82cef2dd77dc4d5fbc5bd34ee4d535fde7a6f7c2798c4acc6b4df2a9f7054015

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 16:07

Target

edd19a0504be17b6463682a85fb5e919_JaffaCakes118.dll
Size

27KB
MD5

edd19a0504be17b6463682a85fb5e919
SHA1

146b9f319ed6ae283f301cfb7eded16b5e2f1f7d
SHA256

82cef2dd77dc4d5fbc5bd34ee4d535fde7a6f7c2798c4acc6b4df2a9f7054015
SHA512

fee21d12c7c35b7d87fe5f55f911f61763c7c3731b098de9a094945ed96d26385b01be96205f1602e055782fa690b322ae872a069f2c4c422659e08917b591fc
SSDEEP

768:8+7p1COXZ1ugqSM3O1albWlnBqTAnFve9/bjZEX7:8+7vCootlbWlnETAFve9/3ZM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1948	1736	rundll32.exe	28
PID 1736 wrote to memory of 1948	1736	rundll32.exe	28
PID 1736 wrote to memory of 1948	1736	rundll32.exe	28
PID 1736 wrote to memory of 1948	1736	rundll32.exe	28
PID 1736 wrote to memory of 1948	1736	rundll32.exe	28
PID 1736 wrote to memory of 1948	1736	rundll32.exe	28
PID 1736 wrote to memory of 1948	1736	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\edd19a0504be17b6463682a85fb5e919_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\edd19a0504be17b6463682a85fb5e919_JaffaCakes118.dll,#1
  2⤵
  PID:1948

memory/1948-0-0x0000000000160000-0x0000000000165000-memory.dmp

Filesize
20KB

Download
memory/1948-1-0x0000000000160000-0x0000000000165000-memory.dmp

Filesize
20KB

Download
memory/1948-2-0x0000000000170000-0x0000000000175000-memory.dmp

Filesize
20KB

Download
memory/1948-3-0x0000000000170000-0x0000000000172000-memory.dmp

Filesize
8KB

Download