Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09-05-2024 10:19
Behavioral task
behavioral1
Sample
297f3beb9c3b749637a4d519029e196f_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
297f3beb9c3b749637a4d519029e196f_JaffaCakes118.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
297f3beb9c3b749637a4d519029e196f_JaffaCakes118.dll
-
Size
1.1MB
-
MD5
297f3beb9c3b749637a4d519029e196f
-
SHA1
b8bdc52e9bf3efb86ceae2e055705b759d07a988
-
SHA256
2057816c4170fa3cef69ba4751fdfa5b28f0deb2604e7aea4598576c5a23c454
-
SHA512
5f3d70825ce4c69e27f6c469795e3886389c5775e176eb8b40e5219487e5a9841b81c8c2b0f7a0aa08c67313f01ad7e3d0533c95018b7a1a682c2ac110c98bba
-
SSDEEP
24576:eUxnFN+kYwA7HZvzpTetpJssJTe0EAey8KXLJfjiR2INK3S:Dn5YwK9tOJ99KyBjitV
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2112 wrote to memory of 2240 2112 rundll32.exe rundll32.exe PID 2112 wrote to memory of 2240 2112 rundll32.exe rundll32.exe PID 2112 wrote to memory of 2240 2112 rundll32.exe rundll32.exe PID 2112 wrote to memory of 2240 2112 rundll32.exe rundll32.exe PID 2112 wrote to memory of 2240 2112 rundll32.exe rundll32.exe PID 2112 wrote to memory of 2240 2112 rundll32.exe rundll32.exe PID 2112 wrote to memory of 2240 2112 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\297f3beb9c3b749637a4d519029e196f_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\297f3beb9c3b749637a4d519029e196f_JaffaCakes118.dll,#12⤵