ed25ca04515d475bd6cd493ddff6e4fc1b69a0c8f24f7da95b26ff63adb52257

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 11:54

Target

1b333a939407becbaea50564c14755c1_JaffaCakes118.dll
Size

2.3MB
MD5

1b333a939407becbaea50564c14755c1
SHA1

d72c028e34db5227bd995e45b39c189f6e9379cb
SHA256

ed25ca04515d475bd6cd493ddff6e4fc1b69a0c8f24f7da95b26ff63adb52257
SHA512

27527531f843672feb5ed54f0c80a1049499ad5a9e12285c793a966b288888b6cd741858f1c60963edb94c13f8c2b0f2aafc0ef3f8981106f87e28123a505808
SSDEEP

49152:8PCMTbzdZEm+G6qGJ2f3iRfX9/GZDCBywcLen7QD/7B:8P1vF+T52fSR5UDjLe7QL9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1672	2204	rundll32.exe	28
PID 2204 wrote to memory of 1672	2204	rundll32.exe	28
PID 2204 wrote to memory of 1672	2204	rundll32.exe	28
PID 2204 wrote to memory of 1672	2204	rundll32.exe	28
PID 2204 wrote to memory of 1672	2204	rundll32.exe	28
PID 2204 wrote to memory of 1672	2204	rundll32.exe	28
PID 2204 wrote to memory of 1672	2204	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b333a939407becbaea50564c14755c1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b333a939407becbaea50564c14755c1_JaffaCakes118.dll,#1
  2⤵
  PID:1672

memory/1672-0-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download