Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 04:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a3d4a2d0ff0e9d1ab550da0118ca030d_JaffaCakes118.dll
Resource
win7-20240611-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a3d4a2d0ff0e9d1ab550da0118ca030d_JaffaCakes118.dll
Resource
win10v2004-20240611-en
0 signatures
150 seconds
General
-
Target
a3d4a2d0ff0e9d1ab550da0118ca030d_JaffaCakes118.dll
-
Size
719KB
-
MD5
a3d4a2d0ff0e9d1ab550da0118ca030d
-
SHA1
d2ed8e27c1171cb13ab6b2d5def9944eb8fb95b1
-
SHA256
4223565b2e7343b46f1092c78fc655ff3d63315d5e64483e81ee2db192f92268
-
SHA512
852cafb36de22e1673a25ae37457f3b281312d2d9a2769b777eaf055766eef00c8b0c3ccc93cd00439d033f79b1fdb3223245b61d030b06fd3e8015acbb16a7a
-
SSDEEP
12288:EzT152LYwNwt+I8LFktPqU1FCqckxaq/butNxReGtQ1D5Xq32w3HXFLPaIU+H8NJ:Ezbv4wLPqACUaqKtNxApqxLBUxq
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2648 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2648 wrote to memory of 2264 2648 rundll32.exe 28 PID 2648 wrote to memory of 2264 2648 rundll32.exe 28 PID 2648 wrote to memory of 2264 2648 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a3d4a2d0ff0e9d1ab550da0118ca030d_JaffaCakes118.dll,#11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2648 -s 1002⤵PID:2264
-