e92524cd84e24ecb5f824dbf7e98f1e23cf535fa506cb16491d82f8b60c98733

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 15:37

Target

ff9ba63965fb7c08e975d6a667cdd238_JaffaCakes118.dll
Size

48KB
MD5

ff9ba63965fb7c08e975d6a667cdd238
SHA1

63772a6a1222acb009ee374c2c714fa140e2d13e
SHA256

e92524cd84e24ecb5f824dbf7e98f1e23cf535fa506cb16491d82f8b60c98733
SHA512

50d9292f0e455d8d46d5dc7719fcb1c7a66d5052618b833d980015ac453c389c07faf76af3c68dba5acd91333c273f68bfeaab95a20d432b083d2eb28e330b1c
SSDEEP

768:Rlwh5VrLSIpRnXMgulxqKccisUl6UujRYUCjbPMe/C6aggpZImwITc1UJ9qalbrR:USIp1XMDlxnccis/pYUQMeeg6JLg6J9T

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1892	rundll32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 1892	2312	rundll32.exe	28
PID 2312 wrote to memory of 1892	2312	rundll32.exe	28
PID 2312 wrote to memory of 1892	2312	rundll32.exe	28
PID 2312 wrote to memory of 1892	2312	rundll32.exe	28
PID 2312 wrote to memory of 1892	2312	rundll32.exe	28
PID 2312 wrote to memory of 1892	2312	rundll32.exe	28
PID 2312 wrote to memory of 1892	2312	rundll32.exe	28
PID 1892 wrote to memory of 1412	1892	rundll32.exe	21

memory/1412-2-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/1892-0-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1892-1-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download