daf1cfe5e70048763b12af391b632ee8799afa7a1311f589486e77d9bd5c98c5

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
23/06/2024, 23:42

Target

04792c18ca8848aa64d3508e2b7f8791_JaffaCakes118.dll
Size

60KB
MD5

04792c18ca8848aa64d3508e2b7f8791
SHA1

29b78e81b4e2c35f88fc73bc523aad4fb4bb0819
SHA256

daf1cfe5e70048763b12af391b632ee8799afa7a1311f589486e77d9bd5c98c5
SHA512

ac04d2dc0e8bb90fbd4ec67ecb901e6eb6a2a06c2d8b6a4be9eb91db5ebe7c7a8080e2feaaa567aa6cb098e5d9ab9d85a72845e4e52ff28b537c394782b3d436
SSDEEP

1536:tLUmv/PLVqF/WiSq36uSHa/tDeJKbiSq36uSHaS:SmPLVqFePqqu4a/JeJKbPqqu4aS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2928	2416	rundll32.exe	28
PID 2416 wrote to memory of 2928	2416	rundll32.exe	28
PID 2416 wrote to memory of 2928	2416	rundll32.exe	28
PID 2416 wrote to memory of 2928	2416	rundll32.exe	28
PID 2416 wrote to memory of 2928	2416	rundll32.exe	28
PID 2416 wrote to memory of 2928	2416	rundll32.exe	28
PID 2416 wrote to memory of 2928	2416	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04792c18ca8848aa64d3508e2b7f8791_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04792c18ca8848aa64d3508e2b7f8791_JaffaCakes118.dll,#1
  2⤵
  PID:2928

memory/2928-3-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2928-2-0x000000001000A000-0x000000001000B000-memory.dmp

Filesize
4KB

Download
memory/2928-1-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2928-0-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download