3de477e58c825439cb4ac812cb427a9b4cb8ba17422a048d9da9a4cbf4456665

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 06:54

Target

ecd4ccccce35b09659c33c6e5f402919_JaffaCakes118.dll
Size

840KB
MD5

ecd4ccccce35b09659c33c6e5f402919
SHA1

371701d311b84967be5cb639ed3642645420a5b6
SHA256

3de477e58c825439cb4ac812cb427a9b4cb8ba17422a048d9da9a4cbf4456665
SHA512

9bf8cf2549d51e9e344f41d30488bd57a28e9f3a9c6738b1bf233e64d10130ed377e776928a0326d4722f4f6ad304da03fe0887a202ea647afb43fbfb0e1e7b5
SSDEEP

12288:cZkG9ytDgQW7+wBGEykNyK/neh/Iio6AQ+iSEE195CMJkW2fKs:YAgQW79UEykNyA1ZdQuTJkRi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 2324	1812	rundll32.exe	28
PID 1812 wrote to memory of 2324	1812	rundll32.exe	28
PID 1812 wrote to memory of 2324	1812	rundll32.exe	28
PID 1812 wrote to memory of 2324	1812	rundll32.exe	28
PID 1812 wrote to memory of 2324	1812	rundll32.exe	28
PID 1812 wrote to memory of 2324	1812	rundll32.exe	28
PID 1812 wrote to memory of 2324	1812	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecd4ccccce35b09659c33c6e5f402919_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecd4ccccce35b09659c33c6e5f402919_JaffaCakes118.dll,#1
  2⤵
  PID:2324

memory/2324-0-0x0000000000710000-0x000000000071B000-memory.dmp

Filesize
44KB

Download
memory/2324-1-0x0000000000AB0000-0x0000000000BE6000-memory.dmp

Filesize
1.2MB

Download
memory/2324-2-0x0000000000AB0000-0x0000000000BE6000-memory.dmp

Filesize
1.2MB

Download