4eb5b2bab472efa32f29e74763c579c90ae1275a067d0aeac72f8bd59504082d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 09:30

Target

157efce10dd621a0deda2aa722f907e3_JaffaCakes118.dll
Size

14KB
MD5

157efce10dd621a0deda2aa722f907e3
SHA1

5c9646101c31a84cc2246ba8e76b73d1e0bdc337
SHA256

4eb5b2bab472efa32f29e74763c579c90ae1275a067d0aeac72f8bd59504082d
SHA512

2f4600de7e3d1a3a8a81aa8ed133b6cd2797de719f33a47c863e6c966f62bc8f2edfe43c5b829ae2feddb09bd0dc2f3d4328c08a1c76bff6d70b71708d41d71c
SSDEEP

192:h5Iv6TzCWOHIiMIqypi3aCDnEizSAFz45e8K2GQb8ssIMIqtChffFUpkgUwu8CA+:rFPiJMKyF+5K2GQL59fGmb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2920	2860	rundll32.exe	28
PID 2860 wrote to memory of 2920	2860	rundll32.exe	28
PID 2860 wrote to memory of 2920	2860	rundll32.exe	28
PID 2860 wrote to memory of 2920	2860	rundll32.exe	28
PID 2860 wrote to memory of 2920	2860	rundll32.exe	28
PID 2860 wrote to memory of 2920	2860	rundll32.exe	28
PID 2860 wrote to memory of 2920	2860	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\157efce10dd621a0deda2aa722f907e3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\157efce10dd621a0deda2aa722f907e3_JaffaCakes118.dll,#1
  2⤵
  PID:2920

memory/2920-2-0x0000000000130000-0x0000000000149000-memory.dmp

Filesize
100KB

Download
memory/2920-4-0x0000000000120000-0x0000000000139000-memory.dmp

Filesize
100KB

Download
memory/2920-3-0x0000000000141000-0x0000000000142000-memory.dmp

Filesize
4KB

Download
memory/2920-1-0x0000000000120000-0x0000000000139000-memory.dmp

Filesize
100KB

Download
memory/2920-0-0x0000000000120000-0x0000000000139000-memory.dmp

Filesize
100KB

Download