7deaf0ee4ef44cf97f40d216c021152dbdd81d6bd31b70520df8a2d5a93dbccf

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 09:19

Target

f32bcf68c7ef9b53f17de0ca8392fade_JaffaCakes118.dll
Size

320KB
MD5

f32bcf68c7ef9b53f17de0ca8392fade
SHA1

c33f6e626b72ec96f5d5f6ab41c1b554373e382a
SHA256

7deaf0ee4ef44cf97f40d216c021152dbdd81d6bd31b70520df8a2d5a93dbccf
SHA512

c626c46897579c759a3b2c4dba1c5c0a9095d97ec0f36366cce274de7bae2fe79e5d9b45fb68646b7fb3b83b818ff9ddc3e4053a21eb08c8026dc438b75e1646
SSDEEP

6144:v7WgZLtXZC5yyBkySsnGpgsvkfEYUh+16Ui76FHbIuN1WoIR32JV:v7WgZLts5yCbSsnGpga1+EUiOpuLN2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 1580	2664	rundll32.exe	28
PID 2664 wrote to memory of 1580	2664	rundll32.exe	28
PID 2664 wrote to memory of 1580	2664	rundll32.exe	28
PID 2664 wrote to memory of 1580	2664	rundll32.exe	28
PID 2664 wrote to memory of 1580	2664	rundll32.exe	28
PID 2664 wrote to memory of 1580	2664	rundll32.exe	28
PID 2664 wrote to memory of 1580	2664	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f32bcf68c7ef9b53f17de0ca8392fade_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f32bcf68c7ef9b53f17de0ca8392fade_JaffaCakes118.dll,#1
  2⤵
  PID:1580

memory/1580-0-0x00000000001E0000-0x00000000001F9000-memory.dmp

Filesize
100KB

Download
memory/1580-1-0x0000000010000000-0x0000000010057000-memory.dmp

Filesize
348KB

Download