005f7d87b89ceefdde0d4e72d2924fd0908051be405afecf77cf89ca3702677f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 08:16

Target

253e936675c2856e13b613d6ce2e9248_JaffaCakes118.dll
Size

287KB
MD5

253e936675c2856e13b613d6ce2e9248
SHA1

e3a2f4417ba595984453911a1ad57881051874f1
SHA256

005f7d87b89ceefdde0d4e72d2924fd0908051be405afecf77cf89ca3702677f
SHA512

b089353f3f078dfed66a809958011823106efb3e157f763490d354153bd9075dd56d43ffed10e0d66cdd9c6a9865ae722378fe391bfe4bdae6eb55cc910334ee
SSDEEP

6144:VN2J/jKSvqiaf+hPyyyhTWufBH6RaJM5V4Zew+3Q:VcJ/jKSdafyPyyyZW4BH6N5pw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 1972	2432	rundll32.exe	28
PID 2432 wrote to memory of 1972	2432	rundll32.exe	28
PID 2432 wrote to memory of 1972	2432	rundll32.exe	28
PID 2432 wrote to memory of 1972	2432	rundll32.exe	28
PID 2432 wrote to memory of 1972	2432	rundll32.exe	28
PID 2432 wrote to memory of 1972	2432	rundll32.exe	28
PID 2432 wrote to memory of 1972	2432	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\253e936675c2856e13b613d6ce2e9248_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\253e936675c2856e13b613d6ce2e9248_JaffaCakes118.dll,#1
  2⤵
  PID:1972

memory/1972-0-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download