fa42acab904647cec080153e4d77a8880c243d84de82344426f75c44997efecc

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 06:12

Target

1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll
Size

367KB
MD5

1911858bcd60ebc41d69a1858a9ec4df
SHA1

9f1b1766ec3a17190c9470f3058e5c545f6a6807
SHA256

fa42acab904647cec080153e4d77a8880c243d84de82344426f75c44997efecc
SHA512

4887f094c394da50688303d729b9b551398759e9bee51f2af33a43a3922bb27260ff25b19ded3c7bbe974c73746d1bcace9cacad12744325668054198180b3ed
SSDEEP

6144:75YOb2ONqSVJlhvwUFe8oSFr/Y8RtlXne/PSOdqT1mOrx5OaVVqz:75YBOflfFewfRtG3DQvLbqz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 1948	2072	rundll32.exe	28
PID 2072 wrote to memory of 1948	2072	rundll32.exe	28
PID 2072 wrote to memory of 1948	2072	rundll32.exe	28
PID 2072 wrote to memory of 1948	2072	rundll32.exe	28
PID 2072 wrote to memory of 1948	2072	rundll32.exe	28
PID 2072 wrote to memory of 1948	2072	rundll32.exe	28
PID 2072 wrote to memory of 1948	2072	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll,#1
  2⤵
  PID:1948

memory/1948-2-0x0000000002160000-0x00000000021A0000-memory.dmp

Filesize
256KB

Download
memory/1948-1-0x0000000002160000-0x00000000021A0000-memory.dmp

Filesize
256KB

Download
memory/1948-0-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download