Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12-07-2024 19:19
Static task
static1
Behavioral task
behavioral1
Sample
3e8ff013512a5fa3a5a317aff34eae93_JaffaCakes118.dll
Resource
win7-20240708-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
3e8ff013512a5fa3a5a317aff34eae93_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
3e8ff013512a5fa3a5a317aff34eae93_JaffaCakes118.dll
-
Size
330KB
-
MD5
3e8ff013512a5fa3a5a317aff34eae93
-
SHA1
6388b394d59a779bf70abd8beef3c80ee16f153b
-
SHA256
6f895ba045e42758fcc91a85220b43ed1e56d67ed6e68a2121039169cb852f87
-
SHA512
25400d79949625b666c46dc90ab842dfaf499411cb485e8cb989265c1a02eeb5874b9d7a5d5a13bf8853295cfe7e1d7abbad230ae3863662c2d274d4bf882e53
-
SSDEEP
3072:tRq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j81qc:nq1sFAwgwmBv3wnIgG4oAYxvU54gc
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3108 wrote to memory of 4808 3108 rundll32.exe rundll32.exe PID 3108 wrote to memory of 4808 3108 rundll32.exe rundll32.exe PID 3108 wrote to memory of 4808 3108 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e8ff013512a5fa3a5a317aff34eae93_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3108 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e8ff013512a5fa3a5a317aff34eae93_JaffaCakes118.dll,#12⤵PID:4808