Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13-07-2024 17:56
Static task
static1
Behavioral task
behavioral1
Sample
42bd4d8e7ad5733a90c565a59542a055_JaffaCakes118.dll
Resource
win7-20240708-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
42bd4d8e7ad5733a90c565a59542a055_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
42bd4d8e7ad5733a90c565a59542a055_JaffaCakes118.dll
-
Size
330KB
-
MD5
42bd4d8e7ad5733a90c565a59542a055
-
SHA1
de69bec51221d85c3b94f2c7de987d605f27a3b4
-
SHA256
381217b4633c3d0de04c00b27563147140de057c72fb772a7371a03dcf235467
-
SHA512
090709414e7674158ab7ae6a99162464db72f250a595cda7b9cfa083908e40d90ffefad0196ae4084822ab678e9007539485952521b1d8e4d030bdc180192dea
-
SSDEEP
3072:URq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j81qc:Gq1sFAwgwmBv3wnIgG4oAYxvU54gc
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2900 wrote to memory of 2620 2900 rundll32.exe rundll32.exe PID 2900 wrote to memory of 2620 2900 rundll32.exe rundll32.exe PID 2900 wrote to memory of 2620 2900 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\42bd4d8e7ad5733a90c565a59542a055_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\42bd4d8e7ad5733a90c565a59542a055_JaffaCakes118.dll,#12⤵PID:2620