c_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\33d146480a4f0b26231e689e9ad2129c_JaffaCakes118.dll,#12⤵PID:4996