Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
02-07-2024 12:46
Static task
static1
Behavioral task
behavioral1
Sample
1f5e029b51fdd9e223116ba34e25d1ee_JaffaCakes118.dll
Resource
win7-20240611-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
1f5e029b51fdd9e223116ba34e25d1ee_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
1f5e029b51fdd9e223116ba34e25d1ee_JaffaCakes118.dll
-
Size
346KB
-
MD5
1f5e029b51fdd9e223116ba34e25d1ee
-
SHA1
7be734a9e347df4397139f8f6f525ec7922428ca
-
SHA256
98c4b9e9a1b20b69ba8dbda44199960f5037b7bc717158e6e9d05acdeb9424fe
-
SHA512
85223132747799a41c481df48f6d05f9a4437a080723a74c57c67227f4c3f38767cd7edae3ba7a03373e39535f6cb16c883b41fb0765a3bfe0b22ae98b273835
-
SSDEEP
3072:e82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:t2L7HN7Kl/jLA90QECrYRpj
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 668 wrote to memory of 4596 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 4596 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 4596 668 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1f5e029b51fdd9e223116ba34e25d1ee_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1f5e029b51fdd9e223116ba34e25d1ee_JaffaCakes118.dll,#12⤵