Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8faca7186e445dcdae65f1cd4fbb408f_JaffaCakes118.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8faca7186e445dcdae65f1cd4fbb408f_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
8faca7186e445dcdae65f1cd4fbb408f_JaffaCakes118.dll
-
Size
81KB
-
MD5
8faca7186e445dcdae65f1cd4fbb408f
-
SHA1
34d0a21ab063288348da41322a7aab76218aad42
-
SHA256
4bb54561b4ed416f5e4449d777710d7ea514768dd44a1f23221f731bc7067059
-
SHA512
ac8308437e694e92f68460c099bf7ef8c9243a7fc3808de075f06046a974bf903ee2c95b63e3b37a82a94ea398bfc2ab60a3ce2427b8624b7d4a84fe44cb05e9
-
SSDEEP
1536:b4k4GVCrVqbaiDr1R0bq186Xq23iPL53XOFYV8KLokTVgazTmy2kgSCZiFb7:rCAaCrb0bJ6EP93X5EkTVJXmXo
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2424 wrote to memory of 2256 2424 rundll32.exe 28 PID 2424 wrote to memory of 2256 2424 rundll32.exe 28 PID 2424 wrote to memory of 2256 2424 rundll32.exe 28 PID 2424 wrote to memory of 2256 2424 rundll32.exe 28 PID 2424 wrote to memory of 2256 2424 rundll32.exe 28 PID 2424 wrote to memory of 2256 2424 rundll32.exe 28 PID 2424 wrote to memory of 2256 2424 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8faca7186e445dcdae65f1cd4fbb408f_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8faca7186e445dcdae65f1cd4fbb408f_JaffaCakes118.dll,#12⤵PID:2256
-