e24c38e155d9b6e04b5b7b9ec28fed1fbbbdd118235855400452a7564c44791d

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 03:47

Target

f03bb1227cc2a53ded3e4238e0974cdf_JaffaCakes118.dll
Size

72KB
MD5

f03bb1227cc2a53ded3e4238e0974cdf
SHA1

db2e270c56a56680cedbc418d572a67671c74fc3
SHA256

e24c38e155d9b6e04b5b7b9ec28fed1fbbbdd118235855400452a7564c44791d
SHA512

4885f549f17c37db04dabb080d5d5205bb264952b0eb8e19186c465d883341321a5be808fbe559faba3e523cf553925ab60aed83225704cbbe2b0317fa804440
SSDEEP

1536:2j+c2C7ZdUeZvziG9/vFD2q5YvCwS09qhvIo9ZHiT:237ZdVZ79952qOCwSJNImHiT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 3008	3012	rundll32.exe	28
PID 3012 wrote to memory of 3008	3012	rundll32.exe	28
PID 3012 wrote to memory of 3008	3012	rundll32.exe	28
PID 3012 wrote to memory of 3008	3012	rundll32.exe	28
PID 3012 wrote to memory of 3008	3012	rundll32.exe	28
PID 3012 wrote to memory of 3008	3012	rundll32.exe	28
PID 3012 wrote to memory of 3008	3012	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f03bb1227cc2a53ded3e4238e0974cdf_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f03bb1227cc2a53ded3e4238e0974cdf_JaffaCakes118.dll,#1
  2⤵
  PID:3008

memory/3008-0-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download