Analysis
-
max time kernel
129s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
03-07-2024 03:34
Static task
static1
Behavioral task
behavioral1
Sample
20f1843ca024a6ebc701ba49ae839a54_JaffaCakes118.dll
Resource
win7-20240508-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
20f1843ca024a6ebc701ba49ae839a54_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
20f1843ca024a6ebc701ba49ae839a54_JaffaCakes118.dll
-
Size
346KB
-
MD5
20f1843ca024a6ebc701ba49ae839a54
-
SHA1
50105efdca0e3f2b2fe12dc496382b8a5d66da5a
-
SHA256
889d19544f9edaba2cd1fec953763c83209e3c5d5249baf74724c5d7211458e6
-
SHA512
d9838c3211e385129820c1f9e38cd6b219d6e891dc559bcfc37169b5e08be09531d099064fa8882960d1ceb5da00c2de5ec8e1dc4823d622b4a4615f0f569124
-
SSDEEP
3072:q82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRxvM:x2L7HN7Kl/jLA90QECrYR5M
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4004 wrote to memory of 1508 4004 rundll32.exe rundll32.exe PID 4004 wrote to memory of 1508 4004 rundll32.exe rundll32.exe PID 4004 wrote to memory of 1508 4004 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20f1843ca024a6ebc701ba49ae839a54_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20f1843ca024a6ebc701ba49ae839a54_JaffaCakes118.dll,#12⤵