76ef606785a6587002906c512bb77f351c188f30029e9b6de31aac2230494519

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 20:53

Target

3656552a7b9adfe0f82b3b43f0aff0ef_JaffaCakes118.dll
Size

19KB
MD5

3656552a7b9adfe0f82b3b43f0aff0ef
SHA1

4201bf3657dff7dce2791c4b756eb261e21b6358
SHA256

76ef606785a6587002906c512bb77f351c188f30029e9b6de31aac2230494519
SHA512

8c948058bc0992fd1574707e91267c098325396553bc75753d9bbff87130ec4eb944ba16fcd6f5eef4a3d5116ae647b993fbec03201aabe4477b8d0ff4ddca62
SSDEEP

384:q+l+Or0w7Fn9Kj+RgeGcmrMpHAfAHOoBnULd4:rl+/y9rmcmMAfFgAd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2340	1724	rundll32.exe	30
PID 1724 wrote to memory of 2340	1724	rundll32.exe	30
PID 1724 wrote to memory of 2340	1724	rundll32.exe	30
PID 1724 wrote to memory of 2340	1724	rundll32.exe	30
PID 1724 wrote to memory of 2340	1724	rundll32.exe	30
PID 1724 wrote to memory of 2340	1724	rundll32.exe	30
PID 1724 wrote to memory of 2340	1724	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3656552a7b9adfe0f82b3b43f0aff0ef_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3656552a7b9adfe0f82b3b43f0aff0ef_JaffaCakes118.dll,#1
  2⤵
  PID:2340

memory/2340-0-0x0000000010001000-0x0000000010003000-memory.dmp

Filesize
8KB

Download