f62da45defd4281c0cd2c722385a3fb59871757f44a0ecd688800f97f1e865ef

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 10:04

Target

2beb2f3e45e8fa0182e37bcc4ef46853_JaffaCakes118.dll
Size

362KB
MD5

2beb2f3e45e8fa0182e37bcc4ef46853
SHA1

7e003572aea666c4cf594af3d65cd11f2e5bd2ad
SHA256

f62da45defd4281c0cd2c722385a3fb59871757f44a0ecd688800f97f1e865ef
SHA512

931204ff05c4b445763be17e74f57a65ca0d3b53e40e5b084d51c2593e3b4def9514e445b48aaf08d091585c633d87b29fec741541df355e18d9e3a96065700d
SSDEEP

6144:3grE9LvUyOo6Lzjw2FREYx6LHjuBDFCuTMQ2OTnTY0q/d4VgCOUB0:3rPOh391V2GYtGgZM0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2beb2f3e45e8fa0182e37bcc4ef46853_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2beb2f3e45e8fa0182e37bcc4ef46853_JaffaCakes118.dll,#1
  2⤵
  PID:3044

memory/3044-1-0x0000000000180000-0x00000000001C0000-memory.dmp

Filesize
256KB

Download
memory/3044-0-0x0000000000180000-0x00000000001C0000-memory.dmp

Filesize
256KB

Download
memory/3044-2-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download