Analysis
-
max time kernel
135s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
02-07-2024 14:47
Static task
static1
Behavioral task
behavioral1
Sample
1fb284dc231f874b6ea675b7edbd4d0b_JaffaCakes118.dll
Resource
win7-20240220-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
1fb284dc231f874b6ea675b7edbd4d0b_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
1fb284dc231f874b6ea675b7edbd4d0b_JaffaCakes118.dll
-
Size
340KB
-
MD5
1fb284dc231f874b6ea675b7edbd4d0b
-
SHA1
87916d61e10b6ed2970502ad16be1c4f9a325ccf
-
SHA256
b4d9d532c621dbe1ba96e0028eb50ad9389ce790b8fee816664b51a0694c64cc
-
SHA512
2d951128146c96249b4118cd8fc641219da670f7a49dd4a075af9df8b3cf5976918104082327eeb0f6fda3b60b56975aa3139595ddceed6fa58376853cce68f5
-
SSDEEP
3072:XvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXRca:X206xWgGxLxWN40PDKR/JnXya
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3040 wrote to memory of 4912 3040 rundll32.exe rundll32.exe PID 3040 wrote to memory of 4912 3040 rundll32.exe rundll32.exe PID 3040 wrote to memory of 4912 3040 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1fb284dc231f874b6ea675b7edbd4d0b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1fb284dc231f874b6ea675b7edbd4d0b_JaffaCakes118.dll,#12⤵