60b3c52de870133f3f94afcb47063077fbff6f0dcd5c0fa6eb46169a484a5e29

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 05:13

Target

24bfb454660fce07d37e74739d6c83f4_JaffaCakes118.dll
Size

15KB
MD5

24bfb454660fce07d37e74739d6c83f4
SHA1

9428e18e7f20e06608cee035acd39297505c5f80
SHA256

60b3c52de870133f3f94afcb47063077fbff6f0dcd5c0fa6eb46169a484a5e29
SHA512

cfb8dc98ae0c2537d56ec14bd4c52cdaa1ca3e6525605a7e5d59ce521b75c1ffdb3c608ee10ac1b05d4b8c0ef554fcae83cc391b2c1f403f4c73169139f79079
SSDEEP

96:h8SaYq+JAgnKxY5XABafs5dRSFvMK/zUOf06GWBgh//vDS3WL4OQ63YqvQ:huYnK+57fs0eK/wLhYgM3hn6oS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2208	1932	rundll32.exe	28
PID 1932 wrote to memory of 2208	1932	rundll32.exe	28
PID 1932 wrote to memory of 2208	1932	rundll32.exe	28
PID 1932 wrote to memory of 2208	1932	rundll32.exe	28
PID 1932 wrote to memory of 2208	1932	rundll32.exe	28
PID 1932 wrote to memory of 2208	1932	rundll32.exe	28
PID 1932 wrote to memory of 2208	1932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\24bfb454660fce07d37e74739d6c83f4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\24bfb454660fce07d37e74739d6c83f4_JaffaCakes118.dll,#1
  2⤵
  PID:2208

memory/2208-3-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/2208-2-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/2208-1-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/2208-0-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download