827ab7b6f1e2888ad9a1b9f9665bb099cd7a4a06dedc23c7e05c2d4b2e360103

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-04-2024 04:44

Target

f50fa3b176ac4a269ca3b28ae24d09a2_JaffaCakes118.dll
Size

264KB
MD5

f50fa3b176ac4a269ca3b28ae24d09a2
SHA1

6d8c81bc7477910d104f155f670f14890d90dbf5
SHA256

827ab7b6f1e2888ad9a1b9f9665bb099cd7a4a06dedc23c7e05c2d4b2e360103
SHA512

e3949e490b12273c9413d5f977942d96e2b61bf98ad6af78d7edb03c63bc9f96e65f27ee3a4c021496e55bed873a9e31cf1e1f16c0797a000ac0c7cff76b7c19
SSDEEP

6144:Umfg2QbroZXmRUPK/wwzUyHwHlDi/2dTlpAa5oTHzPrQz5lusdLqwlSyVZMb:rfg24j/bzUyHwHgITlp55oTHzPravusO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2940	2812	rundll32.exe	28
PID 2812 wrote to memory of 2940	2812	rundll32.exe	28
PID 2812 wrote to memory of 2940	2812	rundll32.exe	28
PID 2812 wrote to memory of 2940	2812	rundll32.exe	28
PID 2812 wrote to memory of 2940	2812	rundll32.exe	28
PID 2812 wrote to memory of 2940	2812	rundll32.exe	28
PID 2812 wrote to memory of 2940	2812	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f50fa3b176ac4a269ca3b28ae24d09a2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f50fa3b176ac4a269ca3b28ae24d09a2_JaffaCakes118.dll,#1
  2⤵
  PID:2940

memory/2940-4-0x00000000003A0000-0x0000000000460000-memory.dmp

Filesize
768KB

Download
memory/2940-6-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2940-5-0x0000000000190000-0x00000000001CE000-memory.dmp

Filesize
248KB

Download
memory/2940-3-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2940-2-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2940-1-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2940-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download