Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 21:12
Static task
static1
Behavioral task
behavioral1
Sample
366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll
-
Size
86KB
-
MD5
366685879fdd00a325ac95a67839a51e
-
SHA1
e93b4b37085ca724b868d4e56205ec6493de086f
-
SHA256
fbf597174381687395f83ad57a9ce1e0e7da2b1b6b2806b684ab3b08aa740fcf
-
SHA512
70dab15401e873352b9d95223594427bca9050f256087f8fb15032578e037fb1f446714f87f23c6ce4333c9fad7cbc70dae2239614dccfb705b5b0d715cceb55
-
SSDEEP
1536:bq+dX5z9lhsRbarmsapZyWK+0IStWJ+xruajIDUsL+JjiHq0VaO1FsPRFDmu+Tx:bbdRhsRwmsmB4tCailUsLHq0VaODQW
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
rundll32.exepid process 4068 rundll32.exe 4068 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3992 wrote to memory of 4068 3992 rundll32.exe rundll32.exe PID 3992 wrote to memory of 4068 3992 rundll32.exe rundll32.exe PID 3992 wrote to memory of 4068 3992 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3992 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:4068