4ae069b9e0a75edb7668f411f6dfc06351a856075d9047a892eda61e5389c0f6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 15:38

Target

75f4b64d3c216304c0ca383e6114833a_JaffaCakes118.dll
Size

16KB
MD5

75f4b64d3c216304c0ca383e6114833a
SHA1

fc672b36b86d904814aaa5c4ed46541e05e8b532
SHA256

4ae069b9e0a75edb7668f411f6dfc06351a856075d9047a892eda61e5389c0f6
SHA512

e26cee61289d27e1ec3b9909649d33e0b9bbe860abd739e00d1451ed224c314b83585fd4beae313da8e569051185d52ec02002ebb168dd7b7296c06e6dbe4fce
SSDEEP

384:PXbGiCWIrRHRzDV3b/R8p941kI7vvxlLtWUK:PLPAHRzJepq37D8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2468	2264	rundll32.exe	28
PID 2264 wrote to memory of 2468	2264	rundll32.exe	28
PID 2264 wrote to memory of 2468	2264	rundll32.exe	28
PID 2264 wrote to memory of 2468	2264	rundll32.exe	28
PID 2264 wrote to memory of 2468	2264	rundll32.exe	28
PID 2264 wrote to memory of 2468	2264	rundll32.exe	28
PID 2264 wrote to memory of 2468	2264	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\75f4b64d3c216304c0ca383e6114833a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\75f4b64d3c216304c0ca383e6114833a_JaffaCakes118.dll,#1
  2⤵
  PID:2468

memory/2468-0-0x000000004A2B0000-0x000000004A2BC000-memory.dmp

Filesize
48KB

Download
memory/2468-1-0x000000004A2BA000-0x000000004A2BB000-memory.dmp

Filesize
4KB

Download