97c8c2c1b40e0cd6c483d2b1fefa77db089e8609bca5cb5ccec30b5ffe8d3bff

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 17:32

Target

f8727f50540919455e31c55fdf58c7c3_JaffaCakes118.dll
Size

129KB
MD5

f8727f50540919455e31c55fdf58c7c3
SHA1

54736a81b18d6ab302e528c70742586e0d2ada92
SHA256

97c8c2c1b40e0cd6c483d2b1fefa77db089e8609bca5cb5ccec30b5ffe8d3bff
SHA512

6388d3412cf976afc9a48638ccf8533a7e5e505f0fe2f1e3dc1d8765333478e5414a8f3c698fc9407c9325b6871970aef447b960d7c208f67d17f04bcb682293
SSDEEP

3072:x+ZH9gvmpJGvvQQnhR7LN62NgNb6TV9eoD3rqwwZLBBdyQsTt8TqN5WbbHQSOiOp:M6v5tYDP/fGYm4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1972	2204	rundll32.exe	28
PID 2204 wrote to memory of 1972	2204	rundll32.exe	28
PID 2204 wrote to memory of 1972	2204	rundll32.exe	28
PID 2204 wrote to memory of 1972	2204	rundll32.exe	28
PID 2204 wrote to memory of 1972	2204	rundll32.exe	28
PID 2204 wrote to memory of 1972	2204	rundll32.exe	28
PID 2204 wrote to memory of 1972	2204	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8727f50540919455e31c55fdf58c7c3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8727f50540919455e31c55fdf58c7c3_JaffaCakes118.dll,#1
  2⤵
  PID:1972

memory/1972-0-0x0000000074CB0000-0x0000000074D3D000-memory.dmp

Filesize
564KB

Download
memory/1972-1-0x0000000074CB0000-0x0000000074D3D000-memory.dmp

Filesize
564KB

Download
memory/1972-2-0x0000000074C50000-0x0000000074CA1000-memory.dmp

Filesize
324KB

Download
memory/1972-3-0x0000000074EA0000-0x0000000074EAB000-memory.dmp

Filesize
44KB

Download
memory/1972-4-0x0000000074E50000-0x0000000074E67000-memory.dmp

Filesize
92KB

Download