Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 14:55
Behavioral task
behavioral1
Sample
1bbb316ee2c0ab547415ef9da2bbc70e_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1bbb316ee2c0ab547415ef9da2bbc70e_JaffaCakes118.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
1bbb316ee2c0ab547415ef9da2bbc70e_JaffaCakes118.dll
-
Size
356KB
-
MD5
1bbb316ee2c0ab547415ef9da2bbc70e
-
SHA1
6009bee156918517b753305697763db61b4c0fbd
-
SHA256
2b7f20c55baff17cb8bbb9f549d964ece8dc72c05804804bb95ab57b19bb7daa
-
SHA512
f033f5d942f5bf4de68b1a68948d7663ae852cd29f0375d0d6e72303a2a76d8aec5be4f2c834915eef1af879f0ead49796695e0a74201bc64d2992260b6055f2
-
SSDEEP
6144:MP1inwaCTVE75Xou6Opf1OIzIbNpYZXkAwQ2xWrtOQgUef1MduJ2qMQ:MPawaD1X4+FcNpYpkAwSprgjf1P2qt
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2152-2-0x0000000074B00000-0x0000000074BB9000-memory.dmp vmprotect behavioral1/memory/2152-3-0x0000000074B00000-0x0000000074BB9000-memory.dmp vmprotect behavioral1/memory/2152-0-0x0000000074BC0000-0x0000000074C79000-memory.dmp vmprotect behavioral1/memory/2152-4-0x0000000074B00000-0x0000000074BB9000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2940 wrote to memory of 2152 2940 rundll32.exe rundll32.exe PID 2940 wrote to memory of 2152 2940 rundll32.exe rundll32.exe PID 2940 wrote to memory of 2152 2940 rundll32.exe rundll32.exe PID 2940 wrote to memory of 2152 2940 rundll32.exe rundll32.exe PID 2940 wrote to memory of 2152 2940 rundll32.exe rundll32.exe PID 2940 wrote to memory of 2152 2940 rundll32.exe rundll32.exe PID 2940 wrote to memory of 2152 2940 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1bbb316ee2c0ab547415ef9da2bbc70e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1bbb316ee2c0ab547415ef9da2bbc70e_JaffaCakes118.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2152-2-0x0000000074B00000-0x0000000074BB9000-memory.dmpFilesize
740KB
-
memory/2152-3-0x0000000074B00000-0x0000000074BB9000-memory.dmpFilesize
740KB
-
memory/2152-1-0x0000000074BC0000-0x0000000074C79000-memory.dmpFilesize
740KB
-
memory/2152-0-0x0000000074BC0000-0x0000000074C79000-memory.dmpFilesize
740KB
-
memory/2152-4-0x0000000074B00000-0x0000000074BB9000-memory.dmpFilesize
740KB