b3f0164cf8d2ac1684ccd3898ed69d6423836998f5d1eaf826899374720f1e95

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 22:57

Target

3252b82fa108f21ae69a233aa04a8352_JaffaCakes118.dll
Size

28KB
MD5

3252b82fa108f21ae69a233aa04a8352
SHA1

5d491f83a5bbd95c7ecec9c3128e5ecd8a38183d
SHA256

b3f0164cf8d2ac1684ccd3898ed69d6423836998f5d1eaf826899374720f1e95
SHA512

16de18df639ffc3f8376b9c2a7389202cdefa56d51920d78a30db5f98c6fab2ce4b1a98c3d0eff1c4c3d661afbbf569ff201f9ff42d1ff7ee5a82bad549c83d8
SSDEEP

384:ctyuzCkzySFy8BTTVhOFf9nQWAOAYoEMOcbswmIgvQkCznlEzAz9u8AsQ:sM8BTTVhgJQSoEjz8lN9u

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2464	1824	rundll32.exe	30
PID 1824 wrote to memory of 2464	1824	rundll32.exe	30
PID 1824 wrote to memory of 2464	1824	rundll32.exe	30
PID 1824 wrote to memory of 2464	1824	rundll32.exe	30
PID 1824 wrote to memory of 2464	1824	rundll32.exe	30
PID 1824 wrote to memory of 2464	1824	rundll32.exe	30
PID 1824 wrote to memory of 2464	1824	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3252b82fa108f21ae69a233aa04a8352_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3252b82fa108f21ae69a233aa04a8352_JaffaCakes118.dll,#1
  2⤵
  PID:2464

memory/2464-0-0x00000000001C0000-0x00000000001CD000-memory.dmp

Filesize
52KB

Download
memory/2464-1-0x00000000001C0000-0x00000000001CD000-memory.dmp

Filesize
52KB

Download
memory/2464-6-0x00000000001C0000-0x00000000001CD000-memory.dmp

Filesize
52KB

Download