5ee2bc127031402c6cd4cfd3842d5dce2c4f019a6b18a2f1a572fefa73f9af00

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 00:43

Target

0b96c0e575253ca672bb53be271b6090_JaffaCakes118.dll
Size

85KB
MD5

0b96c0e575253ca672bb53be271b6090
SHA1

b2f94ee7aaa3cb950e5323a7d34232aa069f933d
SHA256

5ee2bc127031402c6cd4cfd3842d5dce2c4f019a6b18a2f1a572fefa73f9af00
SHA512

b8c6487ec2935a74a50e46bc864edf8940a3a3b3a9ff460960866262de2478fe4671f61cc31b7c91ef87cf0be84bfd4f1d6b1ac7f1ffb0013d6671661c330058
SSDEEP

1536:3hEwqXPZGyAqyofRVlRY/ejQZ3YrB9dfjA+8:REwkPAyVymrjW3Ufjx8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2008	3068	rundll32.exe	28
PID 3068 wrote to memory of 2008	3068	rundll32.exe	28
PID 3068 wrote to memory of 2008	3068	rundll32.exe	28
PID 3068 wrote to memory of 2008	3068	rundll32.exe	28
PID 3068 wrote to memory of 2008	3068	rundll32.exe	28
PID 3068 wrote to memory of 2008	3068	rundll32.exe	28
PID 3068 wrote to memory of 2008	3068	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b96c0e575253ca672bb53be271b6090_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b96c0e575253ca672bb53be271b6090_JaffaCakes118.dll,#1
  2⤵
  PID:2008

memory/2008-1-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/2008-2-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/2008-0-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download