Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 21:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll
-
Size
86KB
-
MD5
366685879fdd00a325ac95a67839a51e
-
SHA1
e93b4b37085ca724b868d4e56205ec6493de086f
-
SHA256
fbf597174381687395f83ad57a9ce1e0e7da2b1b6b2806b684ab3b08aa740fcf
-
SHA512
70dab15401e873352b9d95223594427bca9050f256087f8fb15032578e037fb1f446714f87f23c6ce4333c9fad7cbc70dae2239614dccfb705b5b0d715cceb55
-
SSDEEP
1536:bq+dX5z9lhsRbarmsapZyWK+0IStWJ+xruajIDUsL+JjiHq0VaO1FsPRFDmu+Tx:bbdRhsRwmsmB4tCailUsLHq0VaODQW
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3004 wrote to memory of 112 3004 rundll32.exe rundll32.exe PID 3004 wrote to memory of 112 3004 rundll32.exe rundll32.exe PID 3004 wrote to memory of 112 3004 rundll32.exe rundll32.exe PID 3004 wrote to memory of 112 3004 rundll32.exe rundll32.exe PID 3004 wrote to memory of 112 3004 rundll32.exe rundll32.exe PID 3004 wrote to memory of 112 3004 rundll32.exe rundll32.exe PID 3004 wrote to memory of 112 3004 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll,#12⤵PID:112