Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01-05-2024 23:48
Behavioral task
behavioral1
Sample
0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118.dll
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118.dll
-
Size
1.0MB
-
MD5
0ce57e90c615bd156c5b9a9059583ff9
-
SHA1
04d000ab4966dad8c132496032075a74dbda73af
-
SHA256
052b2cfaafd3e657935077e43ddbf2fe84558ddf3143ffbe0b8c028548b232f7
-
SHA512
9b2c8bba908be7476c6187aa773195d46c42fd55bce8ef89581230f847e787c89813165035e906148b33148683dbf465c0d0f1ff2519163c1992ffe5c6003f22
-
SSDEEP
24576:ECChy5r/9A9+tYO0AqNzg89etxmL8Guyxe:LP/9Abzg89RL8Byxe
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2868 wrote to memory of 2972 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2972 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2972 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2972 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2972 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2972 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2972 2868 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118.dll,#12⤵