3532884ce8691047c0b70a2227c47396bf0d223426fe37ec0a678f6e72557675

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 08:57

Target

2bbc18b60e4a77823fe5d908ea5f467c_JaffaCakes118.dll
Size

42KB
MD5

2bbc18b60e4a77823fe5d908ea5f467c
SHA1

38529305a65febe6721f99a8faa82ca1a0ffa18e
SHA256

3532884ce8691047c0b70a2227c47396bf0d223426fe37ec0a678f6e72557675
SHA512

7dc1e616a31f8a9776eb1b48e45b0fc445d7cbe3382a9b2a4e9b81d6c0ce7e28df6ce3108a976c8134f7da2c9712ead0730b66400cb5c6c8708018e3df16ee43
SSDEEP

768:H60EIJO6nCUhTV8y4ayT2IPoH/tidOBgf88BLArpcnXyFMO1o9Iv:NXC6vyPPEVrBw8sgciFjo2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 1724	656	rundll32.exe	30
PID 656 wrote to memory of 1724	656	rundll32.exe	30
PID 656 wrote to memory of 1724	656	rundll32.exe	30
PID 656 wrote to memory of 1724	656	rundll32.exe	30
PID 656 wrote to memory of 1724	656	rundll32.exe	30
PID 656 wrote to memory of 1724	656	rundll32.exe	30
PID 656 wrote to memory of 1724	656	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bbc18b60e4a77823fe5d908ea5f467c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bbc18b60e4a77823fe5d908ea5f467c_JaffaCakes118.dll,#1
  2⤵
  PID:1724

memory/1724-0-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1724-1-0x0000000002040000-0x0000000002116000-memory.dmp

Filesize
856KB

Download