9ceec53586ee0703f8c4c439d90d0ae67d7890b162822ec8290d2c7053b14fc4

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 04:39

Target

211a3bce3505876583e9ac3d598dec96_JaffaCakes118.dll
Size

29KB
MD5

211a3bce3505876583e9ac3d598dec96
SHA1

249a1ae7ee5fcf00b47cd754490c3c0109088990
SHA256

9ceec53586ee0703f8c4c439d90d0ae67d7890b162822ec8290d2c7053b14fc4
SHA512

772c98a9e6099713504919e89567267e72cbdca4fde9c335f2fbf13971d2ec3b3a1e05c0b5c1d2d487512b5b28cfdfe505c185cf8e3e4b4a67bb2b849b2abf06
SSDEEP

768:DJtimFhFfqkLHHB9gMUVddNXxBGfURjENixCy9dJD14r2Unwhs:DNhNqIng3RBAUhIiFj1wBwh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2376	2036	rundll32.exe	28
PID 2036 wrote to memory of 2376	2036	rundll32.exe	28
PID 2036 wrote to memory of 2376	2036	rundll32.exe	28
PID 2036 wrote to memory of 2376	2036	rundll32.exe	28
PID 2036 wrote to memory of 2376	2036	rundll32.exe	28
PID 2036 wrote to memory of 2376	2036	rundll32.exe	28
PID 2036 wrote to memory of 2376	2036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\211a3bce3505876583e9ac3d598dec96_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\211a3bce3505876583e9ac3d598dec96_JaffaCakes118.dll,#1
  2⤵
  PID:2376

memory/2376-1-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download
memory/2376-3-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download
memory/2376-2-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download
memory/2376-0-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download