Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll
Resource
win7-20240220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll
-
Size
2.3MB
-
MD5
a1be9192e891fba4c6b77a3aa2fee9f8
-
SHA1
f9ec2a5a13645fccaf980f90be0d9ddaebf62996
-
SHA256
85980a58e807de02fe0cd2e795c66b1c435408427bc0c5a30aa2d84447bdd10d
-
SHA512
624b005be5da8eb9c2c64e434320f542b6d1f6338a2ee8d083d202047650a8e82b5a6365b4f948f8d87d19964d44155a6ae077f9390b736c7949e8d7e318c8ff
-
SSDEEP
49152:zfo+nVDb0LLygXtKKGcDRQWFqG9v0R/k+hKhQwZHb:k8VDb0JXtKBWFqG9MR/dhKhQwZ7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2004 wrote to memory of 2072 2004 rundll32.exe 28 PID 2004 wrote to memory of 2072 2004 rundll32.exe 28 PID 2004 wrote to memory of 2072 2004 rundll32.exe 28 PID 2004 wrote to memory of 2072 2004 rundll32.exe 28 PID 2004 wrote to memory of 2072 2004 rundll32.exe 28 PID 2004 wrote to memory of 2072 2004 rundll32.exe 28 PID 2004 wrote to memory of 2072 2004 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#12⤵PID:2072
-