e9b31296d4abde589fa1aad0a2506e23643bd5a2325dc247c33fd35f5f9c3234

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15-04-2024 02:32

Target

f01706a18b0fd6e7cae66e445332c221_JaffaCakes118.dll
Size

9KB
MD5

f01706a18b0fd6e7cae66e445332c221
SHA1

22f2ced89f1d2d6c9fc7b3de9ecd1866adcf500b
SHA256

e9b31296d4abde589fa1aad0a2506e23643bd5a2325dc247c33fd35f5f9c3234
SHA512

1df98ade5738a238f1f7cc3b8509bf23e5428e767a1fcb1ca5703c28ecfc61d7031c34832d809619d5c821b711a45626fa7cac98c992b1db71a99caa773b5ce2
SSDEEP

96:q1V7dR7uwEU+hCT3GrxZ4MUtPNlz0MdG8EWvdM3IWwG34bQ:kuwEt8rsTUtPLzKNWSYWF4bQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2160	2932	rundll32.exe	28
PID 2932 wrote to memory of 2160	2932	rundll32.exe	28
PID 2932 wrote to memory of 2160	2932	rundll32.exe	28
PID 2932 wrote to memory of 2160	2932	rundll32.exe	28
PID 2932 wrote to memory of 2160	2932	rundll32.exe	28
PID 2932 wrote to memory of 2160	2932	rundll32.exe	28
PID 2932 wrote to memory of 2160	2932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f01706a18b0fd6e7cae66e445332c221_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f01706a18b0fd6e7cae66e445332c221_JaffaCakes118.dll,#1
  2⤵
  PID:2160

memory/2160-0-0x0000000076F90000-0x0000000076F97000-memory.dmp

Filesize
28KB

Download
memory/2160-1-0x0000000076F90000-0x0000000076F97000-memory.dmp

Filesize
28KB

Download