1e1589de70ea7ebad976aa1c1ebdb32e0695ee268aa5f7f8ac834ed3960a4803

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 19:06

Target

6bf8720c0741f11219f38e747392b73e_JaffaCakes118.dll
Size

164KB
MD5

6bf8720c0741f11219f38e747392b73e
SHA1

73030215c499f6908f418266bc1c522fdc2462df
SHA256

1e1589de70ea7ebad976aa1c1ebdb32e0695ee268aa5f7f8ac834ed3960a4803
SHA512

b90e78c1e011ac347b9fd86e6415312a242854f84a1a0956c513333819a6bba773e5ec74afaeaf374c05410a88bb54d22f48c1de7682e21a9bd961387c62379e
SSDEEP

3072:BrX1t2U05pbJ5xhxY9doh7O79siUs/Na2ez+SKnTLBvA:BrltH05f5v2i7O93Nde7cT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bf8720c0741f11219f38e747392b73e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bf8720c0741f11219f38e747392b73e_JaffaCakes118.dll,#1
  2⤵
  PID:1712

memory/1712-0-0x0000000000140000-0x000000000014A000-memory.dmp

Filesize
40KB

Download
memory/1712-4-0x0000000000700000-0x000000000071F000-memory.dmp

Filesize
124KB

Download
memory/1712-10-0x00000000006D0000-0x00000000006D6000-memory.dmp

Filesize
24KB

Download
memory/1712-9-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/1712-8-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1712-7-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/1712-5-0x0000000003710000-0x0000000003819000-memory.dmp

Filesize
1.0MB

Download
memory/1712-3-0x0000000002F40000-0x000000000306D000-memory.dmp

Filesize
1.2MB

Download
memory/1712-2-0x00000000022D0000-0x000000000236F000-memory.dmp

Filesize
636KB

Download
memory/1712-1-0x0000000002470000-0x0000000002539000-memory.dmp

Filesize
804KB

Download