672c3a6cf604dca26332b6954928d047dbf25e89e56fdb14eee416a9d04af307

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 09:58

Target

25874ac5bb022d3a0cee73c05aa07641_JaffaCakes118.dll
Size

336KB
MD5

25874ac5bb022d3a0cee73c05aa07641
SHA1

7b59d0bb082dec3db7fcfacb1a371e6c0edb18e3
SHA256

672c3a6cf604dca26332b6954928d047dbf25e89e56fdb14eee416a9d04af307
SHA512

134a950721c3f91529e9eb37243ee7c75342b1d41affbb968b1509ecba73419fc034ac8d045c6008ee6c4470c99b449ebfd6edcfb2d938dca501e15b37e9e781
SSDEEP

6144:zbCYcWnnF8G7FKpG33kmz41Rdo25Oq+/s9xJyZnHg:zNcWnF8lG3/E4Bs9xJyZnHg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2928	2884	rundll32.exe	28
PID 2884 wrote to memory of 2928	2884	rundll32.exe	28
PID 2884 wrote to memory of 2928	2884	rundll32.exe	28
PID 2884 wrote to memory of 2928	2884	rundll32.exe	28
PID 2884 wrote to memory of 2928	2884	rundll32.exe	28
PID 2884 wrote to memory of 2928	2884	rundll32.exe	28
PID 2884 wrote to memory of 2928	2884	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\25874ac5bb022d3a0cee73c05aa07641_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\25874ac5bb022d3a0cee73c05aa07641_JaffaCakes118.dll,#1
  2⤵
  PID:2928

memory/2928-0-0x0000000001DE0000-0x0000000001E37000-memory.dmp

Filesize
348KB

Download
memory/2928-2-0x0000000001DE0000-0x0000000001E37000-memory.dmp

Filesize
348KB

Download
memory/2928-1-0x0000000001DE0000-0x0000000001E37000-memory.dmp

Filesize
348KB

Download
memory/2928-4-0x0000000001DE1000-0x0000000001DE2000-memory.dmp

Filesize
4KB

Download
memory/2928-5-0x00000000001B0000-0x0000000000200000-memory.dmp

Filesize
320KB

Download
memory/2928-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2928-3-0x0000000001DE2000-0x0000000001E35000-memory.dmp

Filesize
332KB

Download