9e36ec053f8451e4c23e8cff64cf0dde295bc8ac4127161782bb533f96356c44

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 20:04

Target

31c9db44c5433581832a329875bae52a_JaffaCakes118.dll
Size

825KB
MD5

31c9db44c5433581832a329875bae52a
SHA1

844323144d76d8c3657c46af95f0bb41140243cd
SHA256

9e36ec053f8451e4c23e8cff64cf0dde295bc8ac4127161782bb533f96356c44
SHA512

8f1eced60e34157f8f6f4e6e437dd5adfec15592c463f21a02893d643dafccd29e1eaafbe9a45b8fa7bc2126840a5ad6998b92db61a88b13a1dcb82712d76894
SSDEEP

24576:FiZqF3mHwv8EUAVl+Sx+dAysJhwMntn+yFTE:FZWHHAz+Sx+WysjwCgOw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2120	2972	rundll32.exe	31
PID 2972 wrote to memory of 2120	2972	rundll32.exe	31
PID 2972 wrote to memory of 2120	2972	rundll32.exe	31
PID 2972 wrote to memory of 2120	2972	rundll32.exe	31
PID 2972 wrote to memory of 2120	2972	rundll32.exe	31
PID 2972 wrote to memory of 2120	2972	rundll32.exe	31
PID 2972 wrote to memory of 2120	2972	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\31c9db44c5433581832a329875bae52a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\31c9db44c5433581832a329875bae52a_JaffaCakes118.dll,#1
  2⤵
  PID:2120

memory/2120-0-0x0000000020000000-0x000000002006C000-memory.dmp

Filesize
432KB

Download