Analysis
-
max time kernel
14s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12-07-2024 18:48
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3e774d7326d1fd07fb9aa4cda8e91eb2_JaffaCakes118.dll
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3e774d7326d1fd07fb9aa4cda8e91eb2_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
3e774d7326d1fd07fb9aa4cda8e91eb2_JaffaCakes118.dll
-
Size
141KB
-
MD5
3e774d7326d1fd07fb9aa4cda8e91eb2
-
SHA1
aab406596ec2a4cbd337af35ce4a30e85e80374f
-
SHA256
f64d93881fa90dd38ffbe5ec5e5e878c334c2c35d9c4cc1143544124d6314c4d
-
SHA512
d0d2a768af7578c118c7d41fd8b09ee8a7c06b8d6426ec548e8b0251f7a09afa07b16f7e650497670c023b04c6a0df0305a8a1c2eb12ba4c5bc2998471cf7af7
-
SSDEEP
3072:nECAJhkdOP17s/qaOi08OwyHxcnZGCCXl11PllV1V:nEvgOP17s/F08OaoCC1vl1V
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2540 wrote to memory of 2588 2540 rundll32.exe 29 PID 2540 wrote to memory of 2588 2540 rundll32.exe 29 PID 2540 wrote to memory of 2588 2540 rundll32.exe 29 PID 2540 wrote to memory of 2588 2540 rundll32.exe 29 PID 2540 wrote to memory of 2588 2540 rundll32.exe 29 PID 2540 wrote to memory of 2588 2540 rundll32.exe 29 PID 2540 wrote to memory of 2588 2540 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e774d7326d1fd07fb9aa4cda8e91eb2_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2540 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e774d7326d1fd07fb9aa4cda8e91eb2_JaffaCakes118.dll,#12⤵PID:2588
-