Analysis
-
max time kernel
137s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25-06-2024 15:54
Static task
static1
Behavioral task
behavioral1
Sample
0ea843373e0ce72fe2195325e4dcb335_JaffaCakes118.dll
Resource
win7-20240419-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
0ea843373e0ce72fe2195325e4dcb335_JaffaCakes118.dll
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
0ea843373e0ce72fe2195325e4dcb335_JaffaCakes118.dll
-
Size
340KB
-
MD5
0ea843373e0ce72fe2195325e4dcb335
-
SHA1
5f64527a62d6aed596994508b3b680c5235dff31
-
SHA256
c9cfa9a47deb57fe47a01405a46c062d5bd296e898e82931bee50b860d1dacb0
-
SHA512
f46a52ba4ee9792a5b981700f19582c0fee02780fb03cf5d4d577e412f9e91fa010c4dff3e79cfd853a667070c977fb99cbcd9aa23fcc58e0891cfbb3bc0093a
-
SSDEEP
3072:9vA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:9206xWgGxLxWN40PDKR/JnX2P
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5112 wrote to memory of 1876 5112 rundll32.exe rundll32.exe PID 5112 wrote to memory of 1876 5112 rundll32.exe rundll32.exe PID 5112 wrote to memory of 1876 5112 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ea843373e0ce72fe2195325e4dcb335_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ea843373e0ce72fe2195325e4dcb335_JaffaCakes118.dll,#12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3924 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:81⤵