Analysis
-
max time kernel
137s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 20:24
Static task
static1
Behavioral task
behavioral1
Sample
0aad9d4e2b506e4e2db5e20d10c99511_JaffaCakes118.dll
Resource
win7-20240611-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
0aad9d4e2b506e4e2db5e20d10c99511_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
0aad9d4e2b506e4e2db5e20d10c99511_JaffaCakes118.dll
-
Size
346KB
-
MD5
0aad9d4e2b506e4e2db5e20d10c99511
-
SHA1
e30febe5d3911fbd03a0d036b673f6457f3bb5e7
-
SHA256
f7335e28e0b64c1e057723888130e5721bfa117a0b3d38410d25e0d648398330
-
SHA512
366147474e56ec4c2384c5d82a7946599b5ac0418eacc0d3f5c073a402ce2caa24820e1f5b702b2d2c4b0d8e83276e38ff91f0f7e93b6185a94cf17c456002ee
-
SSDEEP
3072:V82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:u2L7HN7Kl/jLA90QECrYRpj
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3860 wrote to memory of 4736 3860 rundll32.exe rundll32.exe PID 3860 wrote to memory of 4736 3860 rundll32.exe rundll32.exe PID 3860 wrote to memory of 4736 3860 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0aad9d4e2b506e4e2db5e20d10c99511_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0aad9d4e2b506e4e2db5e20d10c99511_JaffaCakes118.dll,#12⤵