84e34db91e989a0be192307d16afc760952feb0ba7e557308d55b95b48c42a50

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 05:12

Target

03187051ca852fd26c7e1dc7dcf51a2c_JaffaCakes118.dll
Size

2.1MB
MD5

03187051ca852fd26c7e1dc7dcf51a2c
SHA1

cb04a12d8420b2233986e4a66493eaeba9712e9f
SHA256

84e34db91e989a0be192307d16afc760952feb0ba7e557308d55b95b48c42a50
SHA512

451552055da41b146a551e5471282490b7efa5858de0e909ceaf517311d564f7c8002862522aa453e088a422bc05f6353908e03c986caec83f566d55a7300187
SSDEEP

49152:v7uxKILLEZVk6y3tQu2XG8ZoI9Z9rqyIn:vOYZ26y3SWGoqZ92y0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 2364	1444	rundll32.exe	28
PID 1444 wrote to memory of 2364	1444	rundll32.exe	28
PID 1444 wrote to memory of 2364	1444	rundll32.exe	28
PID 1444 wrote to memory of 2364	1444	rundll32.exe	28
PID 1444 wrote to memory of 2364	1444	rundll32.exe	28
PID 1444 wrote to memory of 2364	1444	rundll32.exe	28
PID 1444 wrote to memory of 2364	1444	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03187051ca852fd26c7e1dc7dcf51a2c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\03187051ca852fd26c7e1dc7dcf51a2c_JaffaCakes118.dll,#1
  2⤵
  PID:2364

memory/2364-0-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download