fbf597174381687395f83ad57a9ce1e0e7da2b1b6b2806b684ab3b08aa740fcf

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 21:12

Target

366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll
Size

86KB
MD5

366685879fdd00a325ac95a67839a51e
SHA1

e93b4b37085ca724b868d4e56205ec6493de086f
SHA256

fbf597174381687395f83ad57a9ce1e0e7da2b1b6b2806b684ab3b08aa740fcf
SHA512

70dab15401e873352b9d95223594427bca9050f256087f8fb15032578e037fb1f446714f87f23c6ce4333c9fad7cbc70dae2239614dccfb705b5b0d715cceb55
SSDEEP

1536:bq+dX5z9lhsRbarmsapZyWK+0IStWJ+xruajIDUsL+JjiHq0VaO1FsPRFDmu+Tx:bbdRhsRwmsmB4tCailUsLHq0VaODQW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3004 wrote to memory of 112	3004	rundll32.exe	rundll32.exe
PID 3004 wrote to memory of 112	3004	rundll32.exe	rundll32.exe
PID 3004 wrote to memory of 112	3004	rundll32.exe	rundll32.exe
PID 3004 wrote to memory of 112	3004	rundll32.exe	rundll32.exe
PID 3004 wrote to memory of 112	3004	rundll32.exe	rundll32.exe
PID 3004 wrote to memory of 112	3004	rundll32.exe	rundll32.exe
PID 3004 wrote to memory of 112	3004	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3004

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\366685879fdd00a325ac95a67839a51e_JaffaCakes118.dll,#1
2⤵
PID:112

memory/112-2-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/112-3-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/112-1-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/112-0-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download