575a286a2ca476803b7f09395fa106645bcd29de4071c763396915c4e16f58b7

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 14:29

Target

351d15cd66c20a76a3f2fe6c6fdc67d2_JaffaCakes118.dll
Size

9KB
MD5

351d15cd66c20a76a3f2fe6c6fdc67d2
SHA1

79cf1a724735b53fb34b80af3bdf43510bf466b5
SHA256

575a286a2ca476803b7f09395fa106645bcd29de4071c763396915c4e16f58b7
SHA512

6c59560291ff9cd039f33844c71d4169a6e08a4573e6ea970cef16ae9ae229b9fc85cc2319e30d518fc09e3a4a061b28888780c87fec1a6ae19b065c3226b5e6
SSDEEP

96:q1V7dR7uwEU+hCT3GrxZ4MUtPNlz0MdG8EWvdM3IWwG34b:kuwEt8rsTUtPLzKNWSYWF4b

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 3036	3028	rundll32.exe	30
PID 3028 wrote to memory of 3036	3028	rundll32.exe	30
PID 3028 wrote to memory of 3036	3028	rundll32.exe	30
PID 3028 wrote to memory of 3036	3028	rundll32.exe	30
PID 3028 wrote to memory of 3036	3028	rundll32.exe	30
PID 3028 wrote to memory of 3036	3028	rundll32.exe	30
PID 3028 wrote to memory of 3036	3028	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\351d15cd66c20a76a3f2fe6c6fdc67d2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\351d15cd66c20a76a3f2fe6c6fdc67d2_JaffaCakes118.dll,#1
  2⤵
  PID:3036

memory/3036-0-0x0000000076F90000-0x0000000076F97000-memory.dmp

Filesize
28KB

Download