Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 11:36
Behavioral task
behavioral1
Sample
11dcd538dd6b5f80aae20c2df0290562_JaffaCakes118.dll
Resource
win7-20240611-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
11dcd538dd6b5f80aae20c2df0290562_JaffaCakes118.dll
Resource
win10v2004-20240611-en
3 signatures
150 seconds
General
-
Target
11dcd538dd6b5f80aae20c2df0290562_JaffaCakes118.dll
-
Size
1.1MB
-
MD5
11dcd538dd6b5f80aae20c2df0290562
-
SHA1
be2d719e707684b69fca0fddb93aa6fa52948c06
-
SHA256
573043ec056a91c2459ba8fa1f91a869d0e1edc66504711ad6768b969142dd35
-
SHA512
505e2a90e4d16d6fae56c831b7b4473901901b7d20249cafc37babf6926d9ab66804b553f23900cf710eb72cb723df1007594d7e11dd98615503384da1436aef
-
SSDEEP
24576:KjHZSW5ALlR6xUqiO9HiBWIew2deGEJ2EB8V9i17nR:UAWeLlR0UA9CWLw1N2kR17R
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2416-2-0x0000000010000000-0x00000000102FA000-memory.dmp vmprotect behavioral1/memory/2416-7-0x0000000010000000-0x00000000102FA000-memory.dmp vmprotect behavioral1/memory/2416-6-0x0000000010000000-0x00000000102FA000-memory.dmp vmprotect behavioral1/memory/2416-1-0x0000000010000000-0x00000000102FA000-memory.dmp vmprotect behavioral1/memory/2416-0-0x0000000010000000-0x00000000102FA000-memory.dmp vmprotect behavioral1/memory/2416-8-0x0000000010000000-0x00000000102FA000-memory.dmp vmprotect -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe 2416 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2400 wrote to memory of 2416 2400 rundll32.exe 28 PID 2400 wrote to memory of 2416 2400 rundll32.exe 28 PID 2400 wrote to memory of 2416 2400 rundll32.exe 28 PID 2400 wrote to memory of 2416 2400 rundll32.exe 28 PID 2400 wrote to memory of 2416 2400 rundll32.exe 28 PID 2400 wrote to memory of 2416 2400 rundll32.exe 28 PID 2400 wrote to memory of 2416 2400 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\11dcd538dd6b5f80aae20c2df0290562_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\11dcd538dd6b5f80aae20c2df0290562_JaffaCakes118.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:2416
-