Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
11/07/2024, 01:09
Behavioral task
behavioral1
Sample
37235d6cfb5252580075a44f97e68df3_JaffaCakes118.dll
Resource
win7-20240704-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
37235d6cfb5252580075a44f97e68df3_JaffaCakes118.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
37235d6cfb5252580075a44f97e68df3_JaffaCakes118.dll
-
Size
65KB
-
MD5
37235d6cfb5252580075a44f97e68df3
-
SHA1
e007b54179b27ec53130f1101d5a084f2efed9bb
-
SHA256
987fe67471379fc9e57ee9b3e2cbff58d9642cde2b79c921d27b7d34ab4d094b
-
SHA512
5537cc53d1cb0e412e2b5f5f5e4d1c57e785009b95a867fd54ed17e9237635beb2155ffab5eabd60719b7f02e43aa7888257f1a2e757b4af5db4fa6b1205b77f
-
SSDEEP
1536:5jRmO3A4xeLIQmbjwWXJ9L61gMgSK61QOV49dpYIlg:xfw4wsQmvrMgSK4ideUg
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2728-0-0x0000000010000000-0x000000001000D000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1888 wrote to memory of 2728 1888 rundll32.exe 30 PID 1888 wrote to memory of 2728 1888 rundll32.exe 30 PID 1888 wrote to memory of 2728 1888 rundll32.exe 30 PID 1888 wrote to memory of 2728 1888 rundll32.exe 30 PID 1888 wrote to memory of 2728 1888 rundll32.exe 30 PID 1888 wrote to memory of 2728 1888 rundll32.exe 30 PID 1888 wrote to memory of 2728 1888 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\37235d6cfb5252580075a44f97e68df3_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\37235d6cfb5252580075a44f97e68df3_JaffaCakes118.dll,#12⤵PID:2728
-