Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
06/07/2024, 23:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll
Resource
win10v2004-20240704-en
1 signatures
150 seconds
General
-
Target
299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll
-
Size
16KB
-
MD5
299ecbf8a5ef2c0b87eeebccef7e6566
-
SHA1
a2a8e88e207c601db69850c2aceefed194613383
-
SHA256
8aac7a146911070632a619ab5de4b90fe862423076217b3139558c134b658ad7
-
SHA512
b7a22c3970597f3b4ae1009dd575e5d61898211dd554c1a0cddb334690a44e0980452df6bac76abc0beabb3d9a0a609d77b104584080678d9cc7f78aea26b464
-
SSDEEP
192:DI93J3YmENdhXfa1dLFk8OSKS3twSi2S+J+aWAcKzzhN0nlKvr2fIMmPzbWjFsE1:DITc8dBy3SdwSr5+MholFcKBn
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2412 wrote to memory of 2428 2412 rundll32.exe 28 PID 2412 wrote to memory of 2428 2412 rundll32.exe 28 PID 2412 wrote to memory of 2428 2412 rundll32.exe 28 PID 2412 wrote to memory of 2428 2412 rundll32.exe 28 PID 2412 wrote to memory of 2428 2412 rundll32.exe 28 PID 2412 wrote to memory of 2428 2412 rundll32.exe 28 PID 2412 wrote to memory of 2428 2412 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll,#12⤵PID:2428
-