Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 16:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a1589fbd2617c38701e3afe1635d0b98_JaffaCakes118.dll
Resource
win7-20240611-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a1589fbd2617c38701e3afe1635d0b98_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
a1589fbd2617c38701e3afe1635d0b98_JaffaCakes118.dll
-
Size
89KB
-
MD5
a1589fbd2617c38701e3afe1635d0b98
-
SHA1
e2b8da1f33a7d06f43dfcf8b96ae3b3531df0dff
-
SHA256
e82daaac4ba36352cb35f1f9edb014fd1ec9a628c8f3d89b463082d1b7b588bb
-
SHA512
a882c312fe5c2aba396a93236bf80269f0ce1790ed84944887ee500935a134459fc8d77dfc04a49a869dcb70d7dacbd1b7d6777053386681992832ec78d5249f
-
SSDEEP
1536:SQgosHrp6cO16XbM9+JbtkqHj7wudeak2FSb5K3KaUQas:ngrH4qXYUJbtBQuR5Fe5PaUK
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1540 wrote to memory of 2696 1540 rundll32.exe 28 PID 1540 wrote to memory of 2696 1540 rundll32.exe 28 PID 1540 wrote to memory of 2696 1540 rundll32.exe 28 PID 1540 wrote to memory of 2696 1540 rundll32.exe 28 PID 1540 wrote to memory of 2696 1540 rundll32.exe 28 PID 1540 wrote to memory of 2696 1540 rundll32.exe 28 PID 1540 wrote to memory of 2696 1540 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1589fbd2617c38701e3afe1635d0b98_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1540 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1589fbd2617c38701e3afe1635d0b98_JaffaCakes118.dll,#12⤵PID:2696
-