d7e04d231fed90d518d3d87232fe0a99d5eda68b502fce746942d702b86f3fa8

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 02:27

Target

2452e03884b40b16e235fddc2b3a550c_JaffaCakes118.dll
Size

148KB
MD5

2452e03884b40b16e235fddc2b3a550c
SHA1

7f292d6b2c88449a3c1ee49f5dc7fb1fa7e01416
SHA256

d7e04d231fed90d518d3d87232fe0a99d5eda68b502fce746942d702b86f3fa8
SHA512

8aba3642829adf02e1ca56b6c3564e2b6a1d4995637ba673909b6df6043a206fa475eaf9ef0ed418b12663028e6280c74fd501c8af727f7d2b1ac923dd9fab25
SSDEEP

3072:zzYndugCV0+VamUsI6pLCkkC1NZZkCxeStPnY5My:YdugCFV3UpYek71NZZTeStPnY5d

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 2408	928	rundll32.exe	28
PID 928 wrote to memory of 2408	928	rundll32.exe	28
PID 928 wrote to memory of 2408	928	rundll32.exe	28
PID 928 wrote to memory of 2408	928	rundll32.exe	28
PID 928 wrote to memory of 2408	928	rundll32.exe	28
PID 928 wrote to memory of 2408	928	rundll32.exe	28
PID 928 wrote to memory of 2408	928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2452e03884b40b16e235fddc2b3a550c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2452e03884b40b16e235fddc2b3a550c_JaffaCakes118.dll,#1
  2⤵
  PID:2408

memory/2408-0-0x0000000067940000-0x000000006796C000-memory.dmp

Filesize
176KB

Download
memory/2408-3-0x0000000067940000-0x000000006796C000-memory.dmp

Filesize
176KB

Download
memory/2408-2-0x0000000067940000-0x000000006796C000-memory.dmp

Filesize
176KB

Download
memory/2408-1-0x0000000067940000-0x000000006796C000-memory.dmp

Filesize
176KB

Download