Analysis
-
max time kernel
140s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
21-06-2024 23:57
Static task
static1
Behavioral task
behavioral1
Sample
004ecb4bdce738be851e4fca7a06e477_JaffaCakes118.dll
Resource
win7-20240611-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
004ecb4bdce738be851e4fca7a06e477_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
004ecb4bdce738be851e4fca7a06e477_JaffaCakes118.dll
-
Size
340KB
-
MD5
004ecb4bdce738be851e4fca7a06e477
-
SHA1
242cc6b966419211f40ddc14e55b6a1a42a96f9d
-
SHA256
87dbd4994c18e910d8b45e460f7656ec9d9dc676211ce33241c5a77a537c5b4e
-
SHA512
dd18f568d7f1a2df8ab5e099d8c39ce0ce49940bf03cd76b2491f32e8bf5c9e545b94c6a3dab9c8bcbfdc12b8de8a0e0752b21b2298c400f6908939036c10793
-
SSDEEP
3072:zvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXRca:z206xWgGxLxWN40PDKR/JnXya
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 532 wrote to memory of 1972 532 rundll32.exe rundll32.exe PID 532 wrote to memory of 1972 532 rundll32.exe rundll32.exe PID 532 wrote to memory of 1972 532 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\004ecb4bdce738be851e4fca7a06e477_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\004ecb4bdce738be851e4fca7a06e477_JaffaCakes118.dll,#12⤵