f6ebba245c768c2bf46acd555b406a789397e99a301b579e76f9f04658e05a0d

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 12:51

Target

0e24bb5eafe834e7c6cfaf584ba7254b_JaffaCakes118.dll
Size

56KB
MD5

0e24bb5eafe834e7c6cfaf584ba7254b
SHA1

1eb304e03270acd53bc51e0494d2a8192a2d6faf
SHA256

f6ebba245c768c2bf46acd555b406a789397e99a301b579e76f9f04658e05a0d
SHA512

180c39ed6182466efa9b2e90890550ad3d4d945a903946f4690f428308e086561e33b95a22680f442dc7a6080daef5112f384f5e054760b852d4ce18f9b0cf49
SSDEEP

1536:pk8edU03Lii4KNJB1pWG1xLPG/HwubVv9:yU03Li7chwGEH9Vv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e24bb5eafe834e7c6cfaf584ba7254b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e24bb5eafe834e7c6cfaf584ba7254b_JaffaCakes118.dll,#1
  2⤵
  PID:2244

memory/2244-0-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download
memory/2244-1-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download