7f88e0a1afda9d50298abfea6ded75f1359e10bd4a35bf6764d6d0a97065cdbe

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 21:27

Target

4d17be1a72d95317461d6e72f7f588e8_JaffaCakes118.dll
Size

164KB
MD5

4d17be1a72d95317461d6e72f7f588e8
SHA1

3e9848465ea62f76a8af62eea952d6c5e8bb751c
SHA256

7f88e0a1afda9d50298abfea6ded75f1359e10bd4a35bf6764d6d0a97065cdbe
SHA512

acf9fb5f6f6e6e63cc30ed2b4ea34d200126053a54d5c5a83b44fe8821dc999cfb4f0613f34c92b7438ed3713b332909a3860017fba3e5b0913cb1aa9dae5315
SSDEEP

3072:1WhoCE3yw1oVj5DJtOicNDWEzZ/GwRlGCZ4K:1WhA3NoB5Cj5zZumXf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2108	1860	rundll32.exe	28
PID 1860 wrote to memory of 2108	1860	rundll32.exe	28
PID 1860 wrote to memory of 2108	1860	rundll32.exe	28
PID 1860 wrote to memory of 2108	1860	rundll32.exe	28
PID 1860 wrote to memory of 2108	1860	rundll32.exe	28
PID 1860 wrote to memory of 2108	1860	rundll32.exe	28
PID 1860 wrote to memory of 2108	1860	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d17be1a72d95317461d6e72f7f588e8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d17be1a72d95317461d6e72f7f588e8_JaffaCakes118.dll,#1
  2⤵
  PID:2108

memory/2108-1-0x0000000000190000-0x000000000019A000-memory.dmp

Filesize
40KB

Download
memory/2108-5-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2108-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2108-2-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2108-6-0x0000000003570000-0x000000000360F000-memory.dmp

Filesize
636KB

Download
memory/2108-10-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/2108-9-0x0000000003A10000-0x0000000003B19000-memory.dmp

Filesize
1.0MB

Download
memory/2108-8-0x00000000007C0000-0x00000000007DF000-memory.dmp

Filesize
124KB

Download
memory/2108-7-0x0000000003610000-0x000000000373D000-memory.dmp

Filesize
1.2MB

Download
memory/2108-4-0x00000000034A0000-0x0000000003569000-memory.dmp

Filesize
804KB

Download
memory/2108-11-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/2108-13-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download