Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05-05-2024 00:20
Behavioral task
behavioral1
Sample
152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll
Resource
win10v2004-20240419-en
1 signatures
150 seconds
General
-
Target
152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll
-
Size
2.4MB
-
MD5
152294cc4a2b5c86ad99fd1f9263ecb2
-
SHA1
a5a39532c7d155bf3e74429c1a5016c7576c34f5
-
SHA256
fe9369606665edde73e2bb27fb2120f0fcc7de5406da3cfcc4b195df54bf4620
-
SHA512
591bc2b4acdc10f9561ae1e78a20df40a808985d950ae6c30f604757ad70974dadaa6d1e3e24a2ba02dfe41d1f878de783c5974d2de8e67faad817fe306dc7dd
-
SSDEEP
49152:vig6MHCT4Cgzcubg5kYLSzPHpES1fV2c61xqh0NBdenH1:P6Mv70kYLYHpESOT1xqCdeV
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2384 wrote to memory of 1660 2384 rundll32.exe rundll32.exe PID 2384 wrote to memory of 1660 2384 rundll32.exe rundll32.exe PID 2384 wrote to memory of 1660 2384 rundll32.exe rundll32.exe PID 2384 wrote to memory of 1660 2384 rundll32.exe rundll32.exe PID 2384 wrote to memory of 1660 2384 rundll32.exe rundll32.exe PID 2384 wrote to memory of 1660 2384 rundll32.exe rundll32.exe PID 2384 wrote to memory of 1660 2384 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll,#12⤵