d4bfce6ff697ee455fea083a15073fe71eeb247010b92cec343619ae373744a5

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 14:22

Target

fa7dbbf0a872e1371f7d53ec596ecd68_JaffaCakes118.dll
Size

60KB
MD5

fa7dbbf0a872e1371f7d53ec596ecd68
SHA1

88bcef94104e9e22a717ee682a6ce8e9d619a876
SHA256

d4bfce6ff697ee455fea083a15073fe71eeb247010b92cec343619ae373744a5
SHA512

55805d847d2a8d2b9c74087985d8d07bfcd59de7570d66cba94d93c7e782caf6cfba5125bb5babc7ec791cf53a5806faa59dfce20e127d959cd3bb9bd741e7eb
SSDEEP

768:jCVLsG+ko6h5Vj7kZP/6ifqAeCedRUDFR00j+xy0LGvr5IvqRQNXMWWgJJBzxDhg:msk3kppq9CtRn0Svr5ISWNX5lDg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2372	2936	rundll32.exe	28
PID 2936 wrote to memory of 2372	2936	rundll32.exe	28
PID 2936 wrote to memory of 2372	2936	rundll32.exe	28
PID 2936 wrote to memory of 2372	2936	rundll32.exe	28
PID 2936 wrote to memory of 2372	2936	rundll32.exe	28
PID 2936 wrote to memory of 2372	2936	rundll32.exe	28
PID 2936 wrote to memory of 2372	2936	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa7dbbf0a872e1371f7d53ec596ecd68_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa7dbbf0a872e1371f7d53ec596ecd68_JaffaCakes118.dll,#1
  2⤵
  PID:2372

memory/2372-0-0x0000000010000000-0x0000000010067000-memory.dmp

Filesize
412KB

Download
memory/2372-1-0x0000000010000000-0x0000000010067000-memory.dmp

Filesize
412KB

Download