364bdcad95c47762af026c3b14d07bd1d20946e76ac9d6ec09d08353b52dfed0

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 10:39

Target

2840ab46817cfdc1320d1da01658ab6d_JaffaCakes118.dll
Size

6KB
MD5

2840ab46817cfdc1320d1da01658ab6d
SHA1

738b2fb94464b37e305ed023ba89bc5e7bdbdcb6
SHA256

364bdcad95c47762af026c3b14d07bd1d20946e76ac9d6ec09d08353b52dfed0
SHA512

0b21ef115be4096d679fef5fd0873864e60e49aff1cd46520e4d26a67216806000741f388fa29ae4fbd58b1b6fcf3e8dd593ae2134a938e44f1cc61151ef7917
SSDEEP

48:aGy7MN4cpSGAXbIni1kvNs6ztutiKIZWiwQTnU5WwG2QozbC:xB4c4G6bn1k1sw0EW3enIWwGqb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2224	1916	rundll32.exe	28
PID 1916 wrote to memory of 2224	1916	rundll32.exe	28
PID 1916 wrote to memory of 2224	1916	rundll32.exe	28
PID 1916 wrote to memory of 2224	1916	rundll32.exe	28
PID 1916 wrote to memory of 2224	1916	rundll32.exe	28
PID 1916 wrote to memory of 2224	1916	rundll32.exe	28
PID 1916 wrote to memory of 2224	1916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2840ab46817cfdc1320d1da01658ab6d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2840ab46817cfdc1320d1da01658ab6d_JaffaCakes118.dll,#1
  2⤵
  PID:2224

memory/2224-0-0x00000000000B0000-0x00000000000B6000-memory.dmp

Filesize
24KB

Download
memory/2224-1-0x00000000000B0000-0x00000000000B6000-memory.dmp

Filesize
24KB

Download
memory/2224-2-0x00000000000B0000-0x00000000000B6000-memory.dmp

Filesize
24KB

Download