997002d2e69d8b491d6bc9d9617add41fa8997b9add6f9b762f67972575ac616

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 21:29

Target

432762b33257f4141a6bba741df12acc_JaffaCakes118.dll
Size

166KB
MD5

432762b33257f4141a6bba741df12acc
SHA1

fad7158d984be89c9c02837ebee741605f878e83
SHA256

997002d2e69d8b491d6bc9d9617add41fa8997b9add6f9b762f67972575ac616
SHA512

8cf350107bb8e1a8c6e6bc58b84b8d1c3762104f019880a42cb57a32376a5e892d332acce171aa6fe0815ff53c952dd997eeaa42c151ae2d2cb0556f9e97630a
SSDEEP

3072:MJMawtnGqtWoKeZ9fh1CgnNto6jfyKON3+yugCr:Ww9vteqJggn7oUfeugq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1240	1704	rundll32.exe	28
PID 1704 wrote to memory of 1240	1704	rundll32.exe	28
PID 1704 wrote to memory of 1240	1704	rundll32.exe	28
PID 1704 wrote to memory of 1240	1704	rundll32.exe	28
PID 1704 wrote to memory of 1240	1704	rundll32.exe	28
PID 1704 wrote to memory of 1240	1704	rundll32.exe	28
PID 1704 wrote to memory of 1240	1704	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\432762b33257f4141a6bba741df12acc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\432762b33257f4141a6bba741df12acc_JaffaCakes118.dll,#1
  2⤵
  PID:1240

memory/1240-0-0x0000000000180000-0x000000000018A000-memory.dmp

Filesize
40KB

Download
memory/1240-1-0x0000000000180000-0x000000000018A000-memory.dmp

Filesize
40KB

Download
memory/1240-5-0x0000000003550000-0x0000000003619000-memory.dmp

Filesize
804KB

Download
memory/1240-4-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1240-11-0x0000000000210000-0x0000000000216000-memory.dmp

Filesize
24KB

Download
memory/1240-10-0x0000000000210000-0x0000000000216000-memory.dmp

Filesize
24KB

Download
memory/1240-9-0x0000000003AD0000-0x0000000003BD9000-memory.dmp

Filesize
1.0MB

Download
memory/1240-8-0x00000000003D0000-0x00000000003EF000-memory.dmp

Filesize
124KB

Download
memory/1240-13-0x0000000000210000-0x0000000000216000-memory.dmp

Filesize
24KB

Download
memory/1240-7-0x00000000036C0000-0x00000000037ED000-memory.dmp

Filesize
1.2MB

Download
memory/1240-6-0x0000000003620000-0x00000000036BF000-memory.dmp

Filesize
636KB

Download
memory/1240-3-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1240-2-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download