d059aa3256671f00f255d11fbba5225c40d6f50ec42e433cd49db1724483f70b

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 17:30

Target

8b3414ac059606a111a1e5a63aad7346_JaffaCakes118.dll
Size

164KB
MD5

8b3414ac059606a111a1e5a63aad7346
SHA1

2e9e72fc4266fb2277c18b1164ed15ba1d8babe6
SHA256

d059aa3256671f00f255d11fbba5225c40d6f50ec42e433cd49db1724483f70b
SHA512

6978e151ab8c5372ef71a38fee294c93a0893ff6f48d3a14fa6686217a9df02deab3aed60583d1947443a1df1261b0f3dc7f26ecf2c8200a4fc395e1c12af70a
SSDEEP

3072:v0XoUeZ/DVS8L73ea4MoCLfqQvFf5pbslEPF:veoUeZR2TRCWQFf5pbK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2944	2924	rundll32.exe	28
PID 2924 wrote to memory of 2944	2924	rundll32.exe	28
PID 2924 wrote to memory of 2944	2924	rundll32.exe	28
PID 2924 wrote to memory of 2944	2924	rundll32.exe	28
PID 2924 wrote to memory of 2944	2924	rundll32.exe	28
PID 2924 wrote to memory of 2944	2924	rundll32.exe	28
PID 2924 wrote to memory of 2944	2924	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8b3414ac059606a111a1e5a63aad7346_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8b3414ac059606a111a1e5a63aad7346_JaffaCakes118.dll,#1
  2⤵
  PID:2944

memory/2944-0-0x00000000000C0000-0x00000000000CA000-memory.dmp

Filesize
40KB

Download
memory/2944-1-0x00000000000C0000-0x00000000000CA000-memory.dmp

Filesize
40KB

Download
memory/2944-2-0x0000000002CF0000-0x0000000002DB9000-memory.dmp

Filesize
804KB

Download
memory/2944-6-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2944-9-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2944-10-0x0000000003930000-0x0000000003A39000-memory.dmp

Filesize
1.0MB

Download
memory/2944-8-0x0000000000830000-0x000000000084F000-memory.dmp

Filesize
124KB

Download
memory/2944-7-0x0000000002E60000-0x0000000002F8D000-memory.dmp

Filesize
1.2MB

Download
memory/2944-5-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2944-4-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2944-3-0x0000000002DC0000-0x0000000002E5F000-memory.dmp

Filesize
636KB

Download