fbb126773896c0bc2a766daa856fae9150c3960c42645f82dd1c0c466463d627

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 00:24

Target

23ffd87d1cb7ee72ee3d3e6ad8536af6_JaffaCakes118.dll
Size

168KB
MD5

23ffd87d1cb7ee72ee3d3e6ad8536af6
SHA1

98eb4ded10a20dd8d8eb0f57358611d8093e700c
SHA256

fbb126773896c0bc2a766daa856fae9150c3960c42645f82dd1c0c466463d627
SHA512

98e7ec0e62285ee30101bee5aa935da81734526b54e09b2c8790395d37e33864a5e0a0e628169789d3acbbdabfdc964d4b2c573e06793023c86e65e678ea05ac
SSDEEP

3072:H5SZHI9O8JxvlkOgWKEH9YQ5sdTtz1Eu93H3bOtCLP:a8O8blkOgWJdvEEwH3beCD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2092	3068	rundll32.exe	28
PID 3068 wrote to memory of 2092	3068	rundll32.exe	28
PID 3068 wrote to memory of 2092	3068	rundll32.exe	28
PID 3068 wrote to memory of 2092	3068	rundll32.exe	28
PID 3068 wrote to memory of 2092	3068	rundll32.exe	28
PID 3068 wrote to memory of 2092	3068	rundll32.exe	28
PID 3068 wrote to memory of 2092	3068	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23ffd87d1cb7ee72ee3d3e6ad8536af6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\23ffd87d1cb7ee72ee3d3e6ad8536af6_JaffaCakes118.dll,#1
  2⤵
  PID:2092

memory/2092-0-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/2092-2-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/2092-3-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/2092-1-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download