Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
09/05/2024, 09:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2945ebe3fddde4fb7d4736b6f13159b5_JaffaCakes118.dll
Resource
win7-20240215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2945ebe3fddde4fb7d4736b6f13159b5_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
2945ebe3fddde4fb7d4736b6f13159b5_JaffaCakes118.dll
-
Size
501KB
-
MD5
2945ebe3fddde4fb7d4736b6f13159b5
-
SHA1
0aae10836d6863cd360db735098bce11de7909e1
-
SHA256
0f22e5af9e1146e40171960269c85b5b1d9b16c835aa36be547bb474e1a86e2f
-
SHA512
02592f71b68912f1fac6bce386b59509276763f10066a9eb65d1acdd8b7f46be274976540179ceac73151d544f9cf16a5ce93333fb87ed196098e6f3c5e2db32
-
SSDEEP
12288:NUgXWjuyTG6bs21Hb7sWrQfnGoDdqUuw/uBETaB6UbAbT8:BWjuyTG6Y4H0EQfnGoDdqUuw/uKTk6Um
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1864 wrote to memory of 2416 1864 rundll32.exe 28 PID 1864 wrote to memory of 2416 1864 rundll32.exe 28 PID 1864 wrote to memory of 2416 1864 rundll32.exe 28 PID 1864 wrote to memory of 2416 1864 rundll32.exe 28 PID 1864 wrote to memory of 2416 1864 rundll32.exe 28 PID 1864 wrote to memory of 2416 1864 rundll32.exe 28 PID 1864 wrote to memory of 2416 1864 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2945ebe3fddde4fb7d4736b6f13159b5_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1864 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2945ebe3fddde4fb7d4736b6f13159b5_JaffaCakes118.dll,#12⤵PID:2416
-