Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 12:38
Behavioral task
behavioral1
Sample
fcc92a5c6c2f5534be3dd967f1f5cde3_JaffaCakes118.dll
Resource
win7-20240215-en
3 signatures
150 seconds
General
-
Target
fcc92a5c6c2f5534be3dd967f1f5cde3_JaffaCakes118.dll
-
Size
68KB
-
MD5
fcc92a5c6c2f5534be3dd967f1f5cde3
-
SHA1
41bc38068eb4b988040e525a0d8dbb4e195bf5d7
-
SHA256
b947392e9dc843552fa0f103f0721872ec184b27a65247005a1e5f74f368f315
-
SHA512
d99c13d573496bf9e82e49a03128998543254d3c36a3b8e78033f2cf8dca606d8cc55a60fd1d886f94cb702e22b42c15c07476b5413a7b42acb39eac8e743746
-
SSDEEP
1536:NUw/HyslBvrq9HDFuuX8SkThRAKecdIhf3/8NY5kK7Up:NUw/HyslBcuuXLkYKe+IR3/8akK7Up
Malware Config
Signatures
-
Gh0st RAT payload 4 IoCs
Processes:
resource yara_rule behavioral1/memory/2388-0-0x0000000010000000-0x0000000010013000-memory.dmp family_gh0strat behavioral1/memory/2388-1-0x0000000010000000-0x0000000010013000-memory.dmp family_gh0strat behavioral1/memory/2388-2-0x0000000010000000-0x0000000010013000-memory.dmp family_gh0strat behavioral1/memory/2388-3-0x0000000010000000-0x0000000010013000-memory.dmp family_gh0strat -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2204 wrote to memory of 2388 2204 rundll32.exe rundll32.exe PID 2204 wrote to memory of 2388 2204 rundll32.exe rundll32.exe PID 2204 wrote to memory of 2388 2204 rundll32.exe rundll32.exe PID 2204 wrote to memory of 2388 2204 rundll32.exe rundll32.exe PID 2204 wrote to memory of 2388 2204 rundll32.exe rundll32.exe PID 2204 wrote to memory of 2388 2204 rundll32.exe rundll32.exe PID 2204 wrote to memory of 2388 2204 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fcc92a5c6c2f5534be3dd967f1f5cde3_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fcc92a5c6c2f5534be3dd967f1f5cde3_JaffaCakes118.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2388-0-0x0000000010000000-0x0000000010013000-memory.dmpFilesize
76KB
-
memory/2388-1-0x0000000010000000-0x0000000010013000-memory.dmpFilesize
76KB
-
memory/2388-2-0x0000000010000000-0x0000000010013000-memory.dmpFilesize
76KB
-
memory/2388-3-0x0000000010000000-0x0000000010013000-memory.dmpFilesize
76KB