Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 21:10
Behavioral task
behavioral1
Sample
366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll
-
Size
91KB
-
MD5
366508fbcaec3b8604a34bfe350b348c
-
SHA1
2d0ea3bac134b8dd81b72e923f42919278929d9b
-
SHA256
3b431a0e63f9edb5edb6e0d419b309487833bbcff467c8a075d90702d3884ec7
-
SHA512
1600056b17265a4b412526cfb36b55c426532cc17334ae25fc7482987dfccfc0ee7df35c3b85a23826fa7875d581605d60de681e30b8765145e5267bd32ac1fe
-
SSDEEP
1536:jpSyrn1CZZV1ErUuXippOn/gtbzMaofbuPgpjIti9wVaPQvC6X91eL:gyLSzErUuy6n/W6lpjIE9w0E1+
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/2960-0-0x0000000010000000-0x000000001000E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3860 wrote to memory of 2960 3860 rundll32.exe rundll32.exe PID 3860 wrote to memory of 2960 3860 rundll32.exe rundll32.exe PID 3860 wrote to memory of 2960 3860 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3860 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\366508fbcaec3b8604a34bfe350b348c_JaffaCakes118.dll,#12⤵PID:2960