e2e8517ba9a6f4be514a9be14898f32e6a4d4f0e499ba4ab24bc5c9506acb5ee

Analysis

max time kernel
1s
max time network
0s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 14:57

Target

ff8a8f32fb35b3fd3e3003f2b11c2f17_JaffaCakes118.dll
Size

76KB
MD5

ff8a8f32fb35b3fd3e3003f2b11c2f17
SHA1

a102cbf79be666fe3000fabaa3f8dc328806889d
SHA256

e2e8517ba9a6f4be514a9be14898f32e6a4d4f0e499ba4ab24bc5c9506acb5ee
SHA512

8443fbd7e7ad6a30bcd7e2b1820179c7c9a07c798ba4f40ff070a8d07b0db6d4bbff1e93a176a7810a3d6680fca7e398d4180a88f9e03444688225952af36806
SSDEEP

1536:PYMfrvhMc/Jawx7m82rPhunGppXndULauakmUiAxO:PYMf7ht/Jawx7h2r8E9dyauVZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2260	1956	rundll32.exe	28
PID 1956 wrote to memory of 2260	1956	rundll32.exe	28
PID 1956 wrote to memory of 2260	1956	rundll32.exe	28
PID 1956 wrote to memory of 2260	1956	rundll32.exe	28
PID 1956 wrote to memory of 2260	1956	rundll32.exe	28
PID 1956 wrote to memory of 2260	1956	rundll32.exe	28
PID 1956 wrote to memory of 2260	1956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff8a8f32fb35b3fd3e3003f2b11c2f17_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff8a8f32fb35b3fd3e3003f2b11c2f17_JaffaCakes118.dll,#1
  2⤵
  PID:2260

memory/2260-0-0x0000000000100000-0x000000000010B000-memory.dmp

Filesize
44KB

Download
memory/2260-1-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download