b9be6ac62eae7f58e232954ca018a9733108f3d14f35e0fe7a86b027b6ec6c42

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 13:37

Target

3097fd9e41c656bc3ddd9cf1d1c09978_JaffaCakes118.dll
Size

307KB
MD5

3097fd9e41c656bc3ddd9cf1d1c09978
SHA1

be3bdef1886878460435b422a47c3a3e5ecdcb26
SHA256

b9be6ac62eae7f58e232954ca018a9733108f3d14f35e0fe7a86b027b6ec6c42
SHA512

e32125aa46d49272b53ac3784cd957427653cb45f161b75a016654ab17471858981ced79303386853f8b36d66843e662920671356ed92c7479436b6fe97b80af
SSDEEP

6144:xkxjhgCE+qqAqKmv7RtJ0Ybgjdb9e4DUysEAzUXSRHaOZHLuHctkFExaiSLn3:2x6B+xjRtqYbgp9n7zAzDRpHC8FaZ3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2120	2480	rundll32.exe	31
PID 2480 wrote to memory of 2120	2480	rundll32.exe	31
PID 2480 wrote to memory of 2120	2480	rundll32.exe	31
PID 2480 wrote to memory of 2120	2480	rundll32.exe	31
PID 2480 wrote to memory of 2120	2480	rundll32.exe	31
PID 2480 wrote to memory of 2120	2480	rundll32.exe	31
PID 2480 wrote to memory of 2120	2480	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3097fd9e41c656bc3ddd9cf1d1c09978_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3097fd9e41c656bc3ddd9cf1d1c09978_JaffaCakes118.dll,#1
  2⤵
  PID:2120

memory/2120-4-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/2120-3-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2120-2-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2120-1-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2120-0-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download