0371e5de710eb1efc142bba4db1a0382e952d38e3f210b005c172f03176f20af

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 18:15

Target

25c0b351fb1573780b3634d3b76ee98f_JaffaCakes118.dll
Size

5KB
MD5

25c0b351fb1573780b3634d3b76ee98f
SHA1

161b06d239ba6c44d5855e869b50c3fd3ad0d6fe
SHA256

0371e5de710eb1efc142bba4db1a0382e952d38e3f210b005c172f03176f20af
SHA512

354bdef23e08f1793228782c07da05c941ac1711a04c5b66908018d0cf79359757e3b2d8b98c723754f5666fd78f1c368b993b59af9ab430aa156394952b27a9
SSDEEP

96:pi9UhmhScmCj0S+zQaqP0R5YyubymJCtJ/L3Et5IuNa/h2MPS9kgcwQwTpX:8OhT805CP25svJCtJ/L36IuNFR9kgUwB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 1608	1852	rundll32.exe	28
PID 1852 wrote to memory of 1608	1852	rundll32.exe	28
PID 1852 wrote to memory of 1608	1852	rundll32.exe	28
PID 1852 wrote to memory of 1608	1852	rundll32.exe	28
PID 1852 wrote to memory of 1608	1852	rundll32.exe	28
PID 1852 wrote to memory of 1608	1852	rundll32.exe	28
PID 1852 wrote to memory of 1608	1852	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\25c0b351fb1573780b3634d3b76ee98f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\25c0b351fb1573780b3634d3b76ee98f_JaffaCakes118.dll,#1
  2⤵
  PID:1608

memory/1608-1-0x0000000025009000-0x000000002500A000-memory.dmp

Filesize
4KB

Download
memory/1608-0-0x0000000025000000-0x0000000025011000-memory.dmp

Filesize
68KB

Download