c72f0fe30046c454bd5ffd422dcd541aef3e28decac3008f728c6ad275bc20a6

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 21:00

Target

0f8287278b6a68b02d18f49f109577b8_JaffaCakes118.dll
Size

86KB
MD5

0f8287278b6a68b02d18f49f109577b8
SHA1

95dc6fdbd80381ca2fc19cc53f5ac5aa5ab6f410
SHA256

c72f0fe30046c454bd5ffd422dcd541aef3e28decac3008f728c6ad275bc20a6
SHA512

8eb38681d58ec9129d2dc3d062389f8d094971c6a8d7fa6148dd849d15a414f212eab10e0423a080e8c5077cb3fcd7112dfc080cabfcbfad464d8609ecb1f547
SSDEEP

1536:BoebapKjQNEf4EsxanKqfyOsVkXwzgBwK:BpbapKjQNO4EJKSyt6gzewK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f8287278b6a68b02d18f49f109577b8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f8287278b6a68b02d18f49f109577b8_JaffaCakes118.dll,#1
  2⤵
  PID:1344

memory/1344-3-0x0000000000180000-0x000000000019C000-memory.dmp

Filesize
112KB

Download
memory/1344-2-0x00000000000B0000-0x00000000000CC000-memory.dmp

Filesize
112KB

Download
memory/1344-1-0x00000000000B0000-0x00000000000CC000-memory.dmp

Filesize
112KB

Download
memory/1344-0-0x00000000000B0000-0x00000000000CC000-memory.dmp

Filesize
112KB

Download