9e79c2aa298d9e021d287ae44225924dc3a83901d0e0b53eb109d5892cba7b4a

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 19:10

Target

294f608183e5729c76d810cb4a97a11f_JaffaCakes118.dll
Size

64KB
MD5

294f608183e5729c76d810cb4a97a11f
SHA1

595204fbdaed6c7b56294e49d4eb5e86bd57591d
SHA256

9e79c2aa298d9e021d287ae44225924dc3a83901d0e0b53eb109d5892cba7b4a
SHA512

b3b18f1933b60e0945745681fa1dc0a22a66e52588c6abb1ce817a3705a24089a99f107f63daa3476503d1fd465f6e79a7e3ab64566dbb2f82b4c57a1ddd35a7
SSDEEP

768:pbEmUZcr2Ufba9vu68Edwpht5VgMpDlT/++Id+dTfGxWTSm5jJ8Zdaxgha5HZg2c:aPZcvba1tdwpht5FphuMlTTjJod1Qw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2088	1856	rundll32.exe	30
PID 1856 wrote to memory of 2088	1856	rundll32.exe	30
PID 1856 wrote to memory of 2088	1856	rundll32.exe	30
PID 1856 wrote to memory of 2088	1856	rundll32.exe	30
PID 1856 wrote to memory of 2088	1856	rundll32.exe	30
PID 1856 wrote to memory of 2088	1856	rundll32.exe	30
PID 1856 wrote to memory of 2088	1856	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\294f608183e5729c76d810cb4a97a11f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\294f608183e5729c76d810cb4a97a11f_JaffaCakes118.dll,#1
  2⤵
  PID:2088

memory/2088-0-0x0000000032000000-0x0000000032021000-memory.dmp

Filesize
132KB

Download