782dee40bf5266d3905b72e513cc515db88aa0813a100586bc6fd1222904eee2

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 16:03

Target

28c157e3043b25ad28a0667f635be740_JaffaCakes118.dll
Size

37KB
MD5

28c157e3043b25ad28a0667f635be740
SHA1

f95d44072374bbbec5659268e4a325d437bf43c2
SHA256

782dee40bf5266d3905b72e513cc515db88aa0813a100586bc6fd1222904eee2
SHA512

cf39b9ccba90a29ed8246ec1e98abdc7c87ae38c5c933d51431c2cec1e8f650e215b6e827301d1273e9a213aa045e1a4274a88e186f8dada506113a4f71e9ad4
SSDEEP

768:aLWxOvnGSEFCOGyoo0mk0DoAyhi79jRNxl75l5/77rqfeL8b6e:yWxgnGPFpGyoK9DoAfD/75jD/qeob6e

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\28c157e3043b25ad28a0667f635be740_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\28c157e3043b25ad28a0667f635be740_JaffaCakes118.dll,#1
  2⤵
  PID:2116

memory/2116-2-0x0000000010000000-0x0000000010022000-memory.dmp

Filesize
136KB

Download
memory/2116-1-0x0000000010000000-0x0000000010022000-memory.dmp

Filesize
136KB

Download
memory/2116-0-0x0000000010000000-0x0000000010022000-memory.dmp

Filesize
136KB

Download