888e73ee4095509a1dbd713ebc2668c1aa5f6c50560fe01dfb0872119fb29967

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 01:05

Target

019943e6e991221151919ba9ef14382a_JaffaCakes118.dll
Size

45KB
MD5

019943e6e991221151919ba9ef14382a
SHA1

0dacd2a77e11d7cfda3b1f35f3e84d1800e9a837
SHA256

888e73ee4095509a1dbd713ebc2668c1aa5f6c50560fe01dfb0872119fb29967
SHA512

ef2760d220c201cccacd1b3c31f922a3ec092a2b08079a43bf99663a9a8336c4d53528e40579fa15a7a4b2e5605913f13a047417c4f0a2db7846fde946fa74c9
SSDEEP

768:jOGqkF7aVsz9GczcFb4p2MeuVdWs3hCUQIzLOk//xDwtwoqYcDh0Lvy1cccccp:6GqO7aVsZiI3LVF3FOkxDwtwoTt7b

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 3060	3016	rundll32.exe	28
PID 3016 wrote to memory of 3060	3016	rundll32.exe	28
PID 3016 wrote to memory of 3060	3016	rundll32.exe	28
PID 3016 wrote to memory of 3060	3016	rundll32.exe	28
PID 3016 wrote to memory of 3060	3016	rundll32.exe	28
PID 3016 wrote to memory of 3060	3016	rundll32.exe	28
PID 3016 wrote to memory of 3060	3016	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\019943e6e991221151919ba9ef14382a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\019943e6e991221151919ba9ef14382a_JaffaCakes118.dll,#1
  2⤵
  PID:3060

memory/3060-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download