Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 21:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3664645bdf2a5e7baa01fdc419df4513_JaffaCakes118.dll
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3664645bdf2a5e7baa01fdc419df4513_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
3664645bdf2a5e7baa01fdc419df4513_JaffaCakes118.dll
-
Size
6KB
-
MD5
3664645bdf2a5e7baa01fdc419df4513
-
SHA1
0e7ba956d0250779f2b2795ebe4d5b1616c6f5a0
-
SHA256
1f446e860c9e2407d11cd7cc919f4c13bcb28f522cfc10207970566214414957
-
SHA512
10757dc4bbbf7165cc1b2442a1e43dd499323ab2ba1f8930bc0a95d8c49a2056207a017e8b94f18eb978b561e0223ccb78e0ed395aaa41474f7401942781a3b1
-
SSDEEP
192:Rv0ZCVxcWDT6ixHvzX5at6J2cv2USQqNnSBkgUwuz:50OCiN7UtLcvlZo7h
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1620 wrote to memory of 2096 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 2096 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 2096 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 2096 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 2096 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 2096 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 2096 1620 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3664645bdf2a5e7baa01fdc419df4513_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1620 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3664645bdf2a5e7baa01fdc419df4513_JaffaCakes118.dll,#12⤵PID:2096