Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/06/2024, 00:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
180b43f4225dbd427a41787bcf54e605_JaffaCakes118.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
180b43f4225dbd427a41787bcf54e605_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
180b43f4225dbd427a41787bcf54e605_JaffaCakes118.dll
-
Size
97KB
-
MD5
180b43f4225dbd427a41787bcf54e605
-
SHA1
9a57f12b39db8d5cba546e62ae2ce859851741e8
-
SHA256
831561b30500433d71966ad3badbb37c679d9a7873d744a3260f2d3746dc9380
-
SHA512
507c40515a5a7a9a83713e51b1f24773a2c92cfc624ab4db56a96104e1fcfc461d0d3313199c64c348bcff28d0de915b75ca5bd192718cbfa442d5140d8b8722
-
SSDEEP
1536:doqqmWMziXV8Kq23Jo41wpMb5PmlYfww7mFjCGy/SAb2tF+Wnd5h+:SqqmW+23JbIFifww7a9uStF+y5I
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 292 wrote to memory of 1976 292 rundll32.exe 28 PID 292 wrote to memory of 1976 292 rundll32.exe 28 PID 292 wrote to memory of 1976 292 rundll32.exe 28 PID 292 wrote to memory of 1976 292 rundll32.exe 28 PID 292 wrote to memory of 1976 292 rundll32.exe 28 PID 292 wrote to memory of 1976 292 rundll32.exe 28 PID 292 wrote to memory of 1976 292 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\180b43f4225dbd427a41787bcf54e605_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:292 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\180b43f4225dbd427a41787bcf54e605_JaffaCakes118.dll,#12⤵PID:1976
-