Analysis
-
max time kernel
134s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 20:55
Behavioral task
behavioral1
Sample
1c7742aeb8aba1feb5b50dffcfb3e05e_JaffaCakes118.dll
Resource
win7-20240508-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
1c7742aeb8aba1feb5b50dffcfb3e05e_JaffaCakes118.dll
Resource
win10v2004-20240611-en
3 signatures
150 seconds
General
-
Target
1c7742aeb8aba1feb5b50dffcfb3e05e_JaffaCakes118.dll
-
Size
503KB
-
MD5
1c7742aeb8aba1feb5b50dffcfb3e05e
-
SHA1
623f891f9a7af467ca1e94379022b36241ffba70
-
SHA256
2e43e54c3955734a8a49b2334c7636c6c19ebd54ac48f3c9ca147288049cb1f8
-
SHA512
207571d9dd66ba0100e42e7eb49eb02c58c02c916f2acd8c40024ca6d2939747c0d5ee85ec64b54ad63b53c07a74a78f80d7c1e32c1ab6e87f60b8850acce023
-
SSDEEP
12288:AT7VycY0yDyt5wnfhLYik7rM5rrKve7RcyqX/3:AT7Vyc5yDyt5ifxYr7E/KuRSf
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4800-0-0x0000000010000000-0x00000000100FC000-memory.dmp vmprotect -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
rundll32.exepid process 4800 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1656 wrote to memory of 4800 1656 rundll32.exe rundll32.exe PID 1656 wrote to memory of 4800 1656 rundll32.exe rundll32.exe PID 1656 wrote to memory of 4800 1656 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1c7742aeb8aba1feb5b50dffcfb3e05e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1c7742aeb8aba1feb5b50dffcfb3e05e_JaffaCakes118.dll,#12⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4800-0-0x0000000010000000-0x00000000100FC000-memory.dmpFilesize
1008KB