a15a3c46a253635346e32b2fb2784180cf59f06bdd2757d81d28943e8ab3c1d9

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 12:20

Target

29f8bbb7a0c6f11dc69ae165ba2f19c4_JaffaCakes118.dll
Size

365KB
MD5

29f8bbb7a0c6f11dc69ae165ba2f19c4
SHA1

bf6c1bf28fb9b4b29b525e053d780f14a7f4a287
SHA256

a15a3c46a253635346e32b2fb2784180cf59f06bdd2757d81d28943e8ab3c1d9
SHA512

fd35f9a02d11be4f2bd6112d4e4b005ebda59bfe7eb6b3b28a10e19f94fda81052dd00eac8379972db0021075b652b485f9a1e94c73fa937197843cf35fca6c8
SSDEEP

6144:Wxg8rk5gWGQ222H2W2eDD75fnbEGme7vv0ZmW9gu+I89/7XjeQ2in2q41fct3LkL:W1rzWvCHUedfnbNpT04W5+I8Zzl2q6f

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 852	2488	rundll32.exe	31
PID 2488 wrote to memory of 852	2488	rundll32.exe	31
PID 2488 wrote to memory of 852	2488	rundll32.exe	31
PID 2488 wrote to memory of 852	2488	rundll32.exe	31
PID 2488 wrote to memory of 852	2488	rundll32.exe	31
PID 2488 wrote to memory of 852	2488	rundll32.exe	31
PID 2488 wrote to memory of 852	2488	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29f8bbb7a0c6f11dc69ae165ba2f19c4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29f8bbb7a0c6f11dc69ae165ba2f19c4_JaffaCakes118.dll,#1
  2⤵
  PID:852

memory/852-1-0x00000000007D0000-0x0000000000810000-memory.dmp

Filesize
256KB

Download
memory/852-0-0x00000000007D0000-0x0000000000810000-memory.dmp

Filesize
256KB

Download
memory/852-2-0x0000000010000000-0x000000001005F000-memory.dmp

Filesize
380KB

Download