3e9a702bb6f63bb6f53bde40c61b27e645b32fcfc22ba6b2bd86cb9892d85c65

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 18:25

Target

0a1e08ab193b9e219e645959baae15cc_JaffaCakes118.dll
Size

80KB
MD5

0a1e08ab193b9e219e645959baae15cc
SHA1

b55722042171151e7cc3680b086d5d97c5858ccb
SHA256

3e9a702bb6f63bb6f53bde40c61b27e645b32fcfc22ba6b2bd86cb9892d85c65
SHA512

bf375c922ef9ca9ddf667a3dbce35373db6d345901ad9ade93cfcb5afb17dd656699d26e02a77bdfa00b8c01f546d47cf3e8df81a46686e583f4f5710a25048b
SSDEEP

1536:vkLciCBVJ8BrPK/WPcIMeitBNZfQZ/uiQ0WMWMN11arJ5qjBgQGfC2b1dVC0CGj:vkL7CBVJiPK/WQTS/s0WMnN11i5q1qa6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2388	1704	rundll32.exe	28
PID 1704 wrote to memory of 2388	1704	rundll32.exe	28
PID 1704 wrote to memory of 2388	1704	rundll32.exe	28
PID 1704 wrote to memory of 2388	1704	rundll32.exe	28
PID 1704 wrote to memory of 2388	1704	rundll32.exe	28
PID 1704 wrote to memory of 2388	1704	rundll32.exe	28
PID 1704 wrote to memory of 2388	1704	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a1e08ab193b9e219e645959baae15cc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a1e08ab193b9e219e645959baae15cc_JaffaCakes118.dll,#1
  2⤵
  PID:2388

memory/2388-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/2388-1-0x0000000000160000-0x0000000000165000-memory.dmp

Filesize
20KB

Download