Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
20/07/2024, 03:39
Behavioral task
behavioral1
Sample
5ee4a54b10516755e98b2d583bfcec8c_JaffaCakes118.dll
Resource
win7-20240704-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5ee4a54b10516755e98b2d583bfcec8c_JaffaCakes118.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
5ee4a54b10516755e98b2d583bfcec8c_JaffaCakes118.dll
-
Size
94KB
-
MD5
5ee4a54b10516755e98b2d583bfcec8c
-
SHA1
5b9f43118c3151604e66a6c1c87f5e300ba5efc0
-
SHA256
ace021785db548af69e911bc381ae1fdf8e17c75a2fae121b36e9136a972c19c
-
SHA512
96f9ae91e23c81c6e9a81c6ef86fb850a3718e56f444e8aa0a97a68e1c2e2f972998de68cec9051ed488a2f359e4a15d16051f5ea571154d0fdf8df7ff6acf88
-
SSDEEP
1536:QNDv8h1CLfWQnjM2n0Wvu6lh8R/8aO2yZuqfk/HoHm9ZeJ6x8c44WTX5hXgfv:qYsLnAKfFbaO2NHvwi8cCX5Sv
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2568 wrote to memory of 2460 2568 rundll32.exe 30 PID 2568 wrote to memory of 2460 2568 rundll32.exe 30 PID 2568 wrote to memory of 2460 2568 rundll32.exe 30 PID 2568 wrote to memory of 2460 2568 rundll32.exe 30 PID 2568 wrote to memory of 2460 2568 rundll32.exe 30 PID 2568 wrote to memory of 2460 2568 rundll32.exe 30 PID 2568 wrote to memory of 2460 2568 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ee4a54b10516755e98b2d583bfcec8c_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2568 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ee4a54b10516755e98b2d583bfcec8c_JaffaCakes118.dll,#12⤵PID:2460
-