Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 07:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
03fbbba08443d719c48a16380a4c7bca_JaffaCakes118.dll
Resource
win7-20240611-en
1 signatures
150 seconds
General
-
Target
03fbbba08443d719c48a16380a4c7bca_JaffaCakes118.dll
-
Size
113KB
-
MD5
03fbbba08443d719c48a16380a4c7bca
-
SHA1
2ec24b53585b27f9a778845f4e530e6b0421a575
-
SHA256
40db3319b8eeec04973e9f67ce1eb5f76160619c9c6a54e3a8208a18be7529d2
-
SHA512
5e3042db83759db56f1d99cbdf52678f06297f678034a1806122f5012bf5ea38a186944dc1fed4e73ef9922dbe169849d49d70f0ef9fc000088e7592cd76cd86
-
SSDEEP
3072:sewc6DlnLPTOBZLJW7m3TfY1qCB2Y2FmH2:sewc6DBLbOJW7YfYstY2Fm
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1932 wrote to memory of 2208 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 2208 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 2208 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 2208 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 2208 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 2208 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 2208 1932 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03fbbba08443d719c48a16380a4c7bca_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03fbbba08443d719c48a16380a4c7bca_JaffaCakes118.dll,#12⤵PID:2208