Analysis
-
max time kernel
91s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13-07-2024 06:50
Static task
static1
Behavioral task
behavioral1
Sample
409e374ecc79c9fbf601b7234722a22c_JaffaCakes118.dll
Resource
win7-20240705-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
409e374ecc79c9fbf601b7234722a22c_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
409e374ecc79c9fbf601b7234722a22c_JaffaCakes118.dll
-
Size
330KB
-
MD5
409e374ecc79c9fbf601b7234722a22c
-
SHA1
722dffb53443691e18ed3f83e2ec4347f0cff67b
-
SHA256
4eba61131fa32cd76c4a1bcf2688439aa17180cdb2984e87684b4c139dbcb5cb
-
SHA512
40bef35d33b65ce9bbfba0dd0ca4b96b410354403e5e7c493cb193f4713ff27f756a87331779b066574e38ab59e8d96bf291352e8bc642d1606fafe6543e4945
-
SSDEEP
3072:0Rq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j8eFu:mq1sFAwgwmBv3wnIgG4oAYxvU54eu
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2512 wrote to memory of 116 2512 rundll32.exe rundll32.exe PID 2512 wrote to memory of 116 2512 rundll32.exe rundll32.exe PID 2512 wrote to memory of 116 2512 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\409e374ecc79c9fbf601b7234722a22c_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\409e374ecc79c9fbf601b7234722a22c_JaffaCakes118.dll,#12⤵PID:116