Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
22/07/2024, 11:54
Behavioral task
behavioral1
Sample
6321a9beebe63d70389c17e22039f903_JaffaCakes118.dll
Resource
win7-20240705-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
6321a9beebe63d70389c17e22039f903_JaffaCakes118.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
6321a9beebe63d70389c17e22039f903_JaffaCakes118.dll
-
Size
107KB
-
MD5
6321a9beebe63d70389c17e22039f903
-
SHA1
9bc6741b6f97ad3b3e15f427178ba87b8959b798
-
SHA256
e271fd297f57c0931e6cc43b0c69d4a1cf2f9545a7169ea377af041a7db90475
-
SHA512
22177dc2d6e357ddc74309b4d94a9aa14f9c8ad1abad08c995b864023a015804a0d3064f95227cb8774dd7cce991209f7d930ce4545c79ba86579e7a51c0cf99
-
SSDEEP
1536:Mpsox7IB+zcZqFiUbP8pFn3LgGRYHojqu29qgKdpL2wJxMWb/0Mujx:MOn+zGnUr8T3LgSYHoudZKTqwJxMq0MG
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2580 wrote to memory of 1924 2580 rundll32.exe 30 PID 2580 wrote to memory of 1924 2580 rundll32.exe 30 PID 2580 wrote to memory of 1924 2580 rundll32.exe 30 PID 2580 wrote to memory of 1924 2580 rundll32.exe 30 PID 2580 wrote to memory of 1924 2580 rundll32.exe 30 PID 2580 wrote to memory of 1924 2580 rundll32.exe 30 PID 2580 wrote to memory of 1924 2580 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6321a9beebe63d70389c17e22039f903_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6321a9beebe63d70389c17e22039f903_JaffaCakes118.dll,#12⤵PID:1924
-