27a170710d8c2f86e42ac0ad63bbc97c8972825dd3b718241c6df4e05782cdb5

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 22:51

Target

0fd2088998cd5b2b75e1df5a622e47f9_JaffaCakes118.dll
Size

2.8MB
MD5

0fd2088998cd5b2b75e1df5a622e47f9
SHA1

2d438cf7e99e85f51477db041c243f07136b2214
SHA256

27a170710d8c2f86e42ac0ad63bbc97c8972825dd3b718241c6df4e05782cdb5
SHA512

01685f888c364650ac98a0aab2961556f7b03f8b641e71e57f084c3293d13e791872a41aab504cbe5c346aa9bcc65310640d6b78baa1d038f08fd18c16bfbf3a
SSDEEP

3072:fV8z8CO+9hsVrwVhPrrqSK3DGRmauhEu7szCvQAZwtNsu7AxSJbRlLZlQCcfvGmN:fS44sOZq13DauhJMCvLZSNsu8xEHLfm

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2292	rundll32.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\jmripapi32.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\jmripapi32.dll	rundll32.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2292	2656	rundll32.exe	28
PID 2656 wrote to memory of 2292	2656	rundll32.exe	28
PID 2656 wrote to memory of 2292	2656	rundll32.exe	28
PID 2656 wrote to memory of 2292	2656	rundll32.exe	28
PID 2656 wrote to memory of 2292	2656	rundll32.exe	28
PID 2656 wrote to memory of 2292	2656	rundll32.exe	28
PID 2656 wrote to memory of 2292	2656	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fd2088998cd5b2b75e1df5a622e47f9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fd2088998cd5b2b75e1df5a622e47f9_JaffaCakes118.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  PID:2292

\Windows\SysWOW64\jmripapi32.dll

Filesize
3.9MB

MD5
11290275b217e634296165796860a919

SHA1
65660ca9809bbe47eb73249abb648eaf54d06e9a

SHA256
5a9f6c0d207072bc4e3c3499b35e2c3ce4cfcecc9c3f0ed0a8b8c82a2ccd2ce9

SHA512
c246490b66fe9d5ae277dcf333f599d5c03b0e82b339bce3c39700546f1b9336bab49df55f75a0d6ac6afa99052908ab278bbafcdcf69d21e21c707f53e9bc56

Download Submit
memory/2292-0-0x0000000000180000-0x00000000001BE000-memory.dmp

Filesize
248KB

Download
memory/2292-2-0x0000000000210000-0x0000000000268000-memory.dmp

Filesize
352KB

Download
memory/2292-8-0x00000000000C0000-0x00000000000C7000-memory.dmp

Filesize
28KB

Download
memory/2292-19-0x00000000002C0000-0x00000000002FE000-memory.dmp

Filesize
248KB

Download
memory/2292-28-0x00000000001C0000-0x00000000001C7000-memory.dmp

Filesize
28KB

Download
memory/2292-22-0x0000000000340000-0x0000000000398000-memory.dmp

Filesize
352KB

Download
memory/2292-21-0x0000000000340000-0x0000000000398000-memory.dmp

Filesize
352KB

Download
memory/2292-34-0x0000000000180000-0x00000000001BE000-memory.dmp

Filesize
248KB

Download
memory/2292-35-0x00000000002C0000-0x00000000002FE000-memory.dmp

Filesize
248KB

Download