0a3c5f14cf1c5b407eff0ba82bbedb4fecf3424b83e6ad9de57a2686d8e2ead7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 09:01

Target

0d78164d74261aec517062775c8e32de_JaffaCakes118.dll
Size

132KB
MD5

0d78164d74261aec517062775c8e32de
SHA1

9a458c2df0ca4f835901a0e8ae96a3f576a8e1ed
SHA256

0a3c5f14cf1c5b407eff0ba82bbedb4fecf3424b83e6ad9de57a2686d8e2ead7
SHA512

b52fe335027f96033e25c2f9ef6267ab547a28a9cd77b706f5dace2ece850545a3456a450da42029b9ad7b44f98b6f17da8b0a53320bab7b2dccaa49e9e2d639
SSDEEP

3072:6k8NtkOnHL0FjUo5xcgVMBlNEZFLFHqukkkkfkkkk4kkkZkk:utnro5dMBeDkkkkfkkkk4kkkZkk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d78164d74261aec517062775c8e32de_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d78164d74261aec517062775c8e32de_JaffaCakes118.dll,#1
  2⤵
  PID:1724

memory/1724-0-0x0000000000140000-0x0000000000153000-memory.dmp

Filesize
76KB

Download
memory/1724-5-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1724-6-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1724-1-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1724-7-0x0000000000140000-0x0000000000153000-memory.dmp

Filesize
76KB

Download
memory/1724-8-0x0000000000140000-0x0000000000142000-memory.dmp

Filesize
8KB

Download