de626e3a3ea7120bb0cd29243d93a6928366afba16374f0b0ccc101f69a39ba9

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 19:29

Target

1c3b84f6cbcd304ea02ab09591dfbb1b_JaffaCakes118.dll
Size

383KB
MD5

1c3b84f6cbcd304ea02ab09591dfbb1b
SHA1

3d941c079e054c6f04736256c3a3a57700492d64
SHA256

de626e3a3ea7120bb0cd29243d93a6928366afba16374f0b0ccc101f69a39ba9
SHA512

24d5b6bfc4f0ee65cba53c26e624c34863227952f94307c2dcd6894d91d21c9f0b670672fa30a9dbfde1cf1b609791d2283d7c32d47c87f54f1eee56564852c2
SSDEEP

6144:FHStHxkUVDx3U9djcq7sADkLbKKFqyk+XbyDzkEFUJdy0E3LHTeE7YrHS6Gg:Fbg3iAq7sIiX2ky3Hzd+HS61

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c3b84f6cbcd304ea02ab09591dfbb1b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c3b84f6cbcd304ea02ab09591dfbb1b_JaffaCakes118.dll,#1
  2⤵
  PID:2344

memory/2344-1-0x0000000074CC0000-0x0000000074D26000-memory.dmp

Filesize
408KB

Download
memory/2344-0-0x0000000074D30000-0x0000000074D96000-memory.dmp

Filesize
408KB

Download