9d8982e459bdeaa0e8f305c8b10f5f89e1aaa90eedadf89f9be8587cc3e569c7

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 05:08

Target

2f15e24af4fa44b19ec1b78aead93839_JaffaCakes118.dll
Size

101KB
MD5

2f15e24af4fa44b19ec1b78aead93839
SHA1

33f23b475d509f2a9f7056698a7c261b229cb23c
SHA256

9d8982e459bdeaa0e8f305c8b10f5f89e1aaa90eedadf89f9be8587cc3e569c7
SHA512

c044b14f95d512ed9c80a1f0b3dc6fa6cda655de18fc328124d71726d2ba1ebc5c5468bd1240939b67acf27d4e94532ecd3f59d9ec7af128b072c11747702041
SSDEEP

1536:Nh1fL15Vx2G5bCgsSe93YsrD3fE9dFwQDvAhwBXwYw/jVb4w3NF:Nh53p5NI93YYPE9dnTPraZPF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2888	2872	rundll32.exe	30
PID 2872 wrote to memory of 2888	2872	rundll32.exe	30
PID 2872 wrote to memory of 2888	2872	rundll32.exe	30
PID 2872 wrote to memory of 2888	2872	rundll32.exe	30
PID 2872 wrote to memory of 2888	2872	rundll32.exe	30
PID 2872 wrote to memory of 2888	2872	rundll32.exe	30
PID 2872 wrote to memory of 2888	2872	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f15e24af4fa44b19ec1b78aead93839_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f15e24af4fa44b19ec1b78aead93839_JaffaCakes118.dll,#1
  2⤵
  PID:2888

memory/2888-3-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2888-2-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2888-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2888-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download