3c2d5c83d02b85f21eedf03d6ecefa2196174d58bc0173823966cf778559997d

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 14:57

Target

2cc6ca004ffd0a2f723e4416c6957401_JaffaCakes118.dll
Size

146KB
MD5

2cc6ca004ffd0a2f723e4416c6957401
SHA1

c9406efe394364ccce3c4650389b4a200d535f6a
SHA256

3c2d5c83d02b85f21eedf03d6ecefa2196174d58bc0173823966cf778559997d
SHA512

187bd6c37b3615b31a5f108bd3c743f49384ef738746dfcb785e9886fd6e673d8bcda7b276c38a56df79c776f69131f1e0ffc3bb5429ce4b613d9e42375f2665
SSDEEP

3072:ojbgMfoyNagtD7ENIVF7ztJvIvdPHqhZP8W+JJP0VO1hyEY0KEqA5V49RzKdhJDJ:ojrfNv7HNmua

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 1320	1904	rundll32.exe	30
PID 1904 wrote to memory of 1320	1904	rundll32.exe	30
PID 1904 wrote to memory of 1320	1904	rundll32.exe	30
PID 1904 wrote to memory of 1320	1904	rundll32.exe	30
PID 1904 wrote to memory of 1320	1904	rundll32.exe	30
PID 1904 wrote to memory of 1320	1904	rundll32.exe	30
PID 1904 wrote to memory of 1320	1904	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc6ca004ffd0a2f723e4416c6957401_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc6ca004ffd0a2f723e4416c6957401_JaffaCakes118.dll,#1
  2⤵
  PID:1320

memory/1320-1-0x00000000000D0000-0x00000000000DA000-memory.dmp

Filesize
40KB

Download
memory/1320-6-0x0000000010016000-0x000000001001F000-memory.dmp

Filesize
36KB

Download
memory/1320-5-0x00000000000D0000-0x00000000000DA000-memory.dmp

Filesize
40KB

Download
memory/1320-0-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download
memory/1320-7-0x00000000000D0000-0x00000000000DA000-memory.dmp

Filesize
40KB

Download