6559250a08f44c126b112ebc96433b63bd9a376c7102547c5021d894e9ac670c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 18:51

Target

08d1ca14336a5380bd9052ac775e2528_JaffaCakes118.dll
Size

42KB
MD5

08d1ca14336a5380bd9052ac775e2528
SHA1

61b101328d5663eacfef38af891815c66fb17ab7
SHA256

6559250a08f44c126b112ebc96433b63bd9a376c7102547c5021d894e9ac670c
SHA512

32c00f08f89788ca46c147ae3ff16bf8ecf2c62c50155f4fc3e49dd9ced86de6672b1ac7d940d0d9744a98808096f4b491fa0c0cd53bd2d86ef8b4047ea387d8
SSDEEP

768:ZELtNV5BGJwUabHQpUFjeQFLj32k1/+SJOydXm1o9Iv:Z4tNgCUFo6u33V1/+6h2o2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28
PID 3028 wrote to memory of 1376	3028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08d1ca14336a5380bd9052ac775e2528_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\08d1ca14336a5380bd9052ac775e2528_JaffaCakes118.dll,#1
  2⤵
  PID:1376

memory/1376-1-0x0000000000280000-0x0000000000356000-memory.dmp

Filesize
856KB

Download
memory/1376-0-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download