4adfba86c6bb962570cc60f18cf1712a8c31bfd12830b504143d5d1f3546f221

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 09:37

Target

2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll
Size

110KB
MD5

2440443f861970f24b7cc95747131f4b
SHA1

7cf5ee4ed44cabd1f8e05745f6aae46c72ad99c0
SHA256

4adfba86c6bb962570cc60f18cf1712a8c31bfd12830b504143d5d1f3546f221
SHA512

b03e8ef49a51a1a098d34f8bb70391b6676f62548b995e46c36661f44500ec55d53b89aa1c1f0d4f56d48cbc612f9482344ac2b16be76f6a05711ad2bd608226
SSDEEP

3072:SiBhgqalOv2jSey+5lmrUSFURu666ws66LZp9:vBGqacbel5GOo6t66LZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2488	2020	rundll32.exe	28
PID 2020 wrote to memory of 2488	2020	rundll32.exe	28
PID 2020 wrote to memory of 2488	2020	rundll32.exe	28
PID 2020 wrote to memory of 2488	2020	rundll32.exe	28
PID 2020 wrote to memory of 2488	2020	rundll32.exe	28
PID 2020 wrote to memory of 2488	2020	rundll32.exe	28
PID 2020 wrote to memory of 2488	2020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll,#1
  2⤵
  PID:2488

memory/2488-4-0x0000000000277000-0x0000000000278000-memory.dmp

Filesize
4KB

Download
memory/2488-3-0x0000000000210000-0x0000000000279000-memory.dmp

Filesize
420KB

Download
memory/2488-2-0x0000000000210000-0x0000000000279000-memory.dmp

Filesize
420KB

Download
memory/2488-1-0x0000000000210000-0x0000000000279000-memory.dmp

Filesize
420KB

Download
memory/2488-0-0x0000000000210000-0x0000000000279000-memory.dmp

Filesize
420KB

Download