Analysis
-
max time kernel
94s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15-07-2024 12:20
Static task
static1
Behavioral task
behavioral1
Sample
49c0e21df2a7132976c7b07514453155_JaffaCakes118.dll
Resource
win7-20240705-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
49c0e21df2a7132976c7b07514453155_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
49c0e21df2a7132976c7b07514453155_JaffaCakes118.dll
-
Size
330KB
-
MD5
49c0e21df2a7132976c7b07514453155
-
SHA1
8b5793b801555cdd2d991a4ac011268dc5f2ce69
-
SHA256
1a255eda08b973ae1568f7051168991d8e1f6b56532837694b214656155b0841
-
SHA512
3c583e7331e7e37cd642b572492b499f493e8d2d8646cc2a83459d436bbd891fe4f8121ae791e705eda0bd8f2ef02992fd8df6a2858be219592b4b663592fa7c
-
SSDEEP
3072:3Rq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j8eFu:hq1sFAwgwmBv3wnIgG4oAYxvU54eu
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5036 wrote to memory of 4348 5036 rundll32.exe rundll32.exe PID 5036 wrote to memory of 4348 5036 rundll32.exe rundll32.exe PID 5036 wrote to memory of 4348 5036 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\49c0e21df2a7132976c7b07514453155_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\49c0e21df2a7132976c7b07514453155_JaffaCakes118.dll,#12⤵PID:4348