Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 08:05
Behavioral task
behavioral1
Sample
1a8938ccb022561f26e2c3fba9e64824_JaffaCakes118.dll
Resource
win7-20240221-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
1a8938ccb022561f26e2c3fba9e64824_JaffaCakes118.dll
Resource
win10v2004-20240611-en
3 signatures
150 seconds
General
-
Target
1a8938ccb022561f26e2c3fba9e64824_JaffaCakes118.dll
-
Size
724KB
-
MD5
1a8938ccb022561f26e2c3fba9e64824
-
SHA1
427d0f4d67b71ff5bddd7ab9812693744eeead6b
-
SHA256
3ea09605da7dd2f573b7879ca6105134128018529bb721afe4a003b2b97bb5e4
-
SHA512
6427d1beb5a57a4f7a3e77adcce71cb73113d3ad16aa677fe6f116a5a6ffcd6705ce0f13b7fd1a8201d5f5cbeca766ed34625471653845251ffd7dce1f211d30
-
SSDEEP
12288:7NLMlgQLewMI9BHdQ+rmNMo23S+qGxJHYWLzKNf4Jh0g+vmL3qPYmJpdzNZv:SHXXHe+rCMNXHYq2kh1byYmF
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/3016-0-0x0000000010000000-0x000000001015D000-memory.dmp vmprotect behavioral1/memory/3016-2-0x0000000010000000-0x000000001015D000-memory.dmp vmprotect behavioral1/memory/3016-1-0x0000000010000000-0x000000001015D000-memory.dmp vmprotect behavioral1/memory/3016-3-0x0000000010000000-0x000000001015D000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
rundll32.exepid process 3016 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3048 wrote to memory of 3016 3048 rundll32.exe rundll32.exe PID 3048 wrote to memory of 3016 3048 rundll32.exe rundll32.exe PID 3048 wrote to memory of 3016 3048 rundll32.exe rundll32.exe PID 3048 wrote to memory of 3016 3048 rundll32.exe rundll32.exe PID 3048 wrote to memory of 3016 3048 rundll32.exe rundll32.exe PID 3048 wrote to memory of 3016 3048 rundll32.exe rundll32.exe PID 3048 wrote to memory of 3016 3048 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a8938ccb022561f26e2c3fba9e64824_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a8938ccb022561f26e2c3fba9e64824_JaffaCakes118.dll,#12⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3016-0-0x0000000010000000-0x000000001015D000-memory.dmpFilesize
1.4MB
-
memory/3016-2-0x0000000010000000-0x000000001015D000-memory.dmpFilesize
1.4MB
-
memory/3016-1-0x0000000010000000-0x000000001015D000-memory.dmpFilesize
1.4MB
-
memory/3016-3-0x0000000010000000-0x000000001015D000-memory.dmpFilesize
1.4MB