d2278ab1e6f48c014f83f630375be1366cb7ef8511e6169265582b35fd5dba47

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 00:58

Target

0ba9a35bb2ada3b3462f18f14da249e4_JaffaCakes118.dll
Size

9KB
MD5

0ba9a35bb2ada3b3462f18f14da249e4
SHA1

48ad6c0242f740dfe9a439afaffb2e01ea97beba
SHA256

d2278ab1e6f48c014f83f630375be1366cb7ef8511e6169265582b35fd5dba47
SHA512

ba08e94e6e67a2f9dca7ac8420ac9d8207cd998a359951c9d38d0572847bb2d05972206d3a3c711f665197696e05f1da9509ecae98272d780a4a37077d8c2743
SSDEEP

96:q1V7dR7uwEU+hCT3GrxZ4MUtPNlz0MdG8EWvdM3IWwG34b3:kuwEt8rsTUtPLzKNWSYWF4b3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 1636	2768	rundll32.exe	28
PID 2768 wrote to memory of 1636	2768	rundll32.exe	28
PID 2768 wrote to memory of 1636	2768	rundll32.exe	28
PID 2768 wrote to memory of 1636	2768	rundll32.exe	28
PID 2768 wrote to memory of 1636	2768	rundll32.exe	28
PID 2768 wrote to memory of 1636	2768	rundll32.exe	28
PID 2768 wrote to memory of 1636	2768	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ba9a35bb2ada3b3462f18f14da249e4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ba9a35bb2ada3b3462f18f14da249e4_JaffaCakes118.dll,#1
  2⤵
  PID:1636

memory/1636-3-0x0000000000140000-0x0000000000147000-memory.dmp

Filesize
28KB

Download
memory/1636-2-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download
memory/1636-1-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download
memory/1636-0-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download