Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 21:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3664ae0348fe0093444fdc6d60617f72_JaffaCakes118.dll
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3664ae0348fe0093444fdc6d60617f72_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
3664ae0348fe0093444fdc6d60617f72_JaffaCakes118.dll
-
Size
33KB
-
MD5
3664ae0348fe0093444fdc6d60617f72
-
SHA1
501f7092169fb30b50f2de424845435bf05f1327
-
SHA256
0df2babdd0c76c8e4227226d832b5ea8c6744c28c5a9aa042831fe601386c80c
-
SHA512
b2270a809d0489fd687a0f4b5a87caaab8438d4a7954293d902297fed45fa99052103c207c3db4595352f0e0314e7b153069d8ac9340f2661abf82c39a58cfb5
-
SSDEEP
768:blUdLSdcCsQk0tGuRM8DNr6e8cx9yBJnilcqbP2E9ae:bCdudcPUB6elMB5ilcUwe
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2228 wrote to memory of 2976 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2976 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2976 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2976 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2976 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2976 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2976 2228 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3664ae0348fe0093444fdc6d60617f72_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3664ae0348fe0093444fdc6d60617f72_JaffaCakes118.dll,#12⤵PID:2976