51d013ba5f847e66a80854346d953b4e977282227833ca4e97f40461d8110a6b

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 18:35

Target

1c11f5cfd0404374a1c8ea43ecbf127f_JaffaCakes118.dll
Size

947KB
MD5

1c11f5cfd0404374a1c8ea43ecbf127f
SHA1

fbe2a76208a9e51b2ea6bf4a2cf8a981f324d428
SHA256

51d013ba5f847e66a80854346d953b4e977282227833ca4e97f40461d8110a6b
SHA512

4d5be8521104fc88eae55632821990733f68f924ad01f814a8f6fa462014d77e997c8bb1e62f15cfd5be62c14e759a25dbf664886ccb48abdbf921ea0781eaaf
SSDEEP

24576:aHK6R3PFwx7D7NAgDHjYZyxE2tJOgyIZNO2K5/QLUAk:zUE7NLDU0tJOgZNO22IA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 1916	2916	rundll32.exe	28
PID 2916 wrote to memory of 1916	2916	rundll32.exe	28
PID 2916 wrote to memory of 1916	2916	rundll32.exe	28
PID 2916 wrote to memory of 1916	2916	rundll32.exe	28
PID 2916 wrote to memory of 1916	2916	rundll32.exe	28
PID 2916 wrote to memory of 1916	2916	rundll32.exe	28
PID 2916 wrote to memory of 1916	2916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c11f5cfd0404374a1c8ea43ecbf127f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c11f5cfd0404374a1c8ea43ecbf127f_JaffaCakes118.dll,#1
  2⤵
  PID:1916

memory/1916-1-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download
memory/1916-0-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download
memory/1916-4-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download
memory/1916-12-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download
memory/1916-14-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download
memory/1916-13-0x0000000001F07000-0x0000000001F08000-memory.dmp

Filesize
4KB

Download
memory/1916-11-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/1916-17-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download
memory/1916-16-0x0000000000140000-0x0000000000180000-memory.dmp

Filesize
256KB

Download
memory/1916-8-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download
memory/1916-9-0x0000000000140000-0x0000000000180000-memory.dmp

Filesize
256KB

Download
memory/1916-6-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download
memory/1916-5-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download
memory/1916-3-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download
memory/1916-2-0x0000000000140000-0x0000000000180000-memory.dmp

Filesize
256KB

Download
memory/1916-18-0x0000000001EB0000-0x000000000207C000-memory.dmp

Filesize
1.8MB

Download