880a441aea649c65f7bd45bf4a4b4c3fcb913feea5bfae46eb8e25a76f9cc426

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 10:51

Target

f3563585b2577461dc3044952a4ef7e3_JaffaCakes118.dll
Size

25KB
MD5

f3563585b2577461dc3044952a4ef7e3
SHA1

aebae2d14b3cfb660feb539ca3f04c4fe731f143
SHA256

880a441aea649c65f7bd45bf4a4b4c3fcb913feea5bfae46eb8e25a76f9cc426
SHA512

d64a470c0252af78270796d4e470110613972e2e82cd3fd80cd0fed963a187f89e6bd534ef16ce4832eee7fcb6a775c9c5c116f035de67a5ea5fd32cdb077153
SSDEEP

768:AGzATDOsUv3PYu1uVuS2177vAVM9JVYuGpO+g:o3OsU/PpvlgMtxGe

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2056	1924	rundll32.exe	28
PID 1924 wrote to memory of 2056	1924	rundll32.exe	28
PID 1924 wrote to memory of 2056	1924	rundll32.exe	28
PID 1924 wrote to memory of 2056	1924	rundll32.exe	28
PID 1924 wrote to memory of 2056	1924	rundll32.exe	28
PID 1924 wrote to memory of 2056	1924	rundll32.exe	28
PID 1924 wrote to memory of 2056	1924	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3563585b2577461dc3044952a4ef7e3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3563585b2577461dc3044952a4ef7e3_JaffaCakes118.dll,#1
  2⤵
  PID:2056

memory/2056-0-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2056-1-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2056-2-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2056-3-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2056-4-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download