Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 00:05
Behavioral task
behavioral1
Sample
6549eac35a9427c1b5d294da088e6730_JaffaCakes118.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
6549eac35a9427c1b5d294da088e6730_JaffaCakes118.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
6549eac35a9427c1b5d294da088e6730_JaffaCakes118.dll
-
Size
202KB
-
MD5
6549eac35a9427c1b5d294da088e6730
-
SHA1
b0dc18d67b60b3190f9548d192d2295e925c69e8
-
SHA256
00b1026ac1c50f331e97f045ff1e19ea4d289073ce1cc53b09302d02784e4426
-
SHA512
32cf462761d5813b8983507ed34af31e78b0c45d6bd1c536722233cd71e130f99b0705fb1216f7a4d6071b9fec510021adce675c3137c17addb1fdd0cdfa49d4
-
SSDEEP
3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15j:PjdFKdoSxvixTxUA
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3036 2348 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2360 wrote to memory of 2348 2360 rundll32.exe rundll32.exe PID 2360 wrote to memory of 2348 2360 rundll32.exe rundll32.exe PID 2360 wrote to memory of 2348 2360 rundll32.exe rundll32.exe PID 2360 wrote to memory of 2348 2360 rundll32.exe rundll32.exe PID 2360 wrote to memory of 2348 2360 rundll32.exe rundll32.exe PID 2360 wrote to memory of 2348 2360 rundll32.exe rundll32.exe PID 2360 wrote to memory of 2348 2360 rundll32.exe rundll32.exe PID 2348 wrote to memory of 3036 2348 rundll32.exe WerFault.exe PID 2348 wrote to memory of 3036 2348 rundll32.exe WerFault.exe PID 2348 wrote to memory of 3036 2348 rundll32.exe WerFault.exe PID 2348 wrote to memory of 3036 2348 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6549eac35a9427c1b5d294da088e6730_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6549eac35a9427c1b5d294da088e6730_JaffaCakes118.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 2403⤵
- Program crash