Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 07:51
Behavioral task
behavioral1
Sample
1a7fea1b250d9ff99b0281dd5316568c_JaffaCakes118.dll
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1a7fea1b250d9ff99b0281dd5316568c_JaffaCakes118.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
1a7fea1b250d9ff99b0281dd5316568c_JaffaCakes118.dll
-
Size
6KB
-
MD5
1a7fea1b250d9ff99b0281dd5316568c
-
SHA1
b7750359e505f0a405babf9a83c8978d559b319a
-
SHA256
9579f183cee828f21d7fcb048d68815a248df081f602143be05db6e68f4ba27f
-
SHA512
af2df900090b04954a2987838db98f0c773e6381646fa13e16b4ea49c51398322402c216215425a45dd51f2d6f670fdec593209c26b4cee74fa2b5bf30cbc707
-
SSDEEP
96:63CjcnHqT5noRDei0x16WES01x9jF7COMjr78ERGvBsmi:66cnu5njBxEWo9p7U/78tBsmi
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3012 wrote to memory of 3024 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 3024 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 3024 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 3024 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 3024 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 3024 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 3024 3012 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a7fea1b250d9ff99b0281dd5316568c_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a7fea1b250d9ff99b0281dd5316568c_JaffaCakes118.dll,#12⤵