Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2024, 08:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
40dbcc266cf437bf1fc4657db19731f2_JaffaCakes118.dll
Resource
win7-20240705-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
40dbcc266cf437bf1fc4657db19731f2_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
40dbcc266cf437bf1fc4657db19731f2_JaffaCakes118.dll
-
Size
40KB
-
MD5
40dbcc266cf437bf1fc4657db19731f2
-
SHA1
5e96c5967c00ca7408323533312d89497cecbcfe
-
SHA256
a4e4c27c2e4802e31467ab8daf1185b1a1b03443b720e6dbcb1fb6478ce811bc
-
SHA512
a1e27291f610398fae254990913efb484da9693194e8fa5371489c9d46e5b1c714179e15d2ad30e7d87901d53223ae8a004659198bf13e5f353d7eaa4e1fca1f
-
SSDEEP
768:UKtDKhZtv3gq4Bbe0fuc/KRMuGHTlo04zTxRrQeSTfkQTTDA93:jtDITAbeKC6uGxoLbSTfkQTTD23
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3428 wrote to memory of 3272 3428 rundll32.exe 83 PID 3428 wrote to memory of 3272 3428 rundll32.exe 83 PID 3428 wrote to memory of 3272 3428 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40dbcc266cf437bf1fc4657db19731f2_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3428 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40dbcc266cf437bf1fc4657db19731f2_JaffaCakes118.dll,#12⤵PID:3272
-