dcb32e7b7bfb4f9c48d0662cfe8b2b6e45175f5eb21483ef041f8140d18ae877

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
17-04-2024 02:51

Target

f4e0b984b65f1c9bcc555897732fc527_JaffaCakes118.dll
Size

179KB
MD5

f4e0b984b65f1c9bcc555897732fc527
SHA1

c3a066f885b1584cb3ab3167ef990d8b6a36fc3b
SHA256

dcb32e7b7bfb4f9c48d0662cfe8b2b6e45175f5eb21483ef041f8140d18ae877
SHA512

098dec8e6603d3b627ed3df62ddeaa34d4edbec9bb728e56475151192af4fd3f29b8111139919c7dd31dc7b1b6f68bc0f86be6dbca06546f61d7de98d40a57ef
SSDEEP

3072:4gc+CQ2bpfK81zP/WfSOGAbrzHJzj4Yph24d2kky1iZmSBGafogriC9BDMqqDLyK:4/+CQ2bpfp1r/WfSOGAbrzHJzj4Yph2g

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f4e0b984b65f1c9bcc555897732fc527_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f4e0b984b65f1c9bcc555897732fc527_JaffaCakes118.dll,#1
  2⤵
  PID:1376

memory/1376-1-0x0000000010000000-0x000000001003A000-memory.dmp

Filesize
232KB

Download
memory/1376-0-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/1376-5-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/1376-6-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download