2a28f11ca820bd0bde24d41cb5307c8f2fa70174536ac13a99923ba70015b36f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 22:33

Target

3cd7e62bc197926278810ea5f6adff19_JaffaCakes118.dll
Size

166KB
MD5

3cd7e62bc197926278810ea5f6adff19
SHA1

ad18b4f27039aa3b3ca59b7b6d8ea5cb309d78a7
SHA256

2a28f11ca820bd0bde24d41cb5307c8f2fa70174536ac13a99923ba70015b36f
SHA512

214852706e4bb89464a92625e3594b19afe4c99157d1706493e4114ac5510a64d3af7ff88f09273c67ad3d20f1ead61e8740acc4147432c64755e9eccbac7c71
SSDEEP

3072:JLFrb30BRtBZZg+i2ayyYOCWGPyLydrkxMT3Q44CTrZmDa:NJ0BXScFyfC3Hd4ygmoD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 3028	1724	rundll32.exe	28
PID 1724 wrote to memory of 3028	1724	rundll32.exe	28
PID 1724 wrote to memory of 3028	1724	rundll32.exe	28
PID 1724 wrote to memory of 3028	1724	rundll32.exe	28
PID 1724 wrote to memory of 3028	1724	rundll32.exe	28
PID 1724 wrote to memory of 3028	1724	rundll32.exe	28
PID 1724 wrote to memory of 3028	1724	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cd7e62bc197926278810ea5f6adff19_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cd7e62bc197926278810ea5f6adff19_JaffaCakes118.dll,#1
  2⤵
  PID:3028

memory/3028-0-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/3028-5-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3028-6-0x0000000003380000-0x00000000034AD000-memory.dmp

Filesize
1.2MB

Download
memory/3028-8-0x0000000003B10000-0x0000000003C19000-memory.dmp

Filesize
1.0MB

Download
memory/3028-13-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/3028-10-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/3028-9-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/3028-3-0x0000000002120000-0x00000000021BF000-memory.dmp

Filesize
636KB

Download
memory/3028-7-0x0000000000A20000-0x0000000000A3F000-memory.dmp

Filesize
124KB

Download
memory/3028-2-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/3028-1-0x0000000002D40000-0x0000000002E09000-memory.dmp

Filesize
804KB

Download
memory/3028-4-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download