c06f8dbed7ec3cde0dd604cc3669eb18b5521e30e02f3dfb48030b4a3aeb260e

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 17:55

Target

0f00b8e4a66cb10f54da15b2231917cf_JaffaCakes118.dll
Size

133KB
MD5

0f00b8e4a66cb10f54da15b2231917cf
SHA1

91644ab0712992efa6f4d715d6a4ff898bf376ca
SHA256

c06f8dbed7ec3cde0dd604cc3669eb18b5521e30e02f3dfb48030b4a3aeb260e
SHA512

3a9f3cd571e3ad0f31bbdbda6192316850a439d3b7c2a85c707ec3b460d5095fa9c64dbf668f023c737fd84d162aca9ed5b35516c18bc7dbc6eed58e64bcb7e7
SSDEEP

3072:0aUFZXVAcR4enPgACthb935g2elsMqqDLy/p5kS:0aEYcR4ePuhxJAqqDLuh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f00b8e4a66cb10f54da15b2231917cf_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f00b8e4a66cb10f54da15b2231917cf_JaffaCakes118.dll,#1
  2⤵
  PID:2992

memory/2992-0-0x0000000000130000-0x000000000013A000-memory.dmp

Filesize
40KB

Download
memory/2992-5-0x000000001001D000-0x000000001002C000-memory.dmp

Filesize
60KB

Download
memory/2992-4-0x0000000000130000-0x000000000013A000-memory.dmp

Filesize
40KB

Download
memory/2992-6-0x0000000000130000-0x000000000013A000-memory.dmp

Filesize
40KB

Download