d5ddac425c347f973e7011aae77e122aa37d9f939ff33a5176279e5e5f8d9ece

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 19:43

Target

2d974ebe73199e78a2a2e0f786c89263_JaffaCakes118.dll
Size

30KB
MD5

2d974ebe73199e78a2a2e0f786c89263
SHA1

5402fe964d06b3ad0cdbee7887705c9be02e76a0
SHA256

d5ddac425c347f973e7011aae77e122aa37d9f939ff33a5176279e5e5f8d9ece
SHA512

d4a016848877fa1f4357f7738566b2be3ee19577f077b5c19b65d7ac80868e83b7673f0741b26ebfa24a82235e3a84892ef165780cabee5628000be212ebc988
SSDEEP

768:WxGPg7jFn3qpMaL7jxD4ltFPnAvpNEqqQtnaCIlp:Wkg7jF3qPPjxD4VPAvpNEqq+Jk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2664	2240	rundll32.exe	30
PID 2240 wrote to memory of 2664	2240	rundll32.exe	30
PID 2240 wrote to memory of 2664	2240	rundll32.exe	30
PID 2240 wrote to memory of 2664	2240	rundll32.exe	30
PID 2240 wrote to memory of 2664	2240	rundll32.exe	30
PID 2240 wrote to memory of 2664	2240	rundll32.exe	30
PID 2240 wrote to memory of 2664	2240	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d974ebe73199e78a2a2e0f786c89263_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d974ebe73199e78a2a2e0f786c89263_JaffaCakes118.dll,#1
  2⤵
  PID:2664

memory/2664-2-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2664-3-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2664-1-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2664-0-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download