ffb0c134ab065776f0107180ec287a9e439b9d593a3627ddcb540125857f0805

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 22:15

Target

239f3cbf83dfa46a527144ff3c0dbdc7_JaffaCakes118.dll
Size

7KB
MD5

239f3cbf83dfa46a527144ff3c0dbdc7
SHA1

4f552d8effe37ace4987f0c225d411b15e26fc57
SHA256

ffb0c134ab065776f0107180ec287a9e439b9d593a3627ddcb540125857f0805
SHA512

43a58007e12a07510a2eb2b76798fb2cbab7a5d5a0748dd7829c6332d16a8c87575551c11b5bdd5f23c9ef4108a856a3957d4a3d5758fad24d07f06fde724a8b
SSDEEP

96:nPJbWwssLMTVBffI/zf1rxfdnY9s+yiXemVcTO8OTMP345QT3BL5aQt:nBbWGS6L1r5hcXyIWTjOT84+tI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2432	2420	rundll32.exe	28
PID 2420 wrote to memory of 2432	2420	rundll32.exe	28
PID 2420 wrote to memory of 2432	2420	rundll32.exe	28
PID 2420 wrote to memory of 2432	2420	rundll32.exe	28
PID 2420 wrote to memory of 2432	2420	rundll32.exe	28
PID 2420 wrote to memory of 2432	2420	rundll32.exe	28
PID 2420 wrote to memory of 2432	2420	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\239f3cbf83dfa46a527144ff3c0dbdc7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\239f3cbf83dfa46a527144ff3c0dbdc7_JaffaCakes118.dll,#1
  2⤵
  PID:2432

memory/2432-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-3-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-2-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download