99017474ec77d6040e96a91d4308a5ed445ada130759154478fc6ee8bf0d1258

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 04:43

Target

24a9fab079191c8318e732dfa1c4348f_JaffaCakes118.dll
Size

46KB
MD5

24a9fab079191c8318e732dfa1c4348f
SHA1

a4c841fef4d232a7378c9bcc184b0bb26cf122e6
SHA256

99017474ec77d6040e96a91d4308a5ed445ada130759154478fc6ee8bf0d1258
SHA512

c01e1772f4779ad3a7a1df2bfa17b6776c41097fc2ec03a384ba9030624f41f3ee6bf0c7d324dddd488ef8609bd5888a7293dc1f6660034f5d03a34117363aed
SSDEEP

768:JwxTSAynbxUW/MT+Nmrp1RfS44r6L+do+ggyOYBaYslkBZM:JwZSAy1b/MCNwhS4C6z+gVXkwM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1916	1720	rundll32.exe	28
PID 1720 wrote to memory of 1916	1720	rundll32.exe	28
PID 1720 wrote to memory of 1916	1720	rundll32.exe	28
PID 1720 wrote to memory of 1916	1720	rundll32.exe	28
PID 1720 wrote to memory of 1916	1720	rundll32.exe	28
PID 1720 wrote to memory of 1916	1720	rundll32.exe	28
PID 1720 wrote to memory of 1916	1720	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\24a9fab079191c8318e732dfa1c4348f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\24a9fab079191c8318e732dfa1c4348f_JaffaCakes118.dll,#1
  2⤵
  PID:1916

memory/1916-1-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/1916-0-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download