53f37d0f2845e7fa6a6754113a34bdaeee4f9e9ad7cd364c686452716056d489

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 00:23

Target

fdfe8ff817da57526caaf242e7586eae_JaffaCakes118.dll
Size

88KB
MD5

fdfe8ff817da57526caaf242e7586eae
SHA1

3ee2d5e3c6ff387dc8bc63255676d21d174f8269
SHA256

53f37d0f2845e7fa6a6754113a34bdaeee4f9e9ad7cd364c686452716056d489
SHA512

f33b6b90aaee88aba72e13900c7baf8b95fc7dd9c9a2f18517042f4f85ba5dabe2112b36af0e9d3e1ed5f1b05e7fe193e970086d31f80158c76895d82151a0cb
SSDEEP

1536:3zjFyusqeIUNZUI3QFWA6ZLGlb+doyE2sOGKx8fIxIL9+G3I+jbRg8SJC:jcdNZfQFWFZalbadrIII9+G4sIC

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

rundll32mgr.exe

pid process

2264 rundll32mgr.exe

pid	process
2264	rundll32mgr.exe

Loads dropped DLL 9 IoCs

Processes:

rundll32.exeWerFault.exe

Drops file in System32 directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe
Drops file in Windows directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File opened for modification C:\Windows\win.ini rundll32.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2952 2264 WerFault.exe rundll32mgr.exe

description	ioc	process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

description	ioc	process
File opened for modification	C:\Windows\win.ini	rundll32.exe

pid	pid_target	process	target process
2952	2264	WerFault.exe	rundll32mgr.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

rundll32.exerundll32.exerundll32mgr.exe

description	pid	process	target process
PID 2188 wrote to memory of 1620	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 1620	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 1620	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 1620	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 1620	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 1620	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 1620	2188	rundll32.exe	rundll32.exe
PID 1620 wrote to memory of 2264	1620	rundll32.exe	rundll32mgr.exe
PID 1620 wrote to memory of 2264	1620	rundll32.exe	rundll32mgr.exe
PID 1620 wrote to memory of 2264	1620	rundll32.exe	rundll32mgr.exe
PID 1620 wrote to memory of 2264	1620	rundll32.exe	rundll32mgr.exe
PID 2264 wrote to memory of 2952	2264	rundll32mgr.exe	WerFault.exe
PID 2264 wrote to memory of 2952	2264	rundll32mgr.exe	WerFault.exe
PID 2264 wrote to memory of 2952	2264	rundll32mgr.exe	WerFault.exe
PID 2264 wrote to memory of 2952	2264	rundll32mgr.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fdfe8ff817da57526caaf242e7586eae_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188

\Windows\SysWOW64\rundll32mgr.exe
Filesize
60KB

MD5
94f2f6ffbba8e7644668b51b39983916

SHA1
63357bbdf90101969117983dbc0d4ed0e713c4d7

SHA256
ede7603855cb37082c241c720a6650988c684eb3bcb263e5dd7b457458940fed

SHA512
d04430ceac70c6fa71d07d9ee82ac2bb5e6c0641d5c9e7e5a3ed39d342e8b198f367676516a55f0653e0b88635a027b9ad220e223145b8be8df281bb6faf7156

Download Submit
memory/1620-2-0x0000000010000000-0x000000001001B000-memory.dmp

Filesize
108KB

Download