7ec821d57b0f3abb091651439a52b97245a4f9139abd376bbc77941047cda714

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 06:25

Target

278bfb3a42cc1d2a7a8fbc31b389f32d_JaffaCakes118.dll
Size

374KB
MD5

278bfb3a42cc1d2a7a8fbc31b389f32d
SHA1

427d94fb38ec32453f8bb7b0e5a84b36759f833a
SHA256

7ec821d57b0f3abb091651439a52b97245a4f9139abd376bbc77941047cda714
SHA512

72faaf744e4f36544dad007a13a6226629e550c944ca14fd3fef7c9d4f4a4fefc788b79ab2581c1d2d944c8f7f32cb4d674e2798412e256442f4f637b736d40a
SSDEEP

6144:ebciEuj+1i7F0jHyc+hN9g5GkxgKNJKHANfXBKSkgAYGTbPSoy:eLjL6j+ry3Jh0SkGGTbP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2244	2600	rundll32.exe	28
PID 2600 wrote to memory of 2244	2600	rundll32.exe	28
PID 2600 wrote to memory of 2244	2600	rundll32.exe	28
PID 2600 wrote to memory of 2244	2600	rundll32.exe	28
PID 2600 wrote to memory of 2244	2600	rundll32.exe	28
PID 2600 wrote to memory of 2244	2600	rundll32.exe	28
PID 2600 wrote to memory of 2244	2600	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\278bfb3a42cc1d2a7a8fbc31b389f32d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\278bfb3a42cc1d2a7a8fbc31b389f32d_JaffaCakes118.dll,#1
  2⤵
  PID:2244

memory/2244-0-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2244-1-0x0000000002020000-0x0000000002060000-memory.dmp

Filesize
256KB

Download
memory/2244-2-0x0000000002020000-0x0000000002060000-memory.dmp

Filesize
256KB

Download