Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
22/07/2024, 14:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
63841289a193f0e9ba3272da2af933a2_JaffaCakes118.dll
Resource
win7-20240704-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
63841289a193f0e9ba3272da2af933a2_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
63841289a193f0e9ba3272da2af933a2_JaffaCakes118.dll
-
Size
68KB
-
MD5
63841289a193f0e9ba3272da2af933a2
-
SHA1
01d392a8a3cfc418f06c1578d291bade1772b22f
-
SHA256
bebc8f6169e1c78313a1048ec86999f05dfb846b37c01d716101c98391b54f01
-
SHA512
70e3e89248aef70cae3108e0d8d740ab8b5fa02951c75ad6d66f13e066e8898b0301ab1db650416eca4e1ed87816ac33d5a3e1dd31522098b487cd3d22473182
-
SSDEEP
768:A8GYuUxZH9ZRYbPPI2Kl9S6yDJcUfF6zbwYCmUGfLAn2cToBwEQ0Re1XROO+b:WYdtSRm062J3vYChDn2cToBwcAXRe
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2332 wrote to memory of 4732 2332 rundll32.exe 84 PID 2332 wrote to memory of 4732 2332 rundll32.exe 84 PID 2332 wrote to memory of 4732 2332 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\63841289a193f0e9ba3272da2af933a2_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\63841289a193f0e9ba3272da2af933a2_JaffaCakes118.dll,#12⤵PID:4732
-