1c32da0dee5624d5cbc755a0cdb1257bf43f07c61fb03e8f59ef94ed2cb58869

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 13:06

Target

12ddb6465a43fbeecea2d2989f2caae8_JaffaCakes118.dll
Size

164KB
MD5

12ddb6465a43fbeecea2d2989f2caae8
SHA1

75ffba09e29e8f7481eb0844b601d7c9297aa855
SHA256

1c32da0dee5624d5cbc755a0cdb1257bf43f07c61fb03e8f59ef94ed2cb58869
SHA512

dbad58b9f12dcf81f7aad638005ded45768e943ef54165e81b9f2a70653e0d91d376c8374850c5c73ba0362950b4dba6b204bc36c9cfdca4d262584bda4c8019
SSDEEP

3072:v0XoUeZ/DVS8L73ea4MoCLfqQvFfIrgPxOsEpa1UhH:veoUeZR2TRCWQFfPEae

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2348	1612	rundll32.exe	28
PID 1612 wrote to memory of 2348	1612	rundll32.exe	28
PID 1612 wrote to memory of 2348	1612	rundll32.exe	28
PID 1612 wrote to memory of 2348	1612	rundll32.exe	28
PID 1612 wrote to memory of 2348	1612	rundll32.exe	28
PID 1612 wrote to memory of 2348	1612	rundll32.exe	28
PID 1612 wrote to memory of 2348	1612	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12ddb6465a43fbeecea2d2989f2caae8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12ddb6465a43fbeecea2d2989f2caae8_JaffaCakes118.dll,#1
  2⤵
  PID:2348

memory/2348-0-0x0000000000120000-0x000000000012A000-memory.dmp

Filesize
40KB

Download
memory/2348-1-0x0000000002250000-0x0000000002319000-memory.dmp

Filesize
804KB

Download
memory/2348-10-0x0000000000160000-0x0000000000166000-memory.dmp

Filesize
24KB

Download
memory/2348-9-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2348-8-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2348-7-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2348-5-0x0000000003470000-0x0000000003579000-memory.dmp

Filesize
1.0MB

Download
memory/2348-4-0x0000000000270000-0x000000000028F000-memory.dmp

Filesize
124KB

Download
memory/2348-3-0x0000000002D40000-0x0000000002E6D000-memory.dmp

Filesize
1.2MB

Download
memory/2348-2-0x0000000002CA0000-0x0000000002D3F000-memory.dmp

Filesize
636KB

Download