3794049172a474ac21ac7a74d19403d8d2e45074d248a8539fb5a626d3e0050e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 11:27

Target

26e126a3bbb030169c9df566510a0144_JaffaCakes118.dll
Size

23KB
MD5

26e126a3bbb030169c9df566510a0144
SHA1

0ef90b340fcce51bfc29cd356f3dfacf98e259bf
SHA256

3794049172a474ac21ac7a74d19403d8d2e45074d248a8539fb5a626d3e0050e
SHA512

f81f88643d884a5b40e2a0479ef127574f59c887956357b1128580f7b6f9ce2c2f35b624f077f0d42e7bea644cdd3f55bce0e4b9beeac12a38d849540ada36ba
SSDEEP

384:d3jsZpyIVClxC8jpHZEc8hcanshP2mZ9d6GiZXPlWZi1PWSBV5EphNxpG:d3gZ8PK8kc8htmwGiHbPR8pP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2140	2992	rundll32.exe	30
PID 2992 wrote to memory of 2140	2992	rundll32.exe	30
PID 2992 wrote to memory of 2140	2992	rundll32.exe	30
PID 2992 wrote to memory of 2140	2992	rundll32.exe	30
PID 2992 wrote to memory of 2140	2992	rundll32.exe	30
PID 2992 wrote to memory of 2140	2992	rundll32.exe	30
PID 2992 wrote to memory of 2140	2992	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\26e126a3bbb030169c9df566510a0144_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\26e126a3bbb030169c9df566510a0144_JaffaCakes118.dll,#1
  2⤵
  PID:2140

memory/2140-0-0x00000000000B0000-0x00000000000BC000-memory.dmp

Filesize
48KB

Download
memory/2140-3-0x00000000000C0000-0x00000000000CC000-memory.dmp

Filesize
48KB

Download
memory/2140-2-0x00000000000B0000-0x00000000000BC000-memory.dmp

Filesize
48KB

Download
memory/2140-1-0x00000000000B0000-0x00000000000BC000-memory.dmp

Filesize
48KB

Download