Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
21-05-2024 00:49
Behavioral task
behavioral1
Sample
6182488bb294df4e41793bebc71a00d3_JaffaCakes118.dll
Resource
win7-20240220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
6182488bb294df4e41793bebc71a00d3_JaffaCakes118.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
6182488bb294df4e41793bebc71a00d3_JaffaCakes118.dll
-
Size
207KB
-
MD5
6182488bb294df4e41793bebc71a00d3
-
SHA1
0b9196addfe5e5ab45468b6f8460e71010cd1f2f
-
SHA256
d01e025c529877b9b3ae18652fe88ef343807fa460dc9c387610cb6258d4fc79
-
SHA512
ac70b10cfb701e5f9b7942f5a15822fb4235f2536d5962e9aa73ccbcaceb13fcd5546c8b54ef9a747f7a2b3d9bc6bf20011c19067795103d0bbe193b8a5ca413
-
SSDEEP
3072:KlC60GeD6N9Za5Yp6zPC952DmKX0tDV2/jqBkLcP6j5UZm5s:KNxfaWUzPWEKKX0pURLcyjef
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1028 wrote to memory of 1284 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1284 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1284 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1284 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1284 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1284 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1284 1028 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6182488bb294df4e41793bebc71a00d3_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6182488bb294df4e41793bebc71a00d3_JaffaCakes118.dll,#12⤵