c18b941403470690c817d189e65d27ac4f7cf73935c560785551b9df97f01056

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 14:39

Target

fcfcdb3d6c935af5f95a07d9a7dc7f49_JaffaCakes118.dll
Size

122KB
MD5

fcfcdb3d6c935af5f95a07d9a7dc7f49
SHA1

66be2b766007fc887c4f886cd800e510f65e5db0
SHA256

c18b941403470690c817d189e65d27ac4f7cf73935c560785551b9df97f01056
SHA512

fa8f5aa7653b96987e9bc3271368a3f74761c8e0bdc6baeaf5abd35b43aa88c766b02c5d96ddd275cfe047dd4d341fc2772a0f6d0ab6d19e4c7c453717bfd745
SSDEEP

3072:inbJpEypKc+JjCc3Jcy006iSmmG/6icKdYlO1:4bJpd6GcOrmmi9cKd2O1

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ernel32.dll	rundll32.exe
File created	C:\Windows\SysWOW64\ernel32.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2376	1976	rundll32.exe	28
PID 1976 wrote to memory of 2376	1976	rundll32.exe	28
PID 1976 wrote to memory of 2376	1976	rundll32.exe	28
PID 1976 wrote to memory of 2376	1976	rundll32.exe	28
PID 1976 wrote to memory of 2376	1976	rundll32.exe	28
PID 1976 wrote to memory of 2376	1976	rundll32.exe	28
PID 1976 wrote to memory of 2376	1976	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fcfcdb3d6c935af5f95a07d9a7dc7f49_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fcfcdb3d6c935af5f95a07d9a7dc7f49_JaffaCakes118.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2376

memory/2376-0-0x0000000000150000-0x0000000000172000-memory.dmp

Filesize
136KB

Download
memory/2376-1-0x0000000000150000-0x0000000000172000-memory.dmp

Filesize
136KB

Download
memory/2376-3-0x0000000000150000-0x0000000000172000-memory.dmp

Filesize
136KB

Download