Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8fac6783106a0c2ea64a65bd0093b009_JaffaCakes118.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8fac6783106a0c2ea64a65bd0093b009_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
8fac6783106a0c2ea64a65bd0093b009_JaffaCakes118.dll
-
Size
64KB
-
MD5
8fac6783106a0c2ea64a65bd0093b009
-
SHA1
f36d6c8df1013f031f23dc42222cd9583b567a3b
-
SHA256
9c38dbe9439f927367c082a4b6bb779f4333c94003d8be7645a52ab36923444d
-
SHA512
42d2a9c902c5d4e8a989f1e8d84fb6483bbe14bfcaae7f5d59a328544bfaf9fcb8d7608b1027dfe990fb96b2957dfaee35233694504fc21d0af8a856ea2e3e66
-
SSDEEP
1536:SQgosHrp6cO16Xb7ezBJcwb3jcdX680Y5d0bter:ngrH4qXXez3cc3jEXiRxer
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2848 wrote to memory of 2036 2848 rundll32.exe 28 PID 2848 wrote to memory of 2036 2848 rundll32.exe 28 PID 2848 wrote to memory of 2036 2848 rundll32.exe 28 PID 2848 wrote to memory of 2036 2848 rundll32.exe 28 PID 2848 wrote to memory of 2036 2848 rundll32.exe 28 PID 2848 wrote to memory of 2036 2848 rundll32.exe 28 PID 2848 wrote to memory of 2036 2848 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8fac6783106a0c2ea64a65bd0093b009_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8fac6783106a0c2ea64a65bd0093b009_JaffaCakes118.dll,#12⤵PID:2036
-