6727c71fd41e263388b0648fb7f517d5db3a040b2aff5ae20a93e685f30c9dc6

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 09:23

Target

1ac0e4876ba44db50fdda01189cdd8f1_JaffaCakes118.dll
Size

100KB
MD5

1ac0e4876ba44db50fdda01189cdd8f1
SHA1

7424059984f1c8f0e52382f3f0238772b5278073
SHA256

6727c71fd41e263388b0648fb7f517d5db3a040b2aff5ae20a93e685f30c9dc6
SHA512

dbe2d4226c9bef3ba022d044987118f3e6e4e80f2e37b310166f8558944b4b56396ce328c478abe5980dcb4a22f6a7d27bfab1620aee1d7c45c1f0c8904378c0
SSDEEP

768:0eGcccnaexvPsg4kpX6TdgaqSYXYHwcePAkoy+B5+FNYE86AukD4N4e6VPOB2gU0:0ccA5xhAGhx86KD0x6csgUbXmPoBA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2868	1200	rundll32.exe	28
PID 1200 wrote to memory of 2868	1200	rundll32.exe	28
PID 1200 wrote to memory of 2868	1200	rundll32.exe	28
PID 1200 wrote to memory of 2868	1200	rundll32.exe	28
PID 1200 wrote to memory of 2868	1200	rundll32.exe	28
PID 1200 wrote to memory of 2868	1200	rundll32.exe	28
PID 1200 wrote to memory of 2868	1200	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ac0e4876ba44db50fdda01189cdd8f1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ac0e4876ba44db50fdda01189cdd8f1_JaffaCakes118.dll,#1
  2⤵
  PID:2868

memory/2868-2-0x0000000074D30000-0x0000000074D5E000-memory.dmp

Filesize
184KB

Download
memory/2868-1-0x0000000074D10000-0x0000000074D3E000-memory.dmp

Filesize
184KB

Download
memory/2868-3-0x0000000074D40000-0x0000000074D6E000-memory.dmp

Filesize
184KB

Download
memory/2868-0-0x0000000074D40000-0x0000000074D6E000-memory.dmp

Filesize
184KB

Download