Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
16-05-2024 17:55
Behavioral task
behavioral1
Sample
4c5686008bd2fbf7fed11445179c1db5_JaffaCakes118.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4c5686008bd2fbf7fed11445179c1db5_JaffaCakes118.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
4c5686008bd2fbf7fed11445179c1db5_JaffaCakes118.dll
-
Size
1.0MB
-
MD5
4c5686008bd2fbf7fed11445179c1db5
-
SHA1
c2dbba7b1906a8b3700ea9bb48dbab8a6cc58734
-
SHA256
20db817a92a3aa7c714c2cac423d5921e2b675ff805cf853672e429d67d64470
-
SHA512
3ff8c269a530008cb442383ffbd98f2686b9d09075038bb6fb5f396515e116d575250294c4c2cf276faeb1a93d61d35c0191b0023f7e91438cf7e8d9d7d01205
-
SSDEEP
12288:BSbulKPtlIP2QyZOzEeWksH5WBKkcTTfk99dbeEp9HQK222ycsVMHB9UESAMf3HR:BAJFlIPWfDH4cDELJ12fzvSnjDX/7R8S
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2848 wrote to memory of 3012 2848 rundll32.exe rundll32.exe PID 2848 wrote to memory of 3012 2848 rundll32.exe rundll32.exe PID 2848 wrote to memory of 3012 2848 rundll32.exe rundll32.exe PID 2848 wrote to memory of 3012 2848 rundll32.exe rundll32.exe PID 2848 wrote to memory of 3012 2848 rundll32.exe rundll32.exe PID 2848 wrote to memory of 3012 2848 rundll32.exe rundll32.exe PID 2848 wrote to memory of 3012 2848 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4c5686008bd2fbf7fed11445179c1db5_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4c5686008bd2fbf7fed11445179c1db5_JaffaCakes118.dll,#12⤵