Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-05-2024 11:52
Behavioral task
behavioral1
Sample
633125c60eb9c565bb86f56c20ca5539_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
633125c60eb9c565bb86f56c20ca5539_JaffaCakes118.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
633125c60eb9c565bb86f56c20ca5539_JaffaCakes118.dll
-
Size
207KB
-
MD5
633125c60eb9c565bb86f56c20ca5539
-
SHA1
7f097329af081b42f82a4767ec9ef7febc70f3e8
-
SHA256
79e35b8e37462c36093c2db5cb5da4b3380e11e5b8c8fd9f9a433889775e8a65
-
SHA512
88b9dc21317ad2f3b274b69f9273f25e98d7cbc24ea17faad532aed784227941f7708bce886223efc6c6600ecfac69a6ad004df19a1ff637627a60523fd3a52c
-
SSDEEP
3072:KlC60GeD6N9Za5Yp6zPC952DmKX0tDV2/jqBkLcP6j5UY5L:KNxfaWUzPWEKKX0pURLcyjt
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2868 wrote to memory of 2924 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2924 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2924 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2924 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2924 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2924 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 2924 2868 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\633125c60eb9c565bb86f56c20ca5539_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\633125c60eb9c565bb86f56c20ca5539_JaffaCakes118.dll,#12⤵