Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 09:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3cdc328d4eb5a658b5574f47f757a0ef_JaffaCakes118.dll
Resource
win7-20240705-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3cdc328d4eb5a658b5574f47f757a0ef_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
3cdc328d4eb5a658b5574f47f757a0ef_JaffaCakes118.dll
-
Size
32KB
-
MD5
3cdc328d4eb5a658b5574f47f757a0ef
-
SHA1
549ec726e2df36f8441996e0d35544973e5de8d5
-
SHA256
ad31e6b5218070c0575ec29e855179e0c830995466a9c1c476adb312fbb5cd8d
-
SHA512
eeb46a85fd6d1522332292c479bd9d71799a77f5569e1a30c8f999b5c2a56ce008647d10452798cd15c7257aef8026aeb44d2f1ac2c14d5d07a423ea5c7ce272
-
SSDEEP
768:E6doris3HEFN6sy86Qtj5Pdp7twAcj2uPey7Hq8Dr5k0OqO3QRAYWbe:E6doris+6sy86Qtj5Pdp7twAu2up7HqW
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1420 wrote to memory of 2124 1420 rundll32.exe 30 PID 1420 wrote to memory of 2124 1420 rundll32.exe 30 PID 1420 wrote to memory of 2124 1420 rundll32.exe 30 PID 1420 wrote to memory of 2124 1420 rundll32.exe 30 PID 1420 wrote to memory of 2124 1420 rundll32.exe 30 PID 1420 wrote to memory of 2124 1420 rundll32.exe 30 PID 1420 wrote to memory of 2124 1420 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3cdc328d4eb5a658b5574f47f757a0ef_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1420 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3cdc328d4eb5a658b5574f47f757a0ef_JaffaCakes118.dll,#12⤵PID:2124
-