Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 08:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
044476a3ae480a2a5408f7a2b7f64282_JaffaCakes118.dll
Resource
win7-20240508-en
1 signatures
150 seconds
General
-
Target
044476a3ae480a2a5408f7a2b7f64282_JaffaCakes118.dll
-
Size
111KB
-
MD5
044476a3ae480a2a5408f7a2b7f64282
-
SHA1
6d9d80314566a580f251413c99cca55f3efd79e7
-
SHA256
afd11ce544197fdb0c89320eca95fe753ea649d4d3cb2d5f69db9e7814b9fb76
-
SHA512
de00f978d120a9fb4f903a21679d8dc1c59c3b0e15478b454beacf931f404f80ab286d17bd0b8405b67fb01b092fa7f8787d9f4b7ea1c97ee77f2c87c6f8386a
-
SSDEEP
1536:jgVtSKAWm51ewHbwy6DujGTbMtsNOyFZjitc23gAPa6tPFR8E14/mdO3U:UVtSKQ51ety6DuYbMtuhzEZa2PFAUO3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1924 wrote to memory of 1932 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 1932 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 1932 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 1932 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 1932 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 1932 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 1932 1924 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\044476a3ae480a2a5408f7a2b7f64282_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\044476a3ae480a2a5408f7a2b7f64282_JaffaCakes118.dll,#12⤵PID:1932