0805bde89dba756a46ea9aa1c30deebb59a11ba467700bd08f839f5e2ba62427

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 07:05

Target

151656041e149cf305c302669628c54b_JaffaCakes118.dll
Size

13KB
MD5

151656041e149cf305c302669628c54b
SHA1

e9e4a9e32de6526c549d947205602e0f73ed751a
SHA256

0805bde89dba756a46ea9aa1c30deebb59a11ba467700bd08f839f5e2ba62427
SHA512

fe819561a892c750566dd079618be2be4e2f912c95d760234204382a33a8518f29b1eaace2568501184f5b4cb96ae6024ea55e48227e4a132088f71d02c4a235
SSDEEP

192:tA5ldKFhEC+/keFVGlga6JiP6DV7QOO/jamfg3zW87Q/12NNJICjv+kgUw9A:tAde+seFVqqxQOUW40y87Qt2vJDr

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
480	Process not Found

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28
PID 2172 wrote to memory of 2348	2172	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\151656041e149cf305c302669628c54b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\151656041e149cf305c302669628c54b_JaffaCakes118.dll,#1
  2⤵
  PID:2348

memory/2348-0-0x0000000025000000-0x000000002501D000-memory.dmp

Filesize
116KB

Download
memory/2348-1-0x0000000025015000-0x0000000025016000-memory.dmp

Filesize
4KB

Download