Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
14-07-2024 17:36
Static task
static1
Behavioral task
behavioral1
Sample
46d5395d9c8e4bf51c117937799d0a34_JaffaCakes118.dll
Resource
win7-20240708-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
46d5395d9c8e4bf51c117937799d0a34_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
46d5395d9c8e4bf51c117937799d0a34_JaffaCakes118.dll
-
Size
330KB
-
MD5
46d5395d9c8e4bf51c117937799d0a34
-
SHA1
7170781183d62446d03b499d437b47d9d4c482de
-
SHA256
579f2b267a445063c1d902de0d87cda4446bf3b21dd0897663de37ea635b9b1f
-
SHA512
f580a6dc37dbdc1efb15ee9f8c741ec4044e25b9a9b22cb23c9c102ceff44e5b73f6ca43e4113e0e04c5049640c313e4bab5f977c84c93904d5379def5fdd05a
-
SSDEEP
3072:/Rq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j8eFu:Jq1sFAwgwmBv3wnIgG4oAYxvU54eu
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3640 wrote to memory of 4332 3640 rundll32.exe rundll32.exe PID 3640 wrote to memory of 4332 3640 rundll32.exe rundll32.exe PID 3640 wrote to memory of 4332 3640 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\46d5395d9c8e4bf51c117937799d0a34_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3640 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\46d5395d9c8e4bf51c117937799d0a34_JaffaCakes118.dll,#12⤵PID:4332