3e29e8aac6d91784a504f587729deca0c68aba3565f0e0732e01eabe06f3c4b1

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 18:47

Target

35f17bff472770829a9c887e755b873c_JaffaCakes118.dll
Size

783KB
MD5

35f17bff472770829a9c887e755b873c
SHA1

6aa4e84319d1c244dd1ed31b2ef72c5b99664271
SHA256

3e29e8aac6d91784a504f587729deca0c68aba3565f0e0732e01eabe06f3c4b1
SHA512

4bf4c2c4b38527a4feeff163bdc82675244f5b0eec1b39bd928862c8fd30ef9129e6fc70005f1020dade18cda13002cf8a69a8d32db0fb5a2b444850f6e810fb
SSDEEP

12288:1pix6X9+b7Kvn+u+3Vut8vSVc0dvsIaBMnWGCbFh6j:fYrb7KP8kWsvsI+6eRm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 2660	1196	rundll32.exe	30
PID 1196 wrote to memory of 2660	1196	rundll32.exe	30
PID 1196 wrote to memory of 2660	1196	rundll32.exe	30
PID 1196 wrote to memory of 2660	1196	rundll32.exe	30
PID 1196 wrote to memory of 2660	1196	rundll32.exe	30
PID 1196 wrote to memory of 2660	1196	rundll32.exe	30
PID 1196 wrote to memory of 2660	1196	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35f17bff472770829a9c887e755b873c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35f17bff472770829a9c887e755b873c_JaffaCakes118.dll,#1
  2⤵
  PID:2660

memory/2660-0-0x0000000000300000-0x00000000003CB000-memory.dmp

Filesize
812KB

Download