989e73501bc5139d00fdbecaf9acc78f438e27930ed852e001ff5e86fdca5127

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 09:06

Target

079c9810a04b90f46b32598d4a453f38_JaffaCakes118.dll
Size

131KB
MD5

079c9810a04b90f46b32598d4a453f38
SHA1

c2846345ba4b833b39e53c57cb10b37a331302f7
SHA256

989e73501bc5139d00fdbecaf9acc78f438e27930ed852e001ff5e86fdca5127
SHA512

6d2891e2c56cc715248309e919f9a8f703a9f1ba69642c4ceb9252dfff5192148c91b04e8d15e2e4eba2475b29a29ecefd1cb13232442e6f997e98649055f7a7
SSDEEP

1536:9NEFUaLBF/H8lM8QWcOL4jXISmaE/3xz1Vkbe7CT/uLS:Izj/cK0cRBmaC8e2Lf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2664	2080	rundll32.exe	28
PID 2080 wrote to memory of 2664	2080	rundll32.exe	28
PID 2080 wrote to memory of 2664	2080	rundll32.exe	28
PID 2080 wrote to memory of 2664	2080	rundll32.exe	28
PID 2080 wrote to memory of 2664	2080	rundll32.exe	28
PID 2080 wrote to memory of 2664	2080	rundll32.exe	28
PID 2080 wrote to memory of 2664	2080	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\079c9810a04b90f46b32598d4a453f38_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\079c9810a04b90f46b32598d4a453f38_JaffaCakes118.dll,#1
  2⤵
  PID:2664

memory/2664-2-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2664-1-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2664-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2664-3-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download