7e32f840a2517ec58b26eead64d4c0ccf4e2baa4eafb567c154eb79946e56a8f

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
16-06-2024 19:46

Target

b4e3972bb8d4603c813baa1a2b9bf8d6_JaffaCakes118.dll
Size

5.0MB
MD5

b4e3972bb8d4603c813baa1a2b9bf8d6
SHA1

e23d14c0779f3d4aef49e1b102acb33d33093c12
SHA256

7e32f840a2517ec58b26eead64d4c0ccf4e2baa4eafb567c154eb79946e56a8f
SHA512

787e1cbc684a15cac118d0222340be92a8dcad3f3ba12b4ab3596ba8b1c00010911aaf52c2f5c73319ca02e4c967660abab0ac124f0c36d93ac008b99159bcca
SSDEEP

98304:MDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2e3:MDqPe1Cxcxk3ZAEUadzR8yc4e

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

mssecsvc.exe

pid process

3000 mssecsvc.exe
Drops file in Windows directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\WINDOWS\mssecsvc.exe rundll32.exe

pid	process
3000	mssecsvc.exe

description	ioc	process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1212 wrote to memory of 1904	1212	rundll32.exe	rundll32.exe
PID 1212 wrote to memory of 1904	1212	rundll32.exe	rundll32.exe
PID 1212 wrote to memory of 1904	1212	rundll32.exe	rundll32.exe
PID 1212 wrote to memory of 1904	1212	rundll32.exe	rundll32.exe
PID 1212 wrote to memory of 1904	1212	rundll32.exe	rundll32.exe
PID 1212 wrote to memory of 1904	1212	rundll32.exe	rundll32.exe
PID 1212 wrote to memory of 1904	1212	rundll32.exe	rundll32.exe
PID 1904 wrote to memory of 3000	1904	rundll32.exe	mssecsvc.exe
PID 1904 wrote to memory of 3000	1904	rundll32.exe	mssecsvc.exe
PID 1904 wrote to memory of 3000	1904	rundll32.exe	mssecsvc.exe
PID 1904 wrote to memory of 3000	1904	rundll32.exe	mssecsvc.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4e3972bb8d4603c813baa1a2b9bf8d6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1212

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe
3⤵
- Executes dropped EXE
PID:3000

C:\Windows\mssecsvc.exe

Filesize
3.6MB

MD5
caddc87ba6d7e3a16de826d3a7eb5592

SHA1
7cb3f3e51fc23a8f3b35dc1dc2264db2e406a064

SHA256
c1acf0b1fe6fc613a49a6a3ce483ee9116ba481ed2005685f85da71459bcbdc2

SHA512
81258b4828cabf8c00de511f64addbbf022d1d7083add158937053305c042f2ef02beb318f06fdd1500ea0b16891427eacae2edac732528f85601415d72d76be

Download Submit