fae86ff0e3ccfd18b42cb2f1007e4e85377144efc2bd257068b0a2e50d4e692d

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 12:46 UTC

Target

418b342b48e4c63e1c2b2e5ba7a7054a_JaffaCakes118.dll
Size

35KB
MD5

418b342b48e4c63e1c2b2e5ba7a7054a
SHA1

750f784ce5acf2d953caa2de449a52ffa67b5cb2
SHA256

fae86ff0e3ccfd18b42cb2f1007e4e85377144efc2bd257068b0a2e50d4e692d
SHA512

5ed01463298294a3be169b96193e0472598c02f8c9bee2f5aafa83545da09236a8cdb1533808a58a416ca2d77b22a6ea2ed6a7024343514731c4aeb22beca3a6
SSDEEP

768:sN2kO1VdW+prtnZbbEsEdYHpx8m7DmCCqq:S2k4XW+ttnZbEddY78RFqq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1660	2232	rundll32.exe	28
PID 2232 wrote to memory of 1660	2232	rundll32.exe	28
PID 2232 wrote to memory of 1660	2232	rundll32.exe	28
PID 2232 wrote to memory of 1660	2232	rundll32.exe	28
PID 2232 wrote to memory of 1660	2232	rundll32.exe	28
PID 2232 wrote to memory of 1660	2232	rundll32.exe	28
PID 2232 wrote to memory of 1660	2232	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\418b342b48e4c63e1c2b2e5ba7a7054a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\418b342b48e4c63e1c2b2e5ba7a7054a_JaffaCakes118.dll,#1
  2⤵
  PID:1660

memory/1660-1-0x0000000045402000-0x0000000045403000-memory.dmp

Filesize
4KB

Download
memory/1660-0-0x00000000453F0000-0x0000000045406000-memory.dmp

Filesize
88KB

Download