0ab28475e3cba6e08da8fabaae46c4d44f965aaffac05d419c0b4f8e9b02bbfe

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 08:50

Target

1aaa8b25e68953e14f8b14d79c92c991_JaffaCakes118.dll
Size

35KB
MD5

1aaa8b25e68953e14f8b14d79c92c991
SHA1

0bcf8d02e4978accf17d9f67b9840c46d0a789dc
SHA256

0ab28475e3cba6e08da8fabaae46c4d44f965aaffac05d419c0b4f8e9b02bbfe
SHA512

651e2f69f7f25a86b883daf1e723da645f411e264bd6817ac1921053e1c5321ebae08218d88cf97397fa97aeb5d140a1bce58af9fe86b0cfeb619924bfa7ce28
SSDEEP

768:Dbju9FqpVszaT7QguN1LmI4f0iEXA6tX8GuRRvEn:KXqpVsVPmCXA4MFPvC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2076	2564	rundll32.exe	28
PID 2564 wrote to memory of 2076	2564	rundll32.exe	28
PID 2564 wrote to memory of 2076	2564	rundll32.exe	28
PID 2564 wrote to memory of 2076	2564	rundll32.exe	28
PID 2564 wrote to memory of 2076	2564	rundll32.exe	28
PID 2564 wrote to memory of 2076	2564	rundll32.exe	28
PID 2564 wrote to memory of 2076	2564	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1aaa8b25e68953e14f8b14d79c92c991_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1aaa8b25e68953e14f8b14d79c92c991_JaffaCakes118.dll,#1
  2⤵
  PID:2076

memory/2076-0-0x0000000000100000-0x0000000000112000-memory.dmp

Filesize
72KB

Download